Analysis Overview
SHA256
d5b3402bdb244a4d5358830834e066ea4cd64f5e88bca8c5d35c99ac3128d833
Threat Level: Known bad
The file rgbslowerlogin.bat was found to be: Known bad.
Malicious Activity Summary
ToxicEye
Executes dropped EXE
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Delays execution with timeout.exe
Enumerates processes with tasklist
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-12-16 05:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-16 05:03
Reported
2023-12-16 05:05
Platform
win11-20231215-en
Max time kernel
101s
Max time network
101s
Command Line
Signatures
ToxicEye
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe | N/A |
| N/A | N/A | C:\Users\Static\Update.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Static\Update.exe | N/A |
| N/A | N/A | C:\Users\Static\Update.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Static\Update.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\rgbslowerlogin.bat"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffc25ab9758,0x7ffc25ab9768,0x7ffc25ab9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4016 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4672 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3680 --field-trial-handle=1808,i,12454915400238717138,3052311380251543122,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc25ab9758,0x7ffc25ab9768,0x7ffc25ab9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4488 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4572 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5012 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3728 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1636 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 --field-trial-handle=1828,i,1264317425864840993,1950183989614294742,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe
"C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe"
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe
"C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe"
C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe
"C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"
C:\Windows\system32\tasklist.exe
Tasklist /fi "PID eq 1516"
C:\Windows\system32\find.exe
find ":"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpCF80.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpCF80.tmp.bat
C:\Windows\system32\timeout.exe
Timeout /T 1 /Nobreak
C:\Users\Static\Update.exe
"Update.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.46:443 | ogs.google.com | tcp |
| FR | 216.58.204.78:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.204.78:443 | clients2.google.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| FR | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| FR | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
Files
\??\pipe\crashpad_1324_RTQDENVUFEOEJEVT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ecf44c677e917f381e1e067a7354ee93 |
| SHA1 | fdea6f0e4edc5f6d3df1a7f34145722ed1273e28 |
| SHA256 | e9e6a1e83ab16fee2f5d1b77887b99493088fb52e3c6ec682b0ac2ef6af69c85 |
| SHA512 | 48be8f310664b0f4b0f26dfd1d8c87d63e95c97fb50e82f82409e70776e487c8694f8bae7674452ef0558a3dadce63ec468eb73fe94895bf835890cb20f2b9a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aa10e72ffe9f5e3bce2d9ece0f2abeab |
