xworm | 1780e7a2ff810fcaeb2aa616efec011dc2af042d918f6ab4c2e26aea4bb91b17

Resubmissions

06/03/2025, 13:48

250306-q3313aztby 10

06/03/2025, 13:43

250306-qz9z7szqw8 10

Analysis

max time kernel
209s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2025, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df.exe
Size

47KB
MD5

ead40c54358549d98d46410ac153ab2d
SHA1

30211c2325574f2fd8ec8ff465db956722c8e32e
SHA256

1780e7a2ff810fcaeb2aa616efec011dc2af042d918f6ab4c2e26aea4bb91b17
SHA512

54d546924662055ec1118d7e12be5cff6f8b856d1fa32864d88d77910b28788a8557144c7a6d83e5acb83490d845a68e8edc2d078a6a535480b756e8d7ed4a18
SSDEEP

768:Dxdajsmwa+PZCVMpUbw8lvTTybtvoLFemiC0ApjkrbTEyG9aLevxhJOfb+1Z:1d6smwa+PZSMpUbw8lbTybtvkFe9o1O

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 3 IoCs

resource	yara_rule
behavioral1/memory/2864-1-0x0000000000AF0000-0x0000000000B02000-memory.dmp	family_xworm
behavioral1/memory/2864-20-0x0000000001310000-0x0000000001322000-memory.dmp	family_xworm
behavioral1/files/0x0003000000023242-1237.dat	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Downloads MZ/PE file 1 IoCs

flow	pid	Process
261	2968	chrome.exe

Executes dropped EXE 4 IoCs

pid	Process
5860	df.exe
824	df.exe
3308	df.exe
1652	df.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
38	raw.githubusercontent.com
39	raw.githubusercontent.com
260	raw.githubusercontent.com
261	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857422115514566"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
5984	chrome.exe
5984	chrome.exe
5984	chrome.exe
5984	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2864	df.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 1984	1068	chrome.exe	98
PID 1068 wrote to memory of 1984	1068	chrome.exe	98
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 1072	1068	chrome.exe	99
PID 1068 wrote to memory of 2968	1068	chrome.exe	100
PID 1068 wrote to memory of 2968	1068	chrome.exe	100
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101
PID 1068 wrote to memory of 2800	1068	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\df.exe
"C:\Users\Admin\AppData\Local\Temp\df.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcb759cc40,0x7ffcb759cc4c,0x7ffcb759cc58
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2224,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3356,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4624,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4424,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3708,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5248,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5492,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5508,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4976,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5028,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3484,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3544,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3196,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5728,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4612,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5856,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5832,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5892,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5768,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6036,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5324,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5524,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5436,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=3492,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=864 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5484,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=4112,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5620,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5592,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=5340,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6092,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=3448,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5420,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6084,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3204,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=860 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3536,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,18093461954267830061,16737102689915792248,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:4556
- C:\Users\Admin\Downloads\df.exe
  "C:\Users\Admin\Downloads\df.exe"
  2⤵
  - Executes dropped EXE
  PID:5860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5124

C:\Users\Admin\Downloads\df.exe
"C:\Users\Admin\Downloads\df.exe"
1⤵
- Executes dropped EXE
PID:824

C:\Users\Admin\Downloads\df.exe
"C:\Users\Admin\Downloads\df.exe"
1⤵
- Executes dropped EXE
PID:3308

C:\Users\Admin\Downloads\df.exe
"C:\Users\Admin\Downloads\df.exe"
1⤵
- Executes dropped EXE
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0524142c-f3af-4a9b-aa9e-64b2ff9e6474.tmp

Filesize
245KB

MD5
65646344962601bf4e5cf5b3134bce39

SHA1
e4a96433e7c28f98ae950a58a9237cf2b10d7f06

SHA256
274b6e9728fd7ab45e10e12bc9554fb2188a15b7e43ee2b237a12b87bb8b2080

SHA512
5ead26a3d4ec4b49820144ba236df51c0eb2b9a12a73355c194095dbd0bb68cf7bb879847d35453119ac6dc336e0a06afc6af3f5b7add198708ed6381ff6b097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
afbcfed707e8974b2ffaeaeb030c4f6d

