xworm | hxxps://gofile[.]io/d/3uIEra

Analysis

max time kernel
503s
max time network
494s
platform
windows10-2004_x64
resource
win10v2004-20250217-fr
resource tags

arch:x64arch:x86image:win10v2004-20250217-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
02/03/2025, 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/3uIEra

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

80.76.49.15:1111

Attributes

Install_directory
%AppData%
install_file
System.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0003000000023314-73.dat	family_xworm
behavioral1/memory/2096-85-0x0000000000860000-0x000000000087A000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Downloads MZ/PE file 1 IoCs

flow	pid	Process
48	5024	chrome.exe

Executes dropped EXE 10 IoCs

pid	Process
2096	funnygoofygame.exe
2080	funnygoofygame.exe
3840	funnygoofygame.exe
2800	funnygoofygame.exe
4384	funnygoofygame.exe
2872	funnygoofygame.exe
1460	funnygoofygame.exe
1428	funnygoofygame.exe
1716	funnygoofygame.exe
1488	funnygoofygame.exe

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
56	ip-api.com
95	ip-api.com
98	ip-api.com
107	ip-api.com
18	ip-api.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133853849506016239"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3976	chrome.exe
3976	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeDebugPrivilege	2096	funnygoofygame.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeDebugPrivilege	2080	funnygoofygame.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeDebugPrivilege	3840	funnygoofygame.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe
Token: SeCreatePagefilePrivilege	3976	chrome.exe
Token: SeShutdownPrivilege	3976	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe
3976	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 2340	3976	chrome.exe	89
PID 3976 wrote to memory of 2340	3976	chrome.exe	89
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 1552	3976	chrome.exe	90
PID 3976 wrote to memory of 5024	3976	chrome.exe	91
PID 3976 wrote to memory of 5024	3976	chrome.exe	91
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92
PID 3976 wrote to memory of 1060	3976	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/3uIEra
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffff120cc40,0x7ffff120cc4c,0x7ffff120cc58
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3880,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5080,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5108,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5060,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:2712
- C:\Users\Admin\Downloads\funnygoofygame.exe
  "C:\Users\Admin\Downloads\funnygoofygame.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4700,i,9527256099675298836,11570864998844533077,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=924 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2624

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:60

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:60

C:\Users\Admin\Downloads\funnygoofygame.exe
"C:\Users\Admin\Downloads\funnygoofygame.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2080

C:\Users\Admin\Downloads\funnygoofygame.exe
"C:\Users\Admin\Downloads\funnygoofygame.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3840

C:\Users\Admin\Downloads\funnygoofygame.exe
"C:\Users\Admin\Downloads\funnygoofygame.exe"
1⤵
- Executes dropped EXE
PID:2800

C:\Users\Admin\Downloads\funnygoofygame.exe
"C:\Users\Admin\Downloads\funnygoofygame.exe"
1⤵
- Executes dropped EXE
PID:4384

C:\Users\Admin\Downloads\funnygoofygame.exe
"C:\Users\Admin\Downloads\funnygoofygame.exe"
1⤵
- Executes dropped EXE
PID:2872

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:4848

C:\Users\Admin\Downloads\funnygoofygame.exe
"C:\Users\Admin\Downloads\funnygoofygame.exe"
1⤵
- Executes dropped EXE
PID:1460

C:\Users\Admin\Downloads\funnygoofygame.exe
"C:\Users\Admin\Downloads\funnygoofygame.exe"
1⤵
- Executes dropped EXE
PID:1428

C:\Users\Admin\Downloads\funnygoofygame.exe
"C:\Users\Admin\Downloads\funnygoofygame.exe"
1⤵
- Executes dropped EXE
PID:1716

C:\Users\Admin\Downloads\funnygoofygame.exe
"C:\Users\Admin\Downloads\funnygoofygame.exe"
1⤵
- Executes dropped EXE
PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
722a242c446a7534f923017d8f375217

SHA1
a9d683aeb796f4547384f67435374ee1f9556921

SHA256
3ef1afbfff069df548803f4523c969a4878eeceee9789ea7389861b5fd40a393

SHA512
f2e10c1c0972a891d0a60b7cfd33d174717726aa8db12c26a35af31d270c3d9e891c1dcb1eee4d29408da9d362c50dfe62032f3d0516baa20b938dcd29b796e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d59b0d2a8f83895eeea371d2a2e3ab2b

