xenorat | acf6b4e5100ebd3921ea434dfb8e6fe93c3933390ec960a18670120d6732125b

Analysis

max time kernel
629s
max time network
537s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

System32.exe
Size

45KB
MD5

896081ff179580794b2e56d763e60e5a
SHA1

97dca39b6a660e9e1285b401456576fdd0998710
SHA256

acf6b4e5100ebd3921ea434dfb8e6fe93c3933390ec960a18670120d6732125b
SHA512

48809ea72174b61a8b6ee24c61a42257e60ac10980098c3fbad45cab00eb96065662bd57425f6dbd2f561f30ab88395f4cb568a7fdc62645824ed1de403a145e
SSDEEP

768:MdhO/poiiUcjlJIndfH9Xqk5nWEZ5SbTDatuI7CPW5S:Gw+jjgnVH9XqcnW85SbTwuIK

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

127.0.0.1

Mutex

System32

Attributes

delay
5000
install_path
temp
port
4444
startup_name
System32

Signatures

Detect XenoRat Payload 2 IoCs

resource	yara_rule
behavioral2/memory/1532-1-0x0000000000940000-0x0000000000952000-memory.dmp	family_xenorat
behavioral2/files/0x0008000000023c80-6.dat	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	System32.exe

Executes dropped EXE 1 IoCs

pid	Process
536	System32.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	System32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	System32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1460	NETSTAT.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133785047303808825"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2244	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 536	1532	System32.exe	83
PID 1532 wrote to memory of 536	1532	System32.exe	83
PID 1532 wrote to memory of 536	1532	System32.exe	83
PID 536 wrote to memory of 2244	536	System32.exe	85
PID 536 wrote to memory of 2244	536	System32.exe	85
PID 536 wrote to memory of 2244	536	System32.exe	85
PID 4532 wrote to memory of 1508	4532	chrome.exe	102
PID 4532 wrote to memory of 1508	4532	chrome.exe	102
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 4184	4532	chrome.exe	103
PID 4532 wrote to memory of 1956	4532	chrome.exe	104
PID 4532 wrote to memory of 1956	4532	chrome.exe	104
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105
PID 4532 wrote to memory of 4284	4532	chrome.exe	105

C:\Users\Admin\AppData\Local\Temp\System32.exe
"C:\Users\Admin\AppData\Local\Temp\System32.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Users\Admin\AppData\Local\Temp\XenoManager\System32.exe
  "C:\Users\Admin\AppData\Local\Temp\XenoManager\System32.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "System32" /XML "C:\Users\Admin\AppData\Local\Temp\tmp950C.tmp" /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:2244

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb7581cc40,0x7ffb7581cc4c,0x7ffb7581cc58
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1196,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3312,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1584
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff71a9b4698,0x7ff71a9b46a4,0x7ff71a9b46b0
    3⤵
    - Drops file in Program Files directory
    PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4748,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3416,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5232,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3476,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3428,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5124,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4880,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3148,i,10924839357294754366,3413807155219282232,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3244

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:1236
- C:\Windows\system32\NETSTAT.EXE
  netstat -a
  2⤵
  - Gathers network information
  PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\643ca608-5921-4bef-a72c-2dd6806ec3cf.tmp

Filesize
9KB

MD5
4ecd44c0ab849e31bcf6cf90eedb0f36

SHA1
a243cfaf3a4d1fb14f4475e657c474dc773110c8

SHA256
d2559add94c5d5d4cbe4fc5be8a385bf41a5f1622f2c50ae4f2f6caf732047c2

SHA512
8afda1759d2fca767de851764a80174d9c8c84b875b5833b04217f59ab4afc73150f3846d5c381292152a1d17dd69b98195c65e36e5b3fa4b7fbefbb5097744e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\70e290d3-9fc9-4b6b-ae6b-4e44056480b3.tmp