| SHA1 | 258178497768a62d378d633ab7cb33e678b00f9f |
| SHA256 | f448d08da6ca2180afa616313896a138fb6a81d22a5ce84c2cd7ca47c3c1cecc |
| SHA512 | d9fa2a2ef8acfea58be34caa667ebb79ab6b1731ce1cc6c55ee6920e06eb116a59875988d905df8adad66a527ed93bda0cd11d9d638239f22c75a72cb8a07d89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3b6e3ddb6814facbed7408c83603aa57 |
| SHA1 | 80e40cd2f29f1f7036bd15c2ecc7c602a8f499b8 |
| SHA256 | f160bcaddf0d4b60182b51103b5cf98fca1d25f9a2442ef8abe55a005faa5d51 |
| SHA512 | b9343dab77d482c6d3bdd46c8047fabac5d50de23246d3e8bc0949a16dbd1bb9ce624fca6af9c1bbe69550d94c5152dec10022970bda6145094393615cf38319 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c3569b41efe7b9004620fd7401402d1f |
| SHA1 | 874ecce163eaef90ba4b55e76269fdc50e4d594d |
| SHA256 | 5c27eb81ed007c32cca1c3b6dcfcd71e8f75965065800700b992dce8abe71959 |
| SHA512 | cdf56935f496249e5ff6dfc1f2373592a03bf837aab6ab7614ea23f8bfcd81abfbf696dabfabf6e53716cbfdf630bf308504ae9a572790a2c81be8c6008ddadc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a6e8ddaf25aea83cdaf70aa1f81889e9 |
| SHA1 | 135d02767163d5abbbe3c43d248cc282f917db5e |
| SHA256 | 194bd580031d069353a996878c16b849be4f65a7b8ae1f64d4910c1cea0bb859 |
| SHA512 | cab49f905cb90e14739f22539712b17629f7d6b523dd268bf50c955769421845ddbc186f8b0bee54967bf0bf5b9427b95bbe5e32e33726768b9fa63414b17bda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 2d28591dfdaaca14baa34b1f66ed6601 |
| SHA1 | 0d9438f017a8c8550cd5f3e427694e9a0937841e |
| SHA256 | 056a9f0e26e74d4dd1e3a14beefcd5e6402766aa2457fcaf0f853c2b11dfc33b |
| SHA512 | 61cbcac2cce81dfa3d3dc2c3420a1214b1d12d5574a08c864a1833792bee80fab8f1857e333732838f460ddb8f47e852bfe594a3524fd6a445f8b5d08b43f697 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 1b5255874d00f08dd55a296fcea9282d |
| SHA1 | ee745398c32860e3c9c68037dda1874a6950618b |
| SHA256 | 75bf9d414654ec513ebb2cc28b92b363775587e228b8a9532fe916cd45293eda |
| SHA512 | f83f0f7756cb6d13d9d74993b1fde1c8acdd4441b6a88fbf9fbc011972fbfe490cee230e3ac0e70014833e622d31020a294d54eca7e6240451ee418c4d489b9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | ac67bce12d4caa66d0a1d87f508f5fd9 |
| SHA1 | 92f6a0b57e5cf045dd07b57e4aa2f599fd34f4d9 |
| SHA256 | 41c0362f64a964418d3ff5a1c397d9bbae220315dafb9a514fb119efd66981a0 |
| SHA512 | 3bfc25a677aa8165a52a3e40f37f09c537e0fc1e4fec84e37c23e560c9d6c26e824a4351b58223593234b364ca5b3e02db8acbd55c768f932a83a5d3d0860715 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | a04b635e54e319c03e88998f5d4fb00d |
| SHA1 | 4bb975d038dc6b4f2edcc623d627dc14c3d8b097 |
| SHA256 | bc8acb305bf21c3cd38eeae9e1bc664ded0d7776ea1120fe9c211e756b8f821e |
| SHA512 | b42d4488a793363e4eb3c4b4d3eb5afa90d65959cc443ee309221e44d8d4a0981efedd609aaa70a861f17f2c4dc47800ec706484ec47cbc504f0a90f3951c81b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | 8a30a1fdd0459d9ea8b1e78a8e636856 |
| SHA1 | 9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20 |
| SHA256 | 88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33 |
| SHA512 | b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | a21e6a6f0ee60c512df1ff90776d23e2 |
| SHA1 | 7fdcd43347d95f94c3802d6bedb3e75384c5ec1c |
| SHA256 | acc08033d76f5d30af159cc08ca21d82b604a45a4aa4b3e7c92207dbf30dc50e |