SHA1
6032ec23bab0b50d1f91a30b3872f0f5bd5e1bbc

SHA256
d1ac107c6b08a087a27b2d375749780e397950e3b7623a214fd3c94c92f1f9e0

SHA512
211b00a8576de7dc8a15f5f2fdcc75f1c15ec272593c1f18f1e461424e12da180372f795ac164a539d012b895fd56a62a28caf61b60f574ae2ff4bad39c0c1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cfd266bc7ad9914a5e149ba1346fd0f7

SHA1
9c3d76cbe0810ef0dd7b80759532d6758082f41c

SHA256
9744c5e5d6ff8a91a8379ede67563cca9a1851ac3b9fecca2da8a606dc3c5e57

SHA512
4a00bda9ca00977900d14333667c27deb72eeeea3704b5741e6434c516834fedaebda0cfd25c43a18ce422a3383ac2c22cc93065d8515c49c76e47f734054fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
3690aaca7637704aa42273c3e018cc4d

SHA1
784b9f11b0fc72c9367d8041669bfed383231fa6

SHA256
9e401f16de957fe793a5974e9af6c1e200ba02fba2def49c897672f0fecd748d

SHA512
8cc0b38092096ec5684acec912202af6765a9f20bd05a3b40c334645998287e48283e671113d5a00127598b8ab742dc12c94e7b9b34070d2f8b6deebded0ca2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f0a87f11e10924cd91c4188a02af43d5

SHA1
eb6ba2dac5288fffddf766ccbec52b3bbffccf31

SHA256
fe9c69930f021745b37846f86acdc4d35c5ab9df1bc754032c633b7dfaa7f00d

SHA512
c51989f5da014d68b1c6a0fbbf96c52dc78f45606a10de292258e7d50bd01f8093116d9a53331aa53cf887942e773bd262a3c89f47a502534c2efdd1ad12cbfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ae71c63ef95c0a74a5580d59350f23e

SHA1
08e5f06f2d067b20cf3f6736c6bd37f576ee403a

SHA256
6a3b8f49ea86ddccc4790b4f6fe1b3475cf85337b6863f5aef9bf75f2cf2e850

SHA512
7b3088ecac968bedf1f387416cb376215114f6616a6540f0a5220b6d5d00761722cd933a193faee9ec3fad86d5356204fc1cdd47c9c3b8a15219233e2beaa1fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3952476383e85a411545c0b9ebc192c5

SHA1
038c42c1563f8b1df4ceebed59e9f55f923b8df8

SHA256
695a4ae2fa8845c068a9b5495869350d1e8c003ba86e48358fe6642a81de4433

SHA512
c30c38461a68046d5339bcb59337eeba13884f36744d3694ac6186ef72a31b3094bb53bc9eda2d5604b84eb01bc0af483931bbfe66325f9593abfb01509d6634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6c1ce064c194920eb69ab7dc6997ad4

SHA1
9b354a6d607d4f7aae87ff2283e0cc1222daf84c

SHA256
7a6e3df04b3e085e36edcfd43262143f7dc919843f224a2f86dcf862a5969330

SHA512
2226c5b41f8ed06f81c55fd1f48da27921dd9ed65a6221261e84159fa424887972a9e4391e888709814bbb1f0846ea28e95e75c3ed1a99c92e7f981c8bb54367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6df756e684009fa20b04b0fea0366f2

SHA1
dee3eac8392782d4ff4e64544f770dbf73b10548

SHA256
17d97deec708848ab1c41f698a0e3fd35c34087fc7488261312b1aead0bac26a

SHA512
34d6d911260b574db10810dd7fda20bde72686758c181683b0c05b7f0dbbfe820999f04b8621acd0bd93962a63600c94ddf5201de3f7e4c54133aab462eb62b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c3f5a2b674ebf70d59b3b0e4e9f9b37

SHA1
68832bb4c510e7a23539275b8fc483549e44dca4

SHA256
f2c7a4cdc04f0621a0cc34a45000b264c051d956e9d266d54d4da57cf99b5da8

SHA512
c214f0f168274988cf2c2a3aa9576bedbe545241c6ed97f066a8c89e8c9c813579d03a643038941142d87bd33c00b226effb6931657485c1230e726181991ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
749dec133197c1136127f69ab4f5cd31

SHA1
74945d8c18c38dfd9b1467a454699c96f797e584

SHA256
efa68cfb2823cd4e0790addd4753571d623a16d42d0e2f03b3f071e0532de893

SHA512
ab779c3a84004c1b901fbf2404ee71acc351c4a2f573a4350392b25a425d94a478df71605338b977482393888dd01b8cc11473c24f868d9578e7dc7d946e468d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b8ca7a206c8bfce8da63b90486e0d84