Filesize
9KB

MD5
ba31bc2ee31d02e763453cd78fc36226

SHA1
b79454349cde62f9c186f647513a5b00352471db

SHA256
99869eadd637c37c5a9bae246ff836f2096c2b03c9fecb8fa1d8bf95edfa27c3

SHA512
9fc73c5857e040411bd3ec119f428d8fc2f0d11d3221976560517a7d3450eea995d3717cc6e5f809a57ecb2fa273ce144cc967533347a086b47f837d02e80085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
49c846f5a9a6593474247dd18d990d82

SHA1
12c209bea3c561287276141ce791f2433fddb605

SHA256
0f3e373a8b6e4a297f7b70116a21c5a6f355bb1d73ec8d40d68dc6d238d79d4f

SHA512
5574b48a5bd930fd96a7b384839fd4fd5341b0679c51e595d9d8755cb60acb5c0f4aba54fb723929a01c7dda98a417a597b3dc6f7781cd1f8405b4d2fa3d4943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0b6c01c3300bd377_0

Filesize
383KB

MD5
a77ac978e1b719a9ad2feb95be4f3381

SHA1
2641295a19f4b46e8f403fbafde694a95a17bed7

SHA256
cb541d959f91d9dc4ad22a54018789fc2c7e6c3d6cd39b51c0e7eb4a5e3feeda

SHA512
ba923fa393c2b34dfdcfd3a3fadbf1b9965eb17f538415d3cc65fbd385581f5a385987206052dd20d1c351b02fd1ac1527f7d999c7613794ab2ab26b11590d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3545a9e694a7a24c_0

Filesize
289B

MD5
10f8cb9714e649573262345c14f627cf

SHA1
1190453a0d11c2fbc499b13006d9eb73589e9db7

SHA256
e7fac8d9b811d4b07ddd1c4652c4108ffe8b7a83ed4f1bae0cc7928e8d0ea7bc

SHA512
57165b716267c897abb9799e6738addcdea1afa2e430b5e538c96bb24b27fb4c66fe167d6e05f9b2a2c6cd40130f294fd913af0e35db799583531930b7915755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\71d76fa3fe9c02ef_0

Filesize
280B

MD5
c84cdfe42cc41cbe03298d124c682c98

SHA1
b156d21689748f971e5e2555f6ab1b2881862457

SHA256
c2632d6dbe47e825679ed47089ad0903f8585118fd71b6e518fc530b609f81b3

SHA512
9d822f9f7c91c21574b56b0cb301d227f390fe9951c5f33d6c6fdde572a974c812a816809a3aac65435c49031add069fab09ce37bec95509cd8e9f0227bafe0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8d3e7917e1f69ea9_0

Filesize
19KB

MD5
7429ed7b12f307b71bcd5b7fc9f13cfb

SHA1
bd48fc36a0e49dc88a34cfabd1d9c73e67e8c906

SHA256
a72db54e311bba826e86e4a6b1d248cd60cee3e689e6067c60883b96dd2e401c

SHA512
f0a0e948e1324e3dd1fc200d70b40d1406f783867115e2ce7727430606f2052699731809f0c24cb91aeb4c43ef0583a71e4d76ad610d0ace828387352d56bd39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a794a149cfcf9bbb1093682ad63f6c8d

SHA1
d49ef5824a21f4d025c88525cb8519906e133254

SHA256
bae3130d023454fbfec5f100508a4faf94de45e9508ac19c89ff2d2495782268

SHA512
38438dc3d34d0d7364f3028a65f7462512ee688a21c76c5159d97dd7252ae073c1a978214a35d26c6d44e4ce96c4a60ff149e0dc359c1fbbb09de7915f6b8aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2538265696d5f6ac3d450b408bd3ac02