SHA1
d24bf78a14dd4c26d8ce6bafa2f5bea2278b360d

SHA256
1900d7c2cbb15324d46b7657c390e17594c327d5a1a1a6eb62a9a2e3f2ecd8d1

SHA512
350cd21dc954ffa0d52d561287bd49226111bf123d70128dd7b3f0f7eb569c267b0f2f4fbef6c4be777b2bcb8998cefda37f702a24d073bf4619c1d29838791c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
62KB

MD5
9ecd937e59f04291b27f9a13bcecebea

SHA1
bf80a4445a01d7a429910f6800b94b2de5739072

SHA256
3093793a6f48bbdb0346098aeae29056719507430374f26de550bb1d033e5ce7

SHA512
016ec055e22bc995a9a7670864aaccdd4600016d8f2c56e06e459630f7cf1b9f338f2e7987f07be440ed50081163a703ef61db71625bdd09f5bd437f95d00eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
71KB

MD5
2d5b452e2c8c483d5a93f7764f3c27e3

SHA1
bf8cf58de6e58871a5eaa9bab052a1750a9cef61

SHA256
0d4caa8036947c4d1e0a21c46bf6de7913237d581c6a9e53ced77fb377de0046

SHA512
8750a7ce771731d1870b9d569a9f3df0faa67eb707d4f64171db069198b11b3254dd2bc50db061560ace5988603102cb0d5350118cce58f8e03a8f95acc1d4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
414KB

MD5
7b3cd44e303a9b02981989072cc09438

SHA1
5bed08bb85cef998618a8d5a436da21e72f21443

SHA256
b24cfcbd46a2db6a3b42b37048952646bcb9f4ee256e95fb04a064d3d4a48696

SHA512
daff0c3d74730a6ae0a722dcd183a1fc8dac7feebf93ce4878cc1d1222cf1e72b43e98ef4eca16198a0e3e8e102d8f9840d701b09f7cc3de2ac87248a9e5e91e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
db24e5c699cddfdfa74e77ab41380548

SHA1
cde8df67b5e5ed26b3ad54e652c23266a2de0c9a

SHA256
9d1d2f6dcae3d87ca09c0c79c52cad519049eefff1205be6f59268d81c46c059

SHA512
a81be8b51e0be98dc4c92a9176c32d916c1a2bb786d5d894855cb0002b38d78b34736f1a01e9494458c7cfef1f39e665a38f47516991e91089630575a87ee63e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
5cc24e13e422d9f5e5a8097a02e13e56

SHA1
838258b9822415aba8ef92062dddcf0986317e55

SHA256
e0d1332524fd28664596564f3d6577ba7dc8d0cdcec72cd423fae6f38fe8adf5

SHA512
9b9d47c3492029224c9a46022a696a14660c45426785e4b8e84e720f5fb5c9bb16c733b15592ab8b84da8c6e9394d518369d4d56f14a35070a5afdcb62371a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f3dbf481df8f7b83e80b8c03ccb6ae2e

SHA1
7a497e4c005be7b461769fee297e8d586dcd569f

SHA256
1e93dae6f1b8c7d75581405b6b6a8d6ad6b074e5ca420f9069540e4ff5338067

SHA512
86d31b0cdc8b9af6567acf7e9783d9ffbac7d798fd6dd61693781bb9841d4cc83008a815e13bfd4c6da6c577155b45e4401c1005d1b645a4ad70f29ec122f683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
5a8cd8e8751060537e99c29d3a2271e6

SHA1
edde082cad667e1dc7c00400509a82b14553a159

SHA256
1a3fb38100ba9cd0fdc66a215744503a28cd656ef71d271a4374dcff880cd914

SHA512
ef1755dc4eee2b736498796e6e3a828989dbc00d3279796dc8693328b53accc786706d0f4e6bcf9dc9d74788bde95485d7956262bb12dd36b97a66ee98b25f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
0820cd0248a69f7103266013deced470