SHA1
d77c3edd94210d05807517dffed85fce35651ecb

SHA256
461130148bec0276d17ef3e9d78ff8de0fad518166506bd8b4cd56b30156adb7

SHA512
fac88f156f60308f8de857b23c34f9ed7ea94657296669f3298e43eaebbaa6a2b5de2844f7c8884353c517b40bc80ae8ed2d689abb4321eec151f9a4a74716b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2a9e65aaf0750e1c41f8445f92c6e6e

SHA1
c91213469847d0af6bce3645134f1487ecb34409

SHA256
d03a519515aee5b01e4882989b79522ac84a0c355f1e1b31e33326ccc94e54be

SHA512
3784d6fe8d2ac799d376e72b21b016b8317a610fc03ef703f5d8e293de2f11cacceb08a27287759961ca952c39c3b305d9d2f17253047e40b6d9e88712378cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8434d8746aa2657b86a8ecc51885565

SHA1
379ea035d713fab5e91fe2bd94e7770611e44f53

SHA256
62488489452d3b95db40b797417185fb713de79f2baa133e79246df741176500

SHA512
f539a6cd6077518010143a2546d1ec4559e29142468e5227f16194f2b551afa24d0f340693afee223c2bd4fb3c77b286b22556b0aef6be2e400fd2b1647a3503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
845c3f68ba8c2646b3b544048e7c0467

SHA1
99b4897960b0270fdb102381d565bd1cf2361b3d

SHA256
7400f6d460d999cb5ac710725d7c459b82f0cca9f0cb83a588b005dd087d0b2f

SHA512
25adaa5ff8cc497367208025fbae0c5d021dc9f8dddddf80a68513e68c9ad58d5cc0b65e0dda44d609d76a5b5b600c43a92ea08872dcac3d3524fa16dd8d968e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b3f095ee0a0ea43bd75b277c6335c62

SHA1
14aaaf0259e848f293b5d569e08ca123418b91ab

SHA256
16be362c187aab8872dd52e9b7944dc3075c9df515cf524ab1893d192a2e9a3b

SHA512
b54b2b11399519e9af7e6970dc32d3f1edb9ae7166c8580c15dfd469adbaf5de051f14207e1f3874a5d605bd0e1b0d5b0e912ba8aa65c8c745fec41f758e047d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89ee7f5d149a0958d3795fee9e199cdf

SHA1
fd573de4882db0572ddaf163f2eb2134f73a2999

SHA256
fa4167d2c9f696e66b36e05dc7078352c1cabede7bc954132c751fae3f4485a9

SHA512
d6b7d7c2de8f002e6e1602c1e1a7f0cd3be973839ccaf9493d6bc9d60b62ac3ef5548630a1f4e22d80250cf3b49cb6a8632769105820778a7cf97047c1f9c915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec3a2aa4abf9f5b5a5d8417e8124376b

SHA1
ea7667bf4371d6403518d83c40752f608da4508d

SHA256
e93ed816d0f80392753385da96d34520d54b243a63058b2881babd0884600e01

SHA512
28bd0e36038dc299a312219dd6d05e198c251c6283b70e056c4bf2697124d2eaf2d0b540ed66630a6751c7c4458c081b6ffbb5c58411865648f3da55b22863f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
382f79386614a0fea5f1925e7a0f6b6d

SHA1
d95c9daba8d711ca4d965319ab0618aec5d0e84d

SHA256
714ecd70e507412a0a1ed9265e406edb963584c808db87e0f3e8ff19021c5815

SHA512
db44dc4cca184345b3fb0119d3e65b05830233c318a98cada30b1a90d9dabb7674af73208485e9285c58a6f40fba6579d23d59ff78e99947a0f8a649cfd04a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6e2c4069e42a49d9ea5945fcef30552

SHA1
b71077a6a9bbfd291dc2234a682fd1686f16c223

SHA256
4990f5ff53bf2d8c4e1d474e020a21e48a68a58043f6bb3dfc1e337bd7cfbb94

SHA512
b5b0835f4da9eb822ff62cc70161d5b0a20725b5e4c90cf1d7fc7b851a618550801f94f858edac652930f6e4e8a13ca3f964c0c8ff50e5bdf92fb28ceedde663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
482336ccde30ba506d05db7d11e10f1c