SHA1
5637e39d92d6e9427869ab6b0ef6dbb90e30ea9c

SHA256
93c4bc5df6d95a7d1f2ffcfe8a737b763263b1b752eb1e82e49ec493824c2cd7

SHA512
fd4084046fdf6dd2052c65f824a66323f620f5d5553a6cd8c7d055f1e9b672112fa524a103ad2b6ab6e33310f0121d99e0a6c4abb9a65ec52d4516736c89ff4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1cd67f1b2a31724b065694a9e00a4275

SHA1
20ce258d65d390ce8ab9cd194222d254a87fe369

SHA256
7c65205f522568bce14802863146f5a86146e68e4b6f0e142a2e89d6167341d7

SHA512
9828b209f2ae638222e3618cb58c597bf8856f07acc4fb377bbb087669fed464158db070b478276a3c108c0e7d73dbc7f92fbf1a3109446c861ee106204485d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
67a7c2a4f76cd65d47a861eba89b6d2d

SHA1
f1d4fc69b679214b74d58285800613f8c0043838

SHA256
6808665116fe4b5d2230a9205bd1bd53d1bb98fdac5f4329351660f851e8e942

SHA512
5ed7d9fda966e739f5b3f9093d6ac7dd7df11977445a86422847529ba1f69994909370c62d7de3cbe62d1f4a18ec2f48b07aac25b9176cbb50f353c19daf27ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a97b73f243814cdd91a3317ef5528792

SHA1
fb8210ab81854b9dcd0adc1216bfd975b0c90344

SHA256
04b483729cd400aac1b8b59c714328876ce0db0b05d4bec362614ac356ad1d31

SHA512
3aa9a46984e869ca4a8cb671d03d9b8ac8ec88a974d8b5698d4f04ddb452020a7e9ed3243b3ff15216383cf3db3160659b16bb751d344cc3163839eb560240d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1019a80fa5fa6d07fa513c88435776b6

SHA1
17775978710c5247d26c92e70c4b64015b544387

SHA256
ec6dc677c0d1158263603d71258874393bf66554e974192def1c3f74e9901540

SHA512
6785abf905e15720b7c0d6bb2eb4fa9d739674cf0d34857296e64690b080c8da781b011e379709ad1cb0a05b15544afb5f005ab670a49073ad7e2cb18ca48891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2590ddd28778a9e6e0cac675a3370c21

SHA1
fd974bda0dbea232b3a1f4eb91b854d70bd8562b

SHA256
4f4bcfa1abcb113c8dfe4cb293bf5def53b64faefee55d89e29164339be93654

SHA512
4fbfa19803e829c29fde4c00889a8bb4f0eebaecf2e4b3791842e033ae2d37e7c39155e61a668567163932e256a442213cf42b93b63b821e9a3abd46549109ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5c766429f73c6455fb9351874bd14da4

SHA1
4481a13cfe779c4f36f39f577d99ed095a1dc38d

SHA256
e13217162345adc49f2df6b774dfcbcd94848c756194703310e3b4d6a25aac33

SHA512
a0c2940922a86c829d05ed28cc8620afa05ce2b06b3a2d71cf6876eefd8888c6851709d5e357754eca96a00c01bf7805ecb338c4fb3b9b86e995262b4856e416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
fc58dfa8800ab97e2d2fb32d31f70e56

SHA1
63b34d26616e23429d865d98e59d88400696c25b

SHA256
8157f729fb948cb06c34753067712607b1ab6702dc33db47291442802a8d0191

SHA512
8f607ce9a378eadc8da97bfcb440d5a180abf2482586389b4f0d0471ad43027bd8a493dbe36aae94d932d390d3b9160e3df01bc241015ec5c68d5354ef068490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5da3d381bc4cf74b37222e4c36444fb0

SHA1
4b9ef40a32c6a2e0a4fe25a98533c0c9182222ad

SHA256
9797976be536f2047f1fa89de34e1ae24e9f201193e4468c6078633dfad9701e

SHA512
7973c36286fe27d67363ca9c52ae3c3f0e4ea3b14d2bfbf9c77692d705b1807f2482c4600b25c92f13e483f4bc9714700ecce2d72cee4692d1c8b1624cd01868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7eecd519852d9f33d021b26b384f6ab7