SHA1
29ba12d16020a4399d6dea04d2712d3845d34ddf

SHA256
9b61af3c1e21c239ff5225cd0b380388837507735a6fec9ef1e2eddfa1338ed3

SHA512
e3f0835e174256858e3e75c90e204f3cb41fde8333112e42f61f8189a49c9a8c651ed6758141932402ff473ad39654d391fb0aef6628f68c0e71218c19424707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
4c1aeea3be3c62e4a49f7f29cbe40dd9

SHA1
b53b9bde8598e2403a4c0cf0772eb6423b808be8

SHA256
a2429472045e184e0944c4e5e749f2129eab29382d17ec1357fa5220e9901fb4

SHA512
f5803fed22cad9a80d8132e74a061baa1ad4d050fde177e908874d448372d960d9a9d380c12b0f33f5c13439c620c9f38f298e8021f37201e5d6de5f0678b97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
78b1cdad8be97524c43b7591e46b091e

SHA1
e3fbfef4d7706e98fc63759c67c59445caa315c6

SHA256
df801c09a1733bd92eb5b4b9d2d4dbf1b3a6a15ada99de74ae81c634f6b1db18

SHA512
62282695caaaddfe23dc07f1b6dad1b50769b490dac577a5127a8586f7bd31218b52ff0729f3af11023494bafaac6d17cbdc6484d50e48addd2f9c19839f7299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
216e1ed2ea916bba17aeed3e8c4c85e2

SHA1
bade96877f15f45cdeffda6014035513b36f24ff

SHA256
9c86b3d309f920fb11d3d63bcbc8c78ee369f6b7c9f1950cf35ef46ce022cf2c

SHA512
fec29d927e3d672ce1d3b97d82d6f990a8a8e6ff0b4993e6830752cd844f22d2ad8f452e0c4b2957aa35efe94f158286c5d3d18d9bd5c6952c1a009ffdaf5956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
a6b3f35a6d26a3cca7a029bed81e5e62

SHA1
5519aea545a7c0049a75ac0aa9e298c4511b98e5

SHA256
8adda2e98f70791b78bca78d24112607b98bb349fb60f9f5ccc2f9e1e6bad820

SHA512
d1adced11f582042870eb6befc3388bfa6ffcad3ac1c95bb7c11d99590bf22f6318fd18e7bc62f1c94ede49f82d04103bc071b493f3e6c9afdd6dbd0e818d05e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
88697b5c472700a8e8b71a7a9b793eb4

SHA1
9eff34ca93f4c380a6bce05b1001681c896b235e

SHA256
e6517088e57fe4927b27ac9d9bc0d9b2d82ac9a7750111fde606f6de08f05537

SHA512
f8d391d9e03a90da723eeb6528f6301f4dd10c07a15c4abcfd7c27d2d14431ca4dd8745ad0952f984cc86172859e78bbd4aec3c7a264f14c81534f2081c447fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
962051afc0d9d149a5285a37f15ad955

SHA1
a2bd8db5d6bb53015dab113180e8e7c15489b007

SHA256
918cb1af7185da6164893675967e40e4679d6b0b143bc6841629fb21fec0dd9c

SHA512
292e6f5705828aa6fbbc91e4645f12ff5ae20a37946108d58da7d9aeb7cbe778de8db1acbe1f5d6935571c9189a45cd977e11b5b705da3f1c60f4eaf4341226e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b13c37fbab75d193e54c58bf84d5b6d

SHA1
7ce4ef7fb4fe0ce9d3954f36b7dc4d4ac92a84ae

SHA256
01dcf873540089829107e4bfd3207c45b42bbb8339dcbce43f48f07f0b126368

SHA512
6846e0ef576a58e799f5e9f00fb139ea44d68e5c38099bc052fb7c27b56f533cf7c01b5f5e5eade189b707f0e5f8ddc10eb243e16a425d95f6d16f3421b6c2b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
672c9f9b2a94a36cc32c47d7a1c475d6

