xworm | 1780e7a2ff810fcaeb2aa616efec011dc2af042d918f6ab4c2e26aea4bb91b17

Resubmissions

06/03/2025, 13:48

250306-q3313aztby 10

06/03/2025, 13:43

250306-qz9z7szqw8 10

Analysis

max time kernel
209s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2025, 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df.exe
Size

47KB
MD5

ead40c54358549d98d46410ac153ab2d
SHA1

30211c2325574f2fd8ec8ff465db956722c8e32e
SHA256

1780e7a2ff810fcaeb2aa616efec011dc2af042d918f6ab4c2e26aea4bb91b17
SHA512

54d546924662055ec1118d7e12be5cff6f8b856d1fa32864d88d77910b28788a8557144c7a6d83e5acb83490d845a68e8edc2d078a6a535480b756e8d7ed4a18
SSDEEP

768:Dxdajsmwa+PZCVMpUbw8lvTTybtvoLFemiC0ApjkrbTEyG9aLevxhJOfb+1Z:1d6smwa+PZSMpUbw8lbTybtvkFe9o1O

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Attributes

install_file
USB.exe

Extracted

Family

xworm

Version

5.0

Mutex

07s72bHrZmeYNBIb

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 4 IoCs

resource	yara_rule
behavioral1/memory/4208-1-0x0000000000FB0000-0x0000000000FC2000-memory.dmp	family_xworm
behavioral1/memory/4208-41-0x0000000002F90000-0x0000000002FA2000-memory.dmp	family_xworm
behavioral1/files/0x0034000000023c0a-889.dat	family_xworm
behavioral1/memory/3768-902-0x0000000000660000-0x0000000000688000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Downloads MZ/PE file 1 IoCs

flow	pid	Process
134	3324	chrome.exe

Executes dropped EXE 6 IoCs

pid	Process
3768	porn.exe
1144	porn.exe
5836	porn.exe
5676	porn.exe
6124	porn.exe
5800	porn (1).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
58	raw.githubusercontent.com
61	raw.githubusercontent.com
133	raw.githubusercontent.com
134	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
157	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857425012239855"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4208	df.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 4652	4468	chrome.exe	90
PID 4468 wrote to memory of 4652	4468	chrome.exe	90
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 1560	4468	chrome.exe	92
PID 4468 wrote to memory of 3324	4468	chrome.exe	93
PID 4468 wrote to memory of 3324	4468	chrome.exe	93
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94
PID 4468 wrote to memory of 4864	4468	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\df.exe
"C:\Users\Admin\AppData\Local\Temp\df.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9539fcc40,0x7ff9539fcc4c,0x7ff9539fcc58
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5300,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4432 /prefetch:2
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5264,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5476,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5664,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5776,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5940,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6220,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5744,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:5808
- C:\Users\Admin\Downloads\porn.exe
  "C:\Users\Admin\Downloads\porn.exe"
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6088,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5572,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6216,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5972,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:3768
- C:\Users\Admin\Downloads\porn (1).exe
  "C:\Users\Admin\Downloads\porn (1).exe"
  2⤵
  - Executes dropped EXE
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5508,i,7352821784358330094,18166892057964893501,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9539fcc40,0x7ff9539fcc4c,0x7ff9539fcc58
  2⤵
  PID:1552

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5784

C:\Users\Admin\Downloads\porn.exe
"C:\Users\Admin\Downloads\porn.exe"
1⤵
- Executes dropped EXE
PID:1144

C:\Users\Admin\Downloads\porn.exe
"C:\Users\Admin\Downloads\porn.exe"
1⤵
- Executes dropped EXE
PID:5836

C:\Users\Admin\Downloads\porn.exe
"C:\Users\Admin\Downloads\porn.exe"
1⤵
- Executes dropped EXE
PID:5676

C:\Users\Admin\Downloads\porn.exe
"C:\Users\Admin\Downloads\porn.exe"
1⤵
- Executes dropped EXE
PID:6124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
643daa99e23f6a8766456f213b3f51c6

SHA1
439008288210998df915c829ca057afdc5a63d5a

SHA256
70d44ef089ace0076913676a2c2fd7834c00bd466d2eea653aa5887d5b09c1c9

SHA512
10900fa2a4147a033888bb1f8df475576fd2274a2d6e6c9608d884c5eb3b9ab1fe0dfb28c3dde6e277d6b9abb663f4f80f2e9a5cac40241a3735a40c2a882076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
92467eead276dd5f5610db6f9564e38c