SHA1
0d7c14f5bd4326245b61b692c6908d2eebad4bd8

SHA256
785bad7b9f32775f3094f48054265da2dea707ab44bfc31c5d718601d98609e7

SHA512
c9070c93f8222ba80eabfe7b450337f1736465e8e1d1a9554982bef564b9dacc22cd3f2748dc1e192dc586572666c14c298c23053ba2e3d2b34c2edaf2137693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd2deb8781248ce6e3d07e8f229ce721

SHA1
b0b61a8bb4ecd63a84fd137f2e9ef72508940f43

SHA256
3b3ddde0b10722004585e1da7f5dd0801fe67403231217b244cc1c771d29bbd2

SHA512
542f42340aeb566acd4fcb5687a187d06bac0bfea4766bc3e7675fb0c3fb4cbe26686090a99d99fce14f0b2db89ed8f66758fa715cc400d4c2fdc90786fd31e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3e8e81c25d851e82ecb6774c0018daf

SHA1
6376be0402d6bc90e02e0acc134a62b977597927

SHA256
158dbf8309d2cc35a215074289506f29929935222dd5856a5a0da5532a3f51cc

SHA512
b22bc47fb120a2e1eafab616fbd994b2168b0d5d3320ed6db0ca42088c87ddd95afd88bbd9ac6e50f49e1060b864a8d10fe26ad718f77f53b837a6d266edf611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c368f780cf916d7fb15c1ee9edd8ddc5

SHA1
e19c744818fa6eb7debadd82a45643fb385003f2

SHA256
9a4218e99bb6dd1375b82e3b61194e2613a391173a5f473b6194930315877a1b

SHA512
d7c5f72defbfc38570a8cec95a029a318afc6bbddd4f0779e45c9bbff139bb4e3ec194c5d092e0d35bafd24bd2dde63a6b58bc584312e7c9d0070b02b7abbf89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44c20c63b18fe97cda9fee4475698df7

SHA1
09496cb8be835be18d4f35e94040ac27bdabf161

SHA256
b71d77fd0b32af7759a5ceaa70f1b928d713d68b5fa9627a9af1c3f9098ceb95

SHA512
dc36d376d6637397fd54fe3a270f4594924536562b37330ace644c2dbe3deb7cd7fb0b3ac843b602987f56e8d073c1e022f917bcc9c4b2a4af6c422e3614fed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
354d303df25439467ab714b8534a6be1

SHA1
5df0a8c25d52781a88cbecfb5b105c7553540f1c

SHA256
64be8c5191ce390ca661169fc3a8996f1b5c89dae2b5faf6ad3f0a842bc28489

SHA512
b67b7eb7acda5082f8c8c417770bb5d50e4a05512c29dfa5cc526ad3af154d5336e85067e0b0c61937209898c8a2764e6921e1e9fb35829d09c5d0d7e8193b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
164dcecf77237bd55250b93c385b163e

SHA1
698d996ce73ced0ee43323cd196126f55bf75b66

SHA256
e1949b3c2cbb0a417fddfd6dcf4ea06830ad2e060414062282237f081c12b1a3

SHA512
37b0f2f42a1645c1e1247c1575f9fc2d0d85133b8443c5031da65ae46461a3e9f3fd9a111310fc916fe858af78df0c573d07f31ea9dd6a182797e80e73dea499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
764431b9612ab89766ebf03d673addde

SHA1
55ae483ca4d76c0bbb98f3aa67c565bdef024d32

SHA256
7ddbc5a7d51294ee0906db635c54c92a6c6396f46eaf9a7ea00ee3c50586e3a7

SHA512
c568f2bf25827aab4961b4dc8a171dc310a6eeea28a858c525883ab6aa5b95d946257280953b90d244b8975c9c71cf5185e67d816416a131b22cc42cfe2e0bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be1d06ab3806778f4742348ecdff79ea