SHA1
205a767e93ad88cb378017b9c248c388ce30c100

SHA256
83c409dd7e48e80acbecdd0184d26b2016b4fe29ca0083fc8127b582536b0222

SHA512
508959caeaf257cf982c63ecfcce3929d88b0d334733d4b261e7bd6df55b5f3cdc28a490bca6d38b9ce12c68d12a56fecbe23962f425c85ef98a5fb7a935fc11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3aeb949b47d78c53491064ff52397c8e

SHA1
c5ff763a2bd8d57a03fa9690bda72a361220bd0d

SHA256
cbdd8d66af5ada9f9a70a341c8802d8ea8ab3c1449063a98b0ca28f2f7d71383

SHA512
293ddba10ed682bc28eddc5da604cde6ea621867a250de275c0db0a5b2788532ac8f2912464341f5305d77716efb041ff506bf99aa5ce28c154017960c231def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4bac54ec012b6227bba81bc4221a876f

SHA1
ba119156592248df288bf8dc1b40d37366994055

SHA256
376f9f3c86869815393d4653f1f2ec50f39be01cfc77dd31a33df38813713267

SHA512
83910e7b6e76acfaf320ae28bbf215673a793a9dcfcb8b7af3beffbd29fe440bf3d85ba6fb1cf7fea12d998010746a272ecaf9ca100e3bdc686cb0f8b8c67b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
388aab1e69515d3f7efd2a0f0643e590

SHA1
2dd8a2c5deb1103e92e681cb27eb8cad94683048

SHA256
4f57c57c3d45cfe93d0d2ea7cd3ba730a8057e9546ef1a5923bf681f0d11d88a

SHA512
657b305d1c444fc5acfa191b847bc69605cf181c75771b92b9afb7d56e9a863ed35baf1e125c8907aa100e537bc0b7ea7790808a22d1c696704e0251c2ccb422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86f3979ca4d5cc6f13643357f2f006c3

SHA1
b10239443d038bafc55cb3cf3ab575bfbe6168e0

SHA256
7612e942fe72a285e37011cadc2fb77690d0d8c664bd543c2d9eb6d2f86ebd96

SHA512
6309a1e276b71f254425ac34e38e352f0359b7bec6fb3ddba8c052aced8014de980895f400b6b75a00748a9bc0eddb042f330d4b6267c5875cc851e34fffafa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91298d0d9d1520ef2aa0c232b8ca72a1

SHA1
4c63fcd69081695e8137e97fe5caf072ca1f106b

SHA256
e627cf0aed277232b9c3bede8fc4f42f604a91f4c1de366aa40e0cf30cc1a2e5

SHA512
c8cd49f73536fabcf8a2ce1ee13b6cb2728c243d6a90c600255362cf4eb0a2696aae81fc6151bf2643309905106d35ecbcd29f182076feafa180b8cf4a0904f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14f71f8f1704eeb3fb7d4864478af81a

SHA1
7611d369e139e26285af7a0875969953bc9d139f

SHA256
bae504e15b11488dd2249da352fb10cb97173bd4bee4025677a9d21ec4af2b21

SHA512
f1beb02bb076a909c479f01ad7fc327ef9d212ea377dfaeaca3f91c126d4eadd0ca5188169a41f78e9cc527b444fd3b592b806674b7251a468234bb89bb63cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc159a0e2f4c12f1827973146610e158

SHA1
f89f83de53ab0708498c66c62d00a47daa71b6ef

SHA256
de3d19259f42f4fda47f568263e571e7bf198f7e51c72d73b3d10a18263ff90e

SHA512
d2fe444a9a763419e635c138cb9cbd0fe78a2f1c8a982d1111a4939f6ecbfdc58c4260823910bdfe0309bdd47bcca4ab176948e7d2ea9a5da601eb9dfbe42e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
46f1115a7e117a0e206052fbe8a290fd