SHA1
6b02a85494b63c77a66e2389759d7966e68ec9bf

SHA256
5a3550e5dbed489d29e3bff8c4fd492052bd26c2d621f87e27058a7e54aebe80

SHA512
0b4993485a70d56169e3d28aadc0a24d06d90ebb9391594207d2301e63d1af53355cf5d9ae039e957a7dbbedf076087917cb826e19dea264255c9bc9a70eee3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52bf28b7596bded8f1aaaf1785574b41

SHA1
0e68c569a4df299771e99a07c9e4121b67c911db

SHA256
bac89f871028cd3dcd7d773f40e32992991a10198912d482a44effa91a164634

SHA512
c801b766b90d872e854c1cd75fabc2126355e40d1fdc5fe490f9184be321c2a3caa0c7f61670db6d3bd4fc0d29ef8ac7bab5edfaa6cbcfdce57b699fa308c1df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a6899835641ac5d5ca26b4bfe8b1d51

SHA1
324c45530b827acfd5132b23f1671a14f95b4eba

SHA256
4c3a8bbd3ed240d709393eac41be45e106b6004f4bbc5534aaeb595435a542dc

SHA512
92451516b630103eebf1e0cf7838e6a6631c7bf27aaa113fda4e4a5bef49e5f38c6ac4abd2e6e75ff233c4251a4d53b0b5255dc92d61f64e224b70c3d3fa6fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c0bf76fa051b2c0a1d1c5e36bc3505a

SHA1
8d17a66431e70613577290920f4e0edd554315ce

SHA256
6cd53c5df521c258f5023d23024514255901e8fa6f09de15c6598f04a4db4b69

SHA512
26c5b1e6e59e7266bb9595a6fe617596421eca436eeaab935e507dbe41d56c8d9a2f46282bb56d598308d9c89e284e62a03e2d5ed4b7d0ba02ca20a4c2de4b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6b4126709380aeddb0e1f77366df25f

SHA1
00ae94f43a97db927b7184cb6720efc7361f41e0

SHA256
1e0623038f1fb741ee4ccabb829b3a45e0e0548627b1f40a3bce6d7612b46a16

SHA512
4a6544e247d1d253d7195ce6aecd7c034df8fd38b06d7b4ff87b86d7b0348157913cd94b83c4caa5a360566183acd6732f2ccab727cd9d8dc8e8cd6ea64f6b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
349173674572ac31859a275a70491601

SHA1
5168d4d28139a4b025860b62cd6677289beaa33e

SHA256
b9a6149baeccf5db2dae5cadb42e1d3396ae7648255b7e361ae0065b0c34c2b0

SHA512
26463059884155b285f724bfe4b8c696b4365db00017c62badd4c6280ed553f8534fea2f68a90150ab23b33a6c9407d98f5b3932209da1b7b536080129e45cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e8cb12bc8df95b60c63d2a7c5914e5b

SHA1
be1cec882a2eac5731f3557ed426fa6db7c44768

SHA256
4438adcecd98d2989db4bc724c26ad646063e6f73cec8d47ac321fafd724f8dc

SHA512
b44f8e377892ead9fff51ebda71c159755bdc6c7eeac39a1709c882c5aef882f2fe6893cae58e1af314ac83abc3fcf2528c2f7ee2dc0ebcc92835480ce1a5360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a152a69427f6070453d89dfaba92fb40

SHA1
73ac04c76ce0d1a892893bf4ac160d22d0ea46df

SHA256
670caecb0eaf6c2b84703aa856f2e766f697a00e45f5c793e4b9694bc14e2a52

SHA512
d04a4ea4fda5762480cb262c828d80f30959850aa86849192da214225d97ca6f3685fb721b1dfabaebbfe8555e9101fb640cc1e0a4a2646342bd2e824eac6db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0687ee829cb44e2c43314d0169f5c674

SHA1
25bc7786ca373b9be8b027d25b74c0d4c6d4c78f

SHA256
ff197e6848cabec373870406f6430f28d40b3230029affdab4a1ef116011bac8

SHA512
6372b878a1f91d680a770cbcc29a3b6f980d48d745863fc62a59f4f51f0e0dca3ef8da27f7a007feb3758c597c367721dc43076849f07652323ce3a61b9e9079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f53a2d2924e08e289b29012037490473

SHA1
f1ac5baba1a1e7f81a69bb516f77b0a705066214

SHA256
e665d44c2716727ed22d61228b2d0af53ce8a094b7d670b0da17e2c70ade67fa

SHA512
fd5f018ac5189f4f4940990ad2ff3e640ac7f514c5003b180d41519495253d0a5e5779b9c1b9d7c449b6010c57788b240009c95afacc27901172f2ad9840a949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3dd769b11cc7aae3a784e06b9bb0ef18