SHA1
b83c181557b0712cd6ab8aba0995e65b61b5ebc7

SHA256
113eff4e4ce439b77d84d71f8563917a72db270ad52cbdf0794d5d2b3cd7dab0

SHA512
1673aade9bbddd9d9bf455c44330ef133955c22ec680c5c29765bfcf3ecb33b234cd36610c5e85088dff379dc27ad7dc094f0ab82bea48eb55211e33737adc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e3ffe3a1e798bb3031b04f039128138

SHA1
dd0750166e6112bf9b151345a47082ec3c6f1a62

SHA256
78d258731926b00c98b00b6209fb6c8361aa49255028a51b67a945d82e1654f1

SHA512
a5fcbba73770b9d04b6b3566306bc9eca1930764ff006b292829a97d10af2e41eaa791ff8640e4281749791c959ce6cb1848c75a6482514b05d410e61c93f7d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e49824688df4bad68e4cd130392d74d

SHA1
6100b33b7c5efd2568ea9a465c2e78fa0742d464

SHA256
45cdd3e160eef361fdb8232d616334a6882290cee7d7915dd845340ef15d36b9

SHA512
1a45c4431a232c39573c9a5253a05a3b0a1c70736e6bafac3dd4ad7c8814791eb92ab9896b98bc0ee4a8e86d5dc6b9d979f6bbc5444fd805f6e5e38701e16611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ba97a2ce65bebbdf301a308724b2664

SHA1
7fd9142068af7a5e32aad91ee46de012e541753b

SHA256
17392b57ff5857a76cf6753563b7ae6070d54651151c18de35a11f30fecc87bb

SHA512
c7f1e987fc74d914562efc06da354e33b080f4a099e017d7659c2c6ae458a5f502f6bc5a19143452d8824f597b7c67ca4bec56c9c6691c936018ccc23dc8c746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed80c05f31e4442db8df195bf1b3bfc1

SHA1
4dc068474688f7087bf5ed8db0ab7640a4edc1d8

SHA256
2209ed49b6400f8ec2ea54bab9167dc7b55c3abb1674992256698187376233f4

SHA512
13078e956c19f70ce467a5bc8b0420f2a78fe2de07a0eb86169668925f7759ce4e90de8a0ec27f96ee9a5f811d96f88a3d03a1df112bacd9edf1020ba977a481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00bf4aec6dceb0b831c393ab9dd2c215

SHA1
e611e14e1dc17903c99671f1837902087447f079

SHA256
c1e200e8e9a46ea6649a6b4432413c32ba4a1ca86f53b78a4247ad8fc023da2b

SHA512
943998964ab2144eb3218a960cfde636e28e81099bb8ed8af218c81f428c2cac0839844afcc6c1f8669a1d66280dcc83f519f796578b355b8dddb33663e509c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f11e8ea4d18c1ffb9cbf51f5aa2a7bbd

SHA1
2756cc5faf8a592b7ca02d2b13e5ff4784f339b1

SHA256
a371d6d3287582c681fab9428bbc2ac64fe7eb456008b7a2936db65a32d19f2f

SHA512
442727e0c675a1edf43fb1279ebd3f05ad0462bcdd5abed71b988bb38342be4be6c0c2020c89bf13f380ce2db436d8f9a2c8c4863af0e22e52192f7888adad14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb794669541c37050bd90109ea63513b

SHA1
809fa7b7efa386bf07cc66f102307398a3bd1945

SHA256
7f837bfc8d80af09df6bc4268b4d76baa2e6dacd9945293a1e8e33d6a7968e54

SHA512
be5b42ee8ec47c610ba216adfa699fe7eeef71f17cbf2ab3dd2e1dd98df41572a2ca3095800457da89c47ecd4b70c418cb71d3338d7c9583d50d7651808d0db7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03a25c80b6c3759426bb41c3e5ab0b79