SHA1
6b6550f8e1b6fbaf2c5fc8bd203b9f5210511b2c

SHA256
0162009c41efb1bde6fa96728e2147414c49b8b456c35d2c0c0314df6f254f94

SHA512
741ab1f4a7d009b880c5ae9d70594f7716d3b87a45efc8ea2c5c55ee8083d0a8bd487b34ee5e4834976f82e572d2aa9b47165fc386a3130b8795a238ee753523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f0f112455630bae970d8bb85380bbfe6

SHA1
80270f8e01ea8ea0abc751fc0513d410afc7089f

SHA256
4c2be207cacada327c654ca853942cfcd84768808abd1198b27e9dadbac8fdca

SHA512
606745aef42f633431b5f5968a82b5673aea59d9f735ed39cd7077d23e5cc691238476e460bc6711a4c752093faab6ce5e7c64c131fb66b639b8e7227fa8d279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61ef448fa2416cb3fbc38b8b39e61124

SHA1
045bde7645fc0c7a98fffd8e96f703a565aa2dc5

SHA256
da6f1aa56fcbab83614b01b2d7f0322c04b21d887bd7369bb9b211c90a474b6a

SHA512
c18cd63fee6aa739ecd9ec093afa05357816957b54f3b1de0d658ae7c532d6967189450589387ea898579a3899a1853c7b6e601e067aebe1f5b876b778bb27af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6c31d1171d10fb1443b56e2c8c7e331

SHA1
6430355c30722ed73deb6efc7abd1256db060f8e

SHA256
02483f41757cfc48f1288912f25e7027bf5c2dd34a9412a93a6dbf3fb8ffeb5b

SHA512
888fb90df31fb5eb2d7775abb7564f133bc7dde890cbee8b4b27145f325a1b3edccb83260ef2c695d134f74fd08466b327077f8795305326564249cfd20d482a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2304ee9704525c9833969dd3bf014bc6

SHA1
15c605d63c9d1b8486dc2c849007ec9d38710170

SHA256
a7b09829856d409f1686ed4a1923b5d0e679c1c0faf2fd916ed5299303a2f283

SHA512
8382c95055dbbec2a7a1d923c65825c1e2adb0872b19539ea325d6b2acba135fc8d61fb05bd2c50083545f67f0c147ec9f866b594d5759f069e2d30d50c51765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
09a29a0783bc9a8f29cdea332b8e37d1

SHA1
d034754acc622f8376a38c5cf86a9cdaf0b6e59b

SHA256
5f2efaf0dfd90ef31f97fa5901fb42a405a29df424570222e4d3124a78495e9d

SHA512
6e6ab7de2dbfcd393abed237bf975e9f2a8ce17b89eb64f0363f5942bc2e2d6fa9beb135c25383b5df657492fb19096dec1ad33fc8f36a4ef560140715c6416a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a90c4622b41edbd2d93dc737ab28fd6f

SHA1
fea6c41c60c7ea9ec678371663eb64c6f6d86315

SHA256
f1831a953a8cd98fe867965f90156ac3fdc9ae74608bbafc25572f2e39244e85

SHA512
452afb833382c9e82e1842be7a0dba5af7211459f954fa1e9590b440efa136a7085fe15b3d62882d8a93f75a3371e670d3cbb81b0fbdc1c8cba93a32cfa570af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
b50e3cf831aff0bf656436157ce251f6

SHA1
7ea9db0a58994a2d54cd3d179dfbbbec6db95e81

SHA256
7336f9b79e0038dcb664c83681dbab45cf9f9e82e49e56ac89ed9b1c349e6229

SHA512
11fdc6497dfc5b922ca683b11abce3d44e5213829c500b8cbb5294b5e1bce648a9c14a06a8730a39555d165d0e87e3432e6e47c935fb73ab1da2b4c9bc6e935a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe595ab9.TMP