| SHA512 | 599549a9ee603eb47332e52f49c50bfb8a9a334f2bcda63ef3f421329e0c96ee3994f1bc9ebb400650cdc2e56bf600bbad1ee7e41f18d118d658d0ec2dad3d88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | 6d30d61239514da39c47fbc4218b7042 |
| SHA1 | a25067aab9dabdcdfd02db196f9053905290b97b |
| SHA256 | 0304c78398b0113383d5d357aa0a2e35ad6d7ca75126fda66ce0c8bf4d523544 |
| SHA512 | 33f55daddef8c7957abf6723578269a4600c384faf3ea4e820af5d8d0776f910c3b67faba2402bb9b4b9e4b281d15e047cc43168b5890d5be4aedfb29d4ee453 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 680179528cb48ae9efd68e5c7b803ead |
| SHA1 | 4fcc71aff5cb2dd4538a9d3df3f9f901ed25307e |
| SHA256 | a744707907b6a5930df632e4efc823ccf50c6c7438b78cb473fe85f524da3c71 |
| SHA512 | 6f655d69f97de06691f7dd01c6e95c410465183b5aa6fb7f8de77350da71394a42206f95683fb77cb0a805727076d5f8083d54c26f6f6db14223ffe6f19c0229 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 3f0764bcdb01770334617fd947429d16 |
| SHA1 | 0eecdd1a172c6a6125634a95959500b5a99e3781 |
| SHA256 | 6f0c7f5a601b00538a2d3b8f15e47eaff86bf3129542d24296285dad1b4b4bf2 |
| SHA512 | fa131b81159bcac519d9167dfbd5b0811b05a2013fbf8f15f57df37f40c09a747a9f164052ce7b6d121554e2305dec3dc353f0fd9ef056545b37b7978b56275f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
| MD5 | 90f1156321430659da3ffc2be6835fe9 |
| SHA1 | 5e279a55c537fc0da5dbca588a6f955eeae6ae54 |
| SHA256 | 80af71c32df0e610927131b1692d9552a55b2f5b042e64cf8f2bb20e88664a3a |
| SHA512 | 57ac7bae00bf7071b1abeba569839abd15b060db33b91e4561bcdc7f264d493206bbb11fe050e2cefe2bafdc5aaf1d3fc4a57654c7d97624d31500267c02be41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | f62cf76f963216fe3c75d04eae9331da |
| SHA1 | 3ee774183c576ba831a2b1d6a8b0a1cd3649c2ae |
| SHA256 | 0247a967ae2c3c0746c930057410f165c930a9f12b5e028a6b022c3f347cfb8d |
| SHA512 | 6b76cccd5b517666b6a721a90d0cc703bb690e98dc98f993f92f587a1cfe8374fa1b219a098ee7541cb326b1c1aedf080500a93a849857bd8f29931ee452c8f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | a03779565f6842e45d396bcfcc799d08 |
| SHA1 | 63236dfcbd95e66300f6375b74503c6b656bbf72 |
| SHA256 | 8f8d5797862cff951dc4c6b9098adeab2693a8578fd4510ee24c25f433d375a5 |
| SHA512 | cee99af0547b46668efefc6ce5951c62e0541e93cbf1a88bfd7702d4616c7873947912cd5e930a9eb96b5456b13de46a08e8d841bd6020a46bb9736254cd1a83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 3f82891005ddaaf3147c67e36d5715ea |
| SHA1 | f2a89d6f21e08c6179590ffde4cba215191fc819 |
| SHA256 | 0bc088a43e973fa059b5720c83bbd1531cdfd239c1202c46cf7c353f130032a4 |
| SHA512 | c0fd0a185b46deafa409ffb49f89d0a90132e591c0372e4a4c947842443850aa48af2b724d8473e55e2bb1caa4a03bba682963fb1997db4f80268b62c6383ff9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 83169109276c4ec953f0e254058b0925 |
| SHA1 | 16b918e29e47ca2f8b418817f0ddb604a243eca8 |
| SHA256 | b3174d4e33bf9931c5f2c48d4a389bdd5b6479a02bd58dd82bf96d20707d0052 |
| SHA512 | 2641b1c6fac6fa2025540e24d12c5d7db7a42553274a59d7fb3852c3f75cae942e435b40b352647b7ecf4e77028319ff2b0af3a1c83606652f57305e463381ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | e435094e77847ed6f4616dbe035fb5d5 |
| SHA1 | 916466d516ca8a9214385675e8364b218cbc935a |
| SHA256 | afacadbdb9478ce625dd4fedcd29957e6d1d4d5d92b09844f322d70dc436cfba |
| SHA512 | 83332ed169bbdf4f2a2addf1058f51716a434aceb11b5bcca4e19351114bc6a9b601bdbd7bc009fdf21f2eb645cde3903643bebec2842791d1b4e32776c6e74f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 0908ee0957be398ebbbc8a03d8ee5a95 |