SHA1
08b57f53f8888240552af2ac13b30d98984a0464

SHA256
4ce7440eec07b259f2385a8d42018f65f33cd35e1c9aaccc54ab7a8189dbdccd

SHA512
c1ba46b8048fe211a261bae642951a5ff698770f7da75a26b7e2fa2c3c4e5eb2b2dd6e8cf7abb075922fee197a934738d30179ea8b8af489e54e9b8c2ac08aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f2dadedd086f85170b0fc00f6507e18b

SHA1
ab3bdeeb763615caede723e51a3b90f3354a08c4

SHA256
00d554aa08ec5152d25603872970422e68e81c82ecf255ad0306ee5db68ac80e

SHA512
e5ebdcec3fccd403c74e669ac430cb3a1f162029542c9fd9fa3ab9a6ffae20cfd2e6f62db066e2a895abe6362f7ae4859e096a0007a28392b7e8af01358cf67f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\23a34db3-e850-49d9-89b9-a040f30a6bba.tmp

Filesize
5KB

MD5
87b0546f3a7e12cfebdd8b8739c3e1e8

SHA1
ae648a85b2150c3ceca51a8f7fd0780be7a59c9a

SHA256
d158db358d125bde3acdce64164cb956bf9693c2af724554823759941f90e36a

SHA512
e879771058977a06f3fca2078daf9f31ccfeb9267becb2b4ca75188eba364dacbe048eeffa7c19d1da0959870c9769efb4693af01bfc82aaead8bf93f4fb54e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
4ab928b4e4deeb4ddba7cbf567cbaa63

SHA1
85d32f8095f5a872d6ca352e2a1b7cb86fb29bf8

SHA256
1566f5f1a07735abb58233a41f453dfac177b744f5513680e0be14c31339568a

SHA512
a901e8c4edc333ff1514fa61b89646d50ecbd1c91d217279b8bfec539b271a6880e09f8dd457f0634ac68b112b1a6936f5b5b9a00d8176309764f7ffa4cd8cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a25b11860cd008afe98a59026a7ec2f0

SHA1
c0d6982cf12e7758d374e3bbed3fd2725e01ad36

SHA256
f98a6a1ba4f41b40bdd4b198f0b7b2d20bb9a5cf650fe176a645548457ebc7f5

SHA512
4d298e06b9c64baee3328944aea1287c2002eba2a07b62f9013241967bba7a2e3ae1fd9810072e251ff38f232625953100c4264940b41dac7be64a73ae13d8b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9613bfa03ac66899c2ebac2b382494c6

SHA1
d137c878dd71bd4749c6a124189bc355f28c981a

SHA256
0f08b84a906a5b2c2bb7b034067fb0df15889a35a400e9c246e03ebadbb816f0

SHA512
47f9ea485c34d5ac47418c018f6b3e1005cecc957547b62b842a83b80d3d9d4d489c56254c4a7f7b2739eb398cc0abdaacb09cef1aa2f466a8eaad4fdc57d4eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80a7622a6ce772f3f2e3442cd377dadf

SHA1
6448ecb95b1430fb1e7eb11e18470522d1bb91bc

SHA256
785787be1bb63e26dca63cc622c7fd8ab919e5631771ca6800983a02531df77a

SHA512
a61012d4c81ff1c84f273fec363c103c339de3abc5ad0435887209bb07b71df1e6a2fc6ddcb3024a0157d4f4b0fd5a5d93a8593d27dd6f00f77caaa78e507ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb7d5a6a9b5a98126d892fc3e27dc487

SHA1
4348ed6591dbd7dd9c47fb7b8722c732d762cd24

SHA256
0dfe29b3269e04f31d8d537fcffd02e2e52a64d6de100b657eb1d452b1c1b3a3

SHA512
5daf692af1444263d695acee1c8a0e89871316d1810c019f194a30d099c5206b9b13a0e94e6481414ca98bfd0f39b835a5f40532edd1c6152ce85b1a08934bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc674d78f5ecbd0cad67aaa01f075df0

SHA1
858c220b4aa9dd8d551e9a9527cebe1c865ca77e

SHA256
71ea64df690d01130e84a3ab12d028e872d555fc6ff24c40fab881a609b37a85

SHA512
904fd5ba2c1bd4ad619a8d70cd069c4b98bf342840c2b4683351682af53885f4224c51a5f5599577c8d35900fb199cf9f673a603971289c19b345af9c4789e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a01345fab18f4b5a9d41d77cf6a31cfe

SHA1
0bcaae4f1f9cb870500b4ca76cfef3cb95c031ba

SHA256
33baebbe649389a4762f98a11ed431e4ecb7ddd4aa6b6fb9c4bbafaecf091be6

SHA512
c838fbaac925730068704ff4a79825c1076461aebdfcc8bbd00acc3192267d7b98846e6af6daa3b1502f6df0c26f84ef11aa9dcbf471fb7a061080ce0fe78558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd4ce6701e75f8242385d12e03792846