Filesize
140B

MD5
02bb78c550b877317f47093a8c1e9b56

SHA1
344abe5314da54b97d6d44b6f6e85d18f58b9342

SHA256
708fde97774333f6f73eaa7adfb23f8e3284c849ef17621592307855acae44e7

SHA512
b43fb904cdbc8a7eae54f08041832f0413bdc18271e9c39b04ea5cdfaf6221ac9a97e4029a4cf4b912b34b01a2be5b506c808b3bb501ca535f649c79be5683e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
f40d13ecbecfb1b0ac76ac2e19d3e0f9

SHA1
a41f58a4e80c7ddf6654c00b17646af805c0e7b4

SHA256
e20c0aa34964411eab71fde949a53e99db7458ae0d0ee68ab01cbdc2b1dff90d

SHA512
0ae4a638c4a51df7818e3d6f02ae060d16b49b1b21356be9d5c49503f3fb8fd69585087bc11eeef51e2563a14cf5feb547bb91044f705417214ad9c03a7faa71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
83afbf29afd82a114b7077fe64e25696

SHA1
dc69b4b30c2b8e5292d9fff47130e47b89d1b040

SHA256
14e587b5ff329a915a781fe63a031e71228a989c1e9b23d6230294701a07e550

SHA512
944dba803c8521eb258078e491b5b3f2814d4b9fc12961851e189accdfcb84411ba2d012bc5023408ea5f48c58c728eaf263d48c1f6581bfec772a1aa30ec78c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
9af50639a02b1b7d412b590bba8d29b3

SHA1
51ca53f959fcc4c7f6266b085f8be037fd3058b5

SHA256
f3834349700e6915f62d78ecf88aa06ef6d04cb8a3d95cb45bfe4b643a478073

SHA512
8375fa5c5b12088471e619690f1707d68a97c154a530b74be9c3dee9accf0b431a6b7c4b96d2f02d984fdcc2ab87ad73c88cb2092a0d459de0176047b8149084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\df.exe.log

Filesize
226B

MD5
28d7fcc2b910da5e67ebb99451a5f598

SHA1
a5bf77a53eda1208f4f37d09d82da0b9915a6747

SHA256
2391511d0a66ed9f84ae54254f51c09e43be01ad685db80da3201ec880abd49c

SHA512
2d8eb65cbf04ca506f4ef3b9ae13ccf05ebefab702269ba70ffd1ce9e6c615db0a3ee3ac0e81a06f546fc3250b7b76155dd51241c41b507a441b658c8e761df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1068_943109870\03d4d1ac-8101-41eb-8562-465838f928b4.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1068_943109870\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\df.exe

Filesize
47KB

MD5
ead40c54358549d98d46410ac153ab2d

SHA1
30211c2325574f2fd8ec8ff465db956722c8e32e

SHA256
1780e7a2ff810fcaeb2aa616efec011dc2af042d918f6ab4c2e26aea4bb91b17

SHA512
54d546924662055ec1118d7e12be5cff6f8b856d1fa32864d88d77910b28788a8557144c7a6d83e5acb83490d845a68e8edc2d078a6a535480b756e8d7ed4a18

Download Submit
memory/2864-37-0x00007FFCBD543000-0x00007FFCBD545000-memory.dmp

Filesize
8KB

Download
memory/2864-2-0x00007FFCBD540000-0x00007FFCBE001000-memory.dmp

Filesize
10.8MB

Download
memory/2864-1-0x0000000000AF0000-0x0000000000B02000-memory.dmp

Filesize
72KB

Download
memory/2864-425-0x00007FFCBD540000-0x00007FFCBE001000-memory.dmp

Filesize
10.8MB

Download
memory/2864-0-0x00007FFCBD543000-0x00007FFCBD545000-memory.dmp

Filesize
8KB

Download
memory/2864-20-0x0000000001310000-0x0000000001322000-memory.dmp

Filesize
72KB

Download
memory/5860-1250-0x00007FFCBD540000-0x00007FFCBE001000-memory.dmp

Filesize
10.8MB

Download
memory/5860-1252-0x00007FFCBD540000-0x00007FFCBE001000-memory.dmp

Filesize
10.8MB

Download