| SHA1 | 3428af31c16be67d7945afcc3fb5a4fc73aa0136 |
| SHA256 | 989c446ce789872265e62b3bd837ed14dacbc05c7f7d581af6e270ebbb2edad1 |
| SHA512 | 5f31f1689aba159ce8691f0742968f8e8cca54f8289549b9e0970fb375fb781b33db31af1313af4e9440096ea6f3ffb7e226ed692c1b05d8e1c4af77539ee21b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | ba5d4754b9b58c3ab6a7043959aa2719 |
| SHA1 | 5b94e2689f56aa03588800548f7ba14409a7bf73 |
| SHA256 | 12003e30d593fc8c35050059cfcf6921977946b7495744f6c430b50f1fdf2f3d |
| SHA512 | 8f2ba32ad949a01529da51dbbb52176bdab8a7a91459e8f8276c936ccbdf82c490671a460a995820f54751065ac5dac9f24436c54c067cb206c08536a4b4c62e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | fb6b6be754bb614a556bf410f62cd37b |
| SHA1 | 0358665458998e873f66c492f9aebb2ceb8d69df |
| SHA256 | d41ea7997cef55636c98f8e5b5c3c5f2ebe5427d1f64e0a546fed3912d9ba341 |
| SHA512 | 2686487a1ad628dacde8855b4d130bbeaee889374105129b461fcddd10ef5f5d263b6b48bc37d946d41d1c2b5327e7845dfdeb89c8b8c36425886bf15e7171fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | a07067a6f0f12554595df86caae28a52 |
| SHA1 | e125c075ff46f0f688c91e3bb79b7c14e0367d6d |
| SHA256 | 159894c6eca0e69293db009f2c0349a055c38e642791711232f5b4abdc7c1ce4 |
| SHA512 | ecb6bc6c4d6a38648727797e93fe933139c93cd2cf5cec70dd0bdd117365be82f02a03ee9c60ef74442407a1a088453e78b264c1df1abd8b43f55bd8acf8c603 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\metadata
| MD5 | 0bb88b46bd0b69da906f81bf22f807e2 |
| SHA1 | 823f3144cdbad1fb5308d3a3f6015bebb7649e21 |
| SHA256 | a6af878729c81051ec6ebaf8a971ff08ddca688f954f831df7974e29b96ca6c1 |
| SHA512 | eac4ed58a46833c397983eebfb9e2ce0ad888335d540b2497fe3b7edc201df56f96b2654ee9bf3f48bc045cd8b4592fa059ad8961bcfcffc515e4c7a8b9fe6c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13347176638220263
| MD5 | c4f33abd6d9344235f8a7486595041f1 |
| SHA1 | 13db048d99467eb7f0488921865ae5c17aa0c383 |
| SHA256 | e6974f704612c6880915941f9426ab48da187cf97960b27b620ee4b105317a97 |
| SHA512 | af50ec38556488ba44730617cdb0db1bcaa19350563957476ffff4b28dc8d96256953a054a202aa27ad19fe25b6db3573a0f8e4dbf047f06201c1f797c6ed182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | db720b90a30ed146e74f080ffeac6e53 |
| SHA1 | 73fb69e391ad8cff0849ba14bd67790915a92ce7 |
| SHA256 | 0a9548a6a77b407392da69492275d84951dd451e29c71f509e0003d2f5598be6 |
| SHA512 | 5d4a3767d728c9f7e5fd67900cf084e26dd6194de58ae61a17d6c97c12d01dba6d4c2bc421e1aee0857b0f2e8963d4a2d54bf1d10ae9ee42a1c442a93366c194 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5279cbca05c3a91c5501abf1c0dd6709 |
| SHA1 | e8b74cbd6774c52245d55b45ab8087a4aebe2ddc |
| SHA256 | 7140199ef86dd1929c441bd9b7ead8b607114ba99326d83c7ff4bce0ec9f1f95 |
| SHA512 | 08f48b03ff14b11021fa8ad42f4db78af2d3a22f434708dca0149482f616ecea3f73dc2ae6dd2fc2b2e6bd9acb9b918d7893f9afd2b18fb4dbca693bbc8deaac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a1b077c3505f0a83f617a579120f6f02 |
| SHA1 | 6854b8232a478de62b489020369566d61ff441b7 |
| SHA256 | 9670e69b1eda0e94b63db6cd20380d67263abdd2aac52f30bc9616b715b267e5 |
| SHA512 | b66f5e2f16950f6258297ac5f5746f04f7406bd0349717315b90bec1b3310b7a675a779931ce15d806b67bb2b04803887ee763191eb5a1bfd4f953652fa8595c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bc450e9e513c496171840db172baf317 |
| SHA1 | 1fed4cc4f5b9497c11bfceceecdd191674dc3469 |