SHA1
176dc33be065a9316a3a257eb48b33ca372faf8d

SHA256
e027d49045d95f8507ff804555481b2504772036d4fd8776a1d956dea569c7bc

SHA512
7f8e234bbcb29d2cab0e105fbc5d4df10252c29214e5f4ad26eaaf9d4f7f4baaf5cf91ffd574c989c5cf98cd987c209c964d6096ba207e5fe1ea5d906d29410d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
60f89ae9887026bb7ef5365877339830

SHA1
ec258363ade249973ef39173b898a6aab40a91a4

SHA256
b0445df43f7a1942a264b860ae56874d13185390bceaef13a4d14b23633abdcd

SHA512
f66a8ac0ef8cdc5bd898331e8a6eec91abed806bc9758f6c765c8eef4ad4c90b444d34959c794a4e0524bff371089398f4c27965b0b07e5810c8dc519544d2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a1a791c53ba07fbfdb70f2a7790bca1

SHA1
ceb20baaf58ee21319adbb9e980c3789c402dabb

SHA256
01629f326ea2fb220a204d50d6b5eba82a976f49ccbf0b79ca8b56f1b358e785

SHA512
617b3ba6c7057ca17edec62015b7db1211fcbb3112d0cb5db9d50b69e3cd2c1d1d856e4a2d144977b02cb8300a7cab0a168a1c4289765523db4ba288325fcbd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
677ca6779edebad3b5cbd29126019731

SHA1
75181057c210280d20a63236788ee53b60c03fd4

SHA256
fc29220ce50c113b7a0135af8099c576ad984daf8c6d6867ae96991d8b725042

SHA512
4b8f994defd836e5f0408443048c724ab1e2b6506e012819e9c081d4282700a025bfa0d5b9569967588c2b2a723c91455fe26007e15ec9f312fd949ce132998e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
030c7718f31c6869bd0945a65004d4ff

SHA1
59cbcec41079216a868626b66ce00cc677c8de05

SHA256
fa22608296b800db31f531de68df8a0df10b1c63a3b9ffe7b468e47c72155507

SHA512
207cdb2366c92a28321e439386aba2c15396a60b36c5bcb390f30c8dd2b45a7da3730e66585dd3d4edcea1b83eff7a7ebf60eba47b42b5f21209c2eb52dc16c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
baa9ef67718a5c05a73c572e191049cd

SHA1
6cc83241d87fdc1c0b295a364138bfa9fb0cd7d1

SHA256
23275bb302664958d1d2411156de225c3f6ba293978306242a44185c29f889ac

SHA512
e31f92002f5983e19c414ffe8f3be8e1e54d264b558a0bc1bb39bb2e86919c6e3069e216fec237e11645e41289c3581cb75bf938a50646902d163319cc92af6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99b53907bb821f4100d5edb88c40c7d9

SHA1
ab21bcc3113d893bc004f91143fa2c03195008d8

SHA256
6c3ef10ecb37dbaf614f5c41915d1b888a6b78e8ea55ccc1c58ac983a604127b

SHA512
1a5ee75d05b38114253b443ad8755562a161dd9c646b4d1b6a8ef0f71b8f5d7fc7b55b4cd350003afe3ea3d7fed1dd84c701dd2a860164cc923b09f751e7b479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ee929cea23ea9b183774510a0e12d1b

SHA1
d59b555299d2186e24daabd71972874917eeeca8

SHA256
c123560872c2bc33f67e09d4bd6172193188729e5e8530ce286a44f23a8fd0c9

SHA512
71c586a71ff5388387ebe271397a896f8eb34159028df0d8a85328b69708b35da48788042915769c1e74943120f3a037a2fb573fad2edae9589e8f386e176aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb35eb5733c860d97cf030dca5f25b89

SHA1
042aa4c101144fbbccbecd1fb9590a604d59129b

SHA256
70f66140c09fa6591f67662bc50c9d61983ccdb2bcecf5d392ef20adba0d9c69

SHA512
4c13000d31f97fd496c5ce154a9ca4c7afb725ae0f881b397435dc066c43a28b04f92c6af1948ec7b0abbd829dff4cc30981352c3b1aadef2965a9767d54da42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a5302d65ab548bb3ae7bcbf144c911c

SHA1
f5b92b383c79cb51772751f755d4d74964a583e7

SHA256
5de8f1b6482ba6457ba51aff67af15e552c6319ae1318d9b9b1bc2958d0a8fa9

SHA512
d6e50184206ccfa365e251e4728d120a03f37db097e01a11e6bf6de8db6a755ba124be71ac1d97edaccc9b64df10c2e48ac8dea55660a3fb758f130a1936df4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f871c714e69ae36c6b1a9f774d27daf