SHA1
be1e80d0713be7aa61c27b0a58f7aff0947ceb1c

SHA256
5c19c4eb3ed59f4905e5586e6426f448a21894efd82728283ab2e5aebc752ec1

SHA512
e58d7f6c5d91c0f69d5e376b6897dea6c2e9a0330dc6f64ed82bb6b6681d35fee0670471c833c04e33f3eb47b43247e77473215ddc730813ded66d1020489235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2dffd1ae0ff06dc1764e0c7d58ff2fb

SHA1
5888ccb8d0081a3b89833f62faa48f954e6041b2

SHA256
15b5cc9c51375c05c1b379fd198ae1d59f58b42a7b7c99ebd8331c6fafcddb95

SHA512
6e26a71f7c887a8220b616ff587e2ff21722977f6c16c269ff4718dd7eaf1ef661373e49f56564a159ed2d9b50f167978d7798103f371bf55e6e331a09237a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7604f5aa79198d9b90ed6cc1d0430397

SHA1
4578e0092d5e8fe2c7275a9535aaf16a7bf0f7b6

SHA256
1c65ef1f1a26230565f180cc69cff50ff979a40bd6567c96851b9f43ea130731

SHA512
c6393351938dc1ea80d90d176c38b35a084656bccb527d0250ad2a2bc312c2d8e33cbe493fdef57bec813ac3090fb314113c8c10a39df0a5601178a50ec6d27a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67589dd6b4ac76744580a68fef6f2926

SHA1
4d13caa66a4bf252f20081512a3b475eb4bcaa0f

SHA256
2dd056ce177e2005e3bafa419098db88e35758f41afb43d4a2b089a0014438ed

SHA512
734353da8cc27c2066c2c3f45accb05b76b90ceb2db1d01e346580d2ee2c17739b0a1d39c6da3a14e798c52fd5cf1319423eccef85d63f0b8de2feb64912a599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d8a71d1d3708b9cb838530c94032054

SHA1
7a4eb9137342e1e226d10ebe9acb379cc1f9f376

SHA256
072e37ed4f3fe91a20c68c1c758e2e571de4d83d3bba6f01e194cf943c35e558

SHA512
ab2c0d980c09b36181eaf72345b52bec825bfdb888d1a6ddd08ebf18e1b052373070724b570eac167810714408599b6e8b449d6e9639fab74f287b8bc4abbb1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2349b176116222ecc6104c1c0461a22

SHA1
cb9397b493d62db6ad11ae24a9454bac3bd8cad1

SHA256
784817ee028f68cb27cfb0b4a21d3ea370fa0e5d1d13f30900aa321b7058d4f9

SHA512
21a7761dedf4cc75c11a6b06708421723307231e0e97631f91b24ca2e6c2c2fa17deed26a3657089c4a614ca9c551656a01245ceea54ff93e6257d00d5c80d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa4caf0ff59e2d6ae423b942f43818f6

SHA1
f3d43ce2d49f2f538a8becef4d42f7734dcd9639

SHA256
fc2f0a7a78ac83727a12592f5bc8cae7afb9e0d8327b11048d2b6d9f8417096b

SHA512
5f066b3377ec91fcf7211353bafecd803e3ba19a13416fc50dacfad783bb35848d2e22d278650c907960ed421ded57b0586115a7d2ab71ac1ca35cfc284bce7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a843da3fa1671e713ae3ab6db3d7316

SHA1
cafc3536ae8924f4b298e9ef1c819a459d07baad

SHA256
1c67ec76771f38eb306aaf5ccf84021c42ea15aba29a5f3f03efcb049b22724f

SHA512
ce0e4feb25f7345c9e287d5febae1419e7575d79869727a633e902db76455f9e1365c2e810fdec5fc2469c6c778dd322a68e605913772838b4d55abd9888edb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a964976416176640407b0dc8e7ab3dc6