| SHA256 | 844e813a23c19f93a6070898d750f44e3808647a8477ada802b3684babe600bc |
| SHA512 | 6b40f02a7ad23045caa4cc83e110baa0811a3b24b09c519edfbaf431b7bfedb2cbf65eaa4cd35b6a44ff7a6ee7f6766b9f563988fde5373ca4ec9a03272c193c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae9f85ba07c974451581ce8b0bc170d9 |
| SHA1 | 2abaee1f0de6c59a51369c68fbf30c34a8ab245d |
| SHA256 | d871462ab005f78552dd828edeb6306d1d3fd101055f5bce6443e95a8b9dd4ac |
| SHA512 | 5d08668934d8351044d62a916d4ff819b1f0f4362ba727d2738a94d9174331d78564f2188c7263213f2b26892b8fa506bbe57cc2f33eb2019a4ff4248c144568 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 11f087e6546c00ee9f7bccf5b9501f2c |
| SHA1 | d6cf3e5eb87ad1b84bb2bc2e0eee7b828db0979f |
| SHA256 | fc1bc7e48e6e29314ba17472c41c23d9319f2b78b9e5f02bb352c297366d2e57 |
| SHA512 | 22e9e494efe1813e4bcdaaf9f6504824d871ed13c4efd632f3bfbe81eee7d8bedfc6fc7880acf88c1cb25f5ee78d3c9d5b52f9f23a61caac541c973efdd7720a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 82381e3c32a202b20a6db9675b822516 |
| SHA1 | b4940d4b9eef84bb307572cf3a0a647e17bb3bd8 |
| SHA256 | aaa8b2f6c16894f712126242b2a9923a75471f86c46da862ceee28eaf11dbe60 |
| SHA512 | 9c7f084f22b3ea92d18a1e0b507ca0f93041ce622680216a93d728a8a86ba16232aff7398a7b658e2d85c9773d6b58ba8c46fedab1ced4bfcd31873e08e12c6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d6ff79061c3cbd05f70be55514e46cab |
| SHA1 | 38e6f2c8bd8079d473665db2477f5e80b11e4e98 |
| SHA256 | 67f39ae4f5c851f32e2217211835041b2e09ac2dfb9a9727b5f7ace546e7a2ea |
| SHA512 | b3e0c8909138cb685280869ce94d11191c426503bcdb3c34f551a0843dc573c0d1a574bf765c2cd0adc129d279cd7ae34a2a5144d578965ceff26870ef58dae2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2954d63550d40601ae8acc5494ae251f |
| SHA1 | 0433c4986f8a27073549a297b91ce5bffaed21c1 |
| SHA256 | 691a9229568a2aea711205e3143253f07d7499e50f8100402ed51eaf311e7cc8 |
| SHA512 | edf2cdd1fac90dc9044b2a7fc6c8ddded17b4ec6303cd22c31410919c3e8b912e7f8913139c6924dfc0f4b9a49289bec758112b7ee2a5b65c44fb71c071d2621 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0706d2d221afbcfd6dcd9dca18a724bd |
| SHA1 | c5a3c1dd67246da29fa393eeb860be9f2fd0a366 |
| SHA256 | db2e65a26f1c5440df97e3e4956a9a178e95d7d4146b9b1727beb1be0fb143c5 |
| SHA512 | 1f0ae2fdfddc35cc21843907f30637c8f93100ae47d85811c84f4acd42912c4caca8393ef298eb55de5b4e74a4a6f6d63907fbcb7478e77a6f2fe4ab192b29ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 843917db829af1e6e0b08f76c05e6956 |
| SHA1 | 1f4832640697d99e8a00abf7c77bad6703c6f984 |
| SHA256 | 0ad0f4bb38e4824a89215f9f7b4179ed3be62f82c9ff0bcf176f01afdf6d4dd1 |
| SHA512 | 04954c3163eb7fd4702048f0c9d3a15d6cffde7e9fac15c12ddc79552bf625dfc04900514ad0610a745a855b636795056edf5f8a0f37de8a51413ccdae91d195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce4de98c1e8acb75a8c1ac95ad925434 |
| SHA1 | 343525295b0431faec8b7c308ecabc9879ebfdc8 |
| SHA256 | bbf88c61d5aed82127151682a57c9beab9abeaf129f47e2fbcf58d9b197afdec |
| SHA512 | 44679eb22849bbf4d7751e50d786288d589e38aeec204f8f3bedd279f701dfa656c987edbf8b2d1964607e45143742d53d0a0386c1a0937944842039665cabd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588ad6.TMP
| MD5 | 356835f298c811a633cb38c2391f6c92 |
| SHA1 | 8e9e1fad90f0c17044bd9e0849328140f8dc2cc0 |
| SHA256 | d2ebe29c080cc7bfdd2dd968112d33397410cf442f768317d1fb98166b49a564 |