SHA1
96a0109f590d59e02673c987c6e1d9329c7834ac

SHA256
00ecdfaf88900d53afa8c70895c284ff933706726c279c7e8013514e11280372

SHA512
139f1bc410cce0f00bb06a97a42bad6c76e80691599bb54ab8fb0293b0c362942a12d95dfa654ee22b96a13176adbba63dee70beaa681cf211b5af102fe7280e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e48a054665219fb6a14decebf3d01da

SHA1
b1ba81207c61cb624198202ce2aa9253fe531772

SHA256
1e195b7e89ff67e8cb775a2bf4835437ed27ef331aa5fe80d0aa45888b099324

SHA512
b22e2c586289f57eb14fa0eaac3e7c0fa7954b427b33dea270d05104992e90a2b0edbc11fdc6eca6059d6397bb8a04a7ebaaedb8453bda7068bd12793ed57537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b688a6b5a42f21d9fde87000423918b3

SHA1
36aae892e190b61ee190e643ff5098bc5b502327

SHA256
cef458e1fa5d7487605ed680ed1e336f12d9ce3cac98617894b2f3b328881370

SHA512
c06f5b88f0f53088e3b7a1ad1e3ab4144d3f37ed294bbe84d5c8ca162b7f6c59e39e2639e7650947ddabb2d6bbd48864baa166b18b70b789cedb8801436616ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6e3419ce9bc8c6c8297f64d44b484f0e

SHA1
e9b8f938bc172c88f2c3b5af214de10c93f45eef

SHA256
f3edbadbbabbe34e5691b3a1f11f57d669a38e2b00b48772bc6d24ba9473ed96

SHA512
5086fb45fecd504874fac2e38d9198096a68b163db4fa7d4e55aedd462553a650cc980eb94d92f7f0507f382115524299c3d5c7be5bf86ab6dd0b373722c7093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
8ec0e86676d0adb10998d533b376cc6c

SHA1
ff01616d84fc354d0e9a233d01d6c49daba7c47f

SHA256
9f38e723ed3dc5cab78d4cea8c187a503942faf032395254f3027442e10b3ace

SHA512
9f254d6079e8dd6b4644824682054482b3c1246748de5fc82e633b0ace5dbdbb6b8c884992cb7a0d4b3b8abda1e2e27e6461b2099544f48530d3275a87766bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
d39a461af0fb7652dafb162d02f1066d

SHA1
0fb5dcabfebd2d484183c76d820bb01e6a414723

SHA256
1cf39801fe97e222a6bc68cef9828438ea622af2f32bbcb698332f516e78e474

SHA512
3deeefc233852e0e46b76e989cbe43b14b9cfe4e90d5fa426f4417d46d0bd956ca15eba755540a306a1a55756672834b0ee8a9c93c9d2a07dd9ef9db8f1d1c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4468_1956280907\7ea935db-b181-4968-935c-5ccf23664778.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4468_1956280907\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\porn.exe

Filesize
142KB

MD5
5ace2a4f363d5080e4836b6ee24d5c30

SHA1
02f40d86073d353b1ce45e1c5a0c86cc8431a011

SHA256
fd150d8a81b28565b3cce713a9cbecddf4c0198ce7882f8a5908554fb499f373

SHA512
e14f3b31b84ae88e81c3675ad753a99fb332624bd7049cfa51214a885d61d61378150601a5a2219feb349a351b7666f7681ea282e14b1d8a7607a9ee7ab85cb3

Download Submit
memory/3768-915-0x00007FF9562F0000-0x00007FF956DB1000-memory.dmp

Filesize
10.8MB

Download
memory/3768-903-0x00007FF9562F0000-0x00007FF956DB1000-memory.dmp

Filesize
10.8MB

Download
memory/3768-902-0x0000000000660000-0x0000000000688000-memory.dmp

Filesize
160KB

Download
memory/4208-445-0x00007FF9562F0000-0x00007FF956DB1000-memory.dmp

Filesize
10.8MB

Download
memory/4208-0-0x00007FF9562F3000-0x00007FF9562F5000-memory.dmp

Filesize
8KB

Download
memory/4208-41-0x0000000002F90000-0x0000000002FA2000-memory.dmp

Filesize
72KB

Download
memory/4208-4-0x00007FF9562F0000-0x00007FF956DB1000-memory.dmp

Filesize
10.8MB

Download
memory/4208-1-0x0000000000FB0000-0x0000000000FC2000-memory.dmp

Filesize
72KB

Download