SHA1
ebddb2a32aeb554bc86ec7109d334724e8c18688

SHA256
25bcd100c3140ed2e3ec2df2322734983032a4616f169671294a9e1953587aa3

SHA512
b2f52870acfad4804ec16deaec521c44fa9294b8918776fe914ab6188d853c7d21f56dcaf366a95567bf6a079ddfdac29050284e30403d3eb18f8c7ff5162013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f5db5d95bce656d64d900a6c108cf82

SHA1
2aefb106a10fe33738c49512b2a4de5fdc5f24f0

SHA256
a4b6f8d0f03e68724741d20b7637afa37def70a1d24f499810e505fe36b387da

SHA512
2d7a33bdd258e6ceeab76e8a3ef452094ffc0db57ff3fb2a745cda866cfe202c630250b74d2ab85fc60ee44e48b5efc4ada7a558e8a79525ed320ce1c651ac61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
184ad653e11e619c339a3c61ad9f0c3f

SHA1
151c117ae88a64312535000bdb54d000cb0cc6f1

SHA256
1bfa36dae8701da4bd8e899983a841cbd699b65d195351c804f6c616c5b85ea1

SHA512
52b81c13d7d3d011007bdf221186a744e4869de2ab85c93d4494a5caa1e834cdd38a4b974351ca70d15f66f6c4126e6eeed0eae92450b0c7988224dbc22e010e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a00f055939b6813c91aac835e32dc41a

SHA1
06473d1a5e373ecf39141596d9b5c51748e8bd3f

SHA256
b088d2b35e87adae2c9d0411334222e90c2aa46caef507281b3c2c147503249e

SHA512
c11f83a6a0b3077f9a4de3435173e76fc41638ed6ffcd4a48ca0a6d493da7136cae3d8924af51219169f4e056c5ec92ae812a273c1ba2afb14b3a17fa30659bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ded99ea172c97ad8b2ca9d96a69e2b5a

SHA1
2f6bc7f7e79abeec77d114758a04f73881af4a84

SHA256
4bdef6dcfcbff74ad4002cb08cce256dfcd5491d88be019d25c8891babcb2275

SHA512
97028014a2ce233f986a7907b4f56eae030fe962483dead8be48ea2e174226cdbe6a872ed4901705de139db91ed0d0ef0247ab0d3e2a20d3862ca9d6dfa071e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12d6a179b5511cfadc5d4fcf39a2ddba

SHA1
32bd44a008f9b21a382b58084a6cc4776b935835

SHA256
49ef8daf55c21300236de165ff60a8bbbdce352345b31b0825607319b4fc7281

SHA512
5555704970d34a4ffbcaa8ce6c19a9cfc2befc307a289da3ec3cb194bde0233b8307a4cc9bd3b2e5cd6e0abbff7c223026c4eff97732cae7939d09b22da52254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2f03c3631a122470f9c828427f802a0

SHA1
7b4c51c4b923de66d898d75ca2830a219fcb607c

SHA256
0cf4f459175b8782281ff96553108ef8d7a55d8b7382db0ebd16c14b11989a63

SHA512
69caa303590721f24ae99d6093637bfc5974d67b82f657f6e8c991e4b54e204421031c699d5c0ab3dd242eab09b2818d5b3da20d7c1fa3cfe8f22dc3f78aac59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b3e6ba1d25d42535972a4737e4f60cfe

SHA1
b71e1074ea0413faac2ec9254c2476fa4b7e4f58

SHA256
0091c26cb015ba4b5f031dbb1b2d584761b208bbe49b64b51e9f24c4757d8241

SHA512
8059f77c5fd1acf993ee79665a5de386748999af45fa148404b77ae9198a81fde326215e1b9d8c08c9258d9737eff6bae5e74d4ffa225d4ed4d7b8414dcc8730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
801842f98dda1fd9de2a15659f71a30b