| SHA512 | 650a310ac4e4147de17d3bf8ebad23dca9a171d481cc8589afed19dd7eb5deaa4fde1e79e77a11fcb94e61868ba40d8a17703a6a539b5649dc356de1b80ae9ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | aa7411860e74c48195c02dc70f09a0be |
| SHA1 | bfafddbe97d9c4a036353d455473bc9de41d74f2 |
| SHA256 | 496ada22f363122b0be657345772b753bfa5298df3c43020342a9a550a68e594 |
| SHA512 | b6f8c61c7b6e22e2676e547e072e368b6b672bb2859dc6215b77e1ffd10158dda2ac0e21974c55939d7eb0d14ded9ee9f48a036428c5a3748f8679620ce78559 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 69dd034234f6a29f0b7f8bd8bdabb4f2 |
| SHA1 | 68ef91aa237d97aac0c2cc1caee164ea6d25936b |
| SHA256 | ff336a9a65991508946581c2b6743efb66619c93ca0a4dac82538f304505738a |
| SHA512 | 5b544b2d15a3249b0aa6021c423cdeda6892437fae2d1bb99209a6f84cc38c7c394d0a05d9b1415e30d1e91836d1b7288efeb09eb611dfe84d82a2d4d518c7d1 |
memory/380-562-0x000001BF306E0000-0x000001BF307CE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe
| MD5 | f6f686df785d0abdc66d1f90fa508c4b |
| SHA1 | 75f348132001df30cbad9c7cae2e2072fcaca38e |
| SHA256 | 61b52af14fc66126a4e7f09b3cff7d3c09e5ad35acf23fb9ba43293fac0c995f |
| SHA512 | 7daa425723caade3ec747fbe6e425e26bc419e1a7dccd6253770fe1a118a8b90e0f40f6cf4bdac259e68a0198a384ed1b5de7515958f5e17e4e35219b9077d77 |
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe
| MD5 | ad2eae7e4e6a94e4133b258b8daef74f |
| SHA1 | a7d7ebc70c5571fe9ff653e95449a5e7d6103fc0 |
| SHA256 | 1414d239c1bc7d0d555763ec716f13d0d64f2ccc3cb07221f2e1a5fca1e0c2b5 |
| SHA512 | 6b2e0a8bfd1020192098926b9dd6f48e6a016fd8fd80e32ad4a80e883faafdc0f3015cf8fb2488fa570789078a8a36c78c9bf36fb938993e652fa5c7e97dd922 |
memory/380-575-0x00007FFC11130000-0x00007FFC11BF2000-memory.dmp
memory/380-584-0x000001BF32670000-0x000001BF32690000-memory.dmp
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe
| MD5 | 204f9eb186296868d8abffecbf988595 |
| SHA1 | 4c7ee5d6af87328a83c0c25319b4df3414f86e62 |
| SHA256 | 414fb6f113a0985262d50831e091616af813a13c307a8f98c83e529e9d761953 |
| SHA512 | c5cbcd0b8bc086f275f7d889315c7197a0ced8cde2b7ffdcc868af14bfc49ae90bb68b0e49407a50c989bb8f16a9f784825ff0f4b0fab175e2d493f54dfeb78c |
memory/1516-586-0x0000020267A40000-0x0000020267A66000-memory.dmp
memory/1516-587-0x00007FFC11130000-0x00007FFC11BF2000-memory.dmp
memory/4900-589-0x0000000000660000-0x0000000000CF2000-memory.dmp
memory/380-590-0x000001BF30BF0000-0x000001BF30C00000-memory.dmp
memory/4900-588-0x0000000074CB0000-0x0000000075461000-memory.dmp
memory/4900-592-0x0000000005660000-0x00000000056FC000-memory.dmp
memory/1516-591-0x0000020269960000-0x0000020269970000-memory.dmp
memory/4900-593-0x0000000005D60000-0x0000000006306000-memory.dmp
memory/4900-594-0x00000000057B0000-0x0000000005842000-memory.dmp
memory/4900-595-0x0000000005700000-0x000000000570A000-memory.dmp
memory/4900-596-0x0000000005940000-0x0000000005996000-memory.dmp
memory/380-597-0x000001BF4AF10000-0x000001BF4AF1A000-memory.dmp
memory/4900-599-0x0000000005630000-0x0000000005640000-memory.dmp
memory/4900-598-0x0000000008AC0000-0x0000000008B26000-memory.dmp
memory/380-600-0x00007FFC11130000-0x00007FFC11BF2000-memory.dmp
memory/1516-604-0x00007FFC11130000-0x00007FFC11BF2000-memory.dmp
memory/1936-607-0x000002E1EFCB0000-0x000002E1EFCC0000-memory.dmp
memory/1936-606-0x00007FFC11130000-0x00007FFC11BF2000-memory.dmp