SHA1
d4216bc0e8cb0f49c319f7a240e85d0d1873ee25

SHA256
b8ba9ea29016c2442d01df029e853199ee8648bf5fb5d65c1ded0cad1d96eb7c

SHA512
5bd3ce706348787ae67baf85ed6278c40a3da5b251a01e15a01623e2047eb9ce814ae357e3b1ab6de6c387d1fd08406f399590e84aacb1467bcdd666b8f8e9c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
229201f1321a3e918d7252549fe289c5

SHA1
dc5a7718b9ddb189dbeea42085f1b7d2c87c7525

SHA256
ed4c6d19d1bd5e1e6fc5caa7fde1751af99731df514baaa464d88cfa841d9fc3

SHA512
7772af5711cbdd5049f9d10fe2f6006350bdc0f8769f0d680c19f39eb28f61947295a1d0a07952432be5a7a019ab9b821b9f99403620325c8142016a993c1166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84580bd2b128a8384851f383f2557c2f

SHA1
8ff250f327488166e2b81ebd24ed5a7afd093170

SHA256
1d02e792df9523149034dbf024c27ccf28157affdb4779039b40733fdb687eb0

SHA512
6e5615ec02f701d47169e69c21d2b35fb40a9f4c7897c76a539cb6cfac8e3227c93b9bed5de121d82df61ef7cc7d62ddf5a8447d8c52b74a2f84e17d7d9d8bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5da610bc469923277cc93844617d761f

SHA1
8a424d73ed2f8df054256cba4f986fe067a40f8a

SHA256
2f78563a0a266b91f6f01ec38e01723b519812038a378c7198374fbfc3b26cec

SHA512
1e095b5a6b7309cf741d03899a7c697b2ba2f655030d9dac3da26a4875ac4b92759316185f7b0a1e15d9e1fd272ec25641387ec5dd97c130822f31264f344a86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7647d2415f3f107a6eca6a7f454519e

SHA1
03de744bfbb28efc6a6db19c33eab894d0a5113b

SHA256
bda231a656cfc8b48811b6426e038619172fbac6bbc6c549c73f29d3cb2b201e

SHA512
c37806c4e07c7e2d5881798344c1cebbd0ec63b77d7f01d8cb33dadd0390bd64dc2dc6bcca4fde3bd2be081ba962a01e1413c74d9672b66c49f140e3d9702c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
c173f0618b9a5918334ed49e84959525

SHA1
b94a500a780065448d2ad75e5f3cc983c67cdd52

SHA256
e4332e3552a576a9f3e02bf4346c183f500d40b4db2eb4c8fe5dba750c078014

SHA512
3438305c3c9a617384e2f93f8a00ca571381d432046b55b54d769b95ca801c952ecffa8a5f0b2bda9eaff708fba7d10fde129fa01de328d74c0fd7810c4e77ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
75b872d72f6f33847c5b786888b7577c

SHA1
ecbb611135eccd00119e3e8fecac8fbe02736377

SHA256
71061638e0185bec8b4455bdb561cef90668608f2d0475d24235da0aaa75b2e3

SHA512
3080669ff9a3e9ec8341a00197fbfd16ab5289f2419065f87e73b4462bab359399af45a1986a4639b4f4c1d51e042b919bba8cecef1f7869a719dbd045d4f3d6

Download Submit
C:\Users\Admin\Downloads\funnygoofygame.exe

Filesize
76KB

MD5
7cf92d4b7157afe65af732e3b409237b

SHA1
ade382c101039f7e9a451d93ed854a18693d8424

SHA256
b2b5969cf241940cfa7d392bbc349eedb90f408a97824494b30c4dfdcff987e8

SHA512
768ae1cff1bee9ec37d4fa330877d75140d96a085fa5ff9443bb8df0d3e9f990407fdbe82c36ae1ddf04f4e861da6de7f5557c856b246d29fada9f6e9464fa99

Download Submit
memory/2096-84-0x00007FFFDC0B3000-0x00007FFFDC0B5000-memory.dmp

Filesize
8KB

Download
memory/2096-85-0x0000000000860000-0x000000000087A000-memory.dmp

Filesize
104KB

Download
memory/2096-86-0x00007FFFDC0B0000-0x00007FFFDCB71000-memory.dmp

Filesize
10.8MB

Download
memory/2096-87-0x00007FFFDC0B0000-0x00007FFFDCB71000-memory.dmp

Filesize
10.8MB

Download