SHA1
21c57247ce19fc8b1ac0dc261d1bbaf68fee60e3

SHA256
85a44f6dec50a5d7ee30a510682f26a406095f9ec5eda12d48096c2402e901cf

SHA512
db0841189db25753f8169d3c7ac9a328e52b14432801f72b477e21d05ce764f07e7c6d23b5c31731bd8fe6404230c7711eafce04d8785d51694e2ae23468a412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e722af8dd4a5761ee9a41c3ce359bb89

SHA1
38a2a71064923946fb406c10ec1d0b9a0c0bb6ac

SHA256
59a2f33cb8b95ec5df1aab460de4399012354eee1798dbc235ad40d90b2fa58c

SHA512
6f61cb915846e49a84137933c7c07bf6de8afe56bc53c35c5160a1cc3c559247b021477322be0b5ba9218bb0b94d742313fea116f1b85896305f531f869be802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
af54c9bd121b87a12705cc7108c43cd4

SHA1
8f5f50ffde95d5309e754f41004b50dfdf3d03b5

SHA256
b1a67400fd9d0d8a3cea70fe45c84c7df2fa3e602256d566c3f02eca67f8e7cb

SHA512
886273143b7f2d702e8e1c355861cb5e20625827d68387baaf62a42425299c0c13e63d9b5a5252dad4aabe3b6f8b7d999e7dbdf2990a91e7e107c0272f0c5d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
bcc7a38ed5ad8f136d9b851e6a7bc315

SHA1
1ec9249885541395bde5c7536fe337e9be9e849f

SHA256
6375e14d366b841e153b1fde29abb712820a3bf188d53f4f890b7296c0c21e5f

SHA512
25e9b96e8855d4f15abf2168430444c49debb246f8339fad6dc143d75055386b3d98269eafeafc8010b975d6e5768053aee859b59c7bf5843992165ef059df5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\System32.exe.log

Filesize
226B

MD5
916851e072fbabc4796d8916c5131092

SHA1
d48a602229a690c512d5fdaf4c8d77547a88e7a2

SHA256
7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

SHA512
07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

Download Submit
C:\Users\Admin\AppData\Local\Temp\XenoManager\System32.exe

Filesize
45KB

MD5
896081ff179580794b2e56d763e60e5a

SHA1
97dca39b6a660e9e1285b401456576fdd0998710

SHA256
acf6b4e5100ebd3921ea434dfb8e6fe93c3933390ec960a18670120d6732125b

SHA512
48809ea72174b61a8b6ee24c61a42257e60ac10980098c3fbad45cab00eb96065662bd57425f6dbd2f561f30ab88395f4cb568a7fdc62645824ed1de403a145e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp950C.tmp

Filesize
1KB

MD5
b34fc460ef3471937aafe3b06e4f954c

SHA1
ed9abcc6b0430edbbdf4cf2c43243ba1a17e7aa2

SHA256
edacee32c3c4ba1c86b77b520a8f6d52e7aa004ff714c70bc2437877cde68c2b

SHA512
e3a1d215fb9808e69d10eb7852bedbbf1390bc2b0296a8187ea5d8cb6d393321f8bfae86e0407849b728ca2626b44314ad9c6c62cbcb58b63e33a57372018afd

Download Submit
memory/536-19-0x0000000074F40000-0x00000000756F0000-memory.dmp

Filesize
7.7MB

Download
memory/536-15-0x0000000074F40000-0x00000000756F0000-memory.dmp

Filesize
7.7MB

Download
memory/536-18-0x0000000074F40000-0x00000000756F0000-memory.dmp

Filesize
7.7MB

Download
memory/1532-1-0x0000000000940000-0x0000000000952000-memory.dmp

Filesize
72KB

Download
memory/1532-0-0x0000000074F4E000-0x0000000074F4F000-memory.dmp

Filesize
4KB

Download