Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-03-2024 17:35

General

  • Target

    Xworm-V5.6/NAudio.dll

  • Size

    502KB

  • MD5

    3b87d1363a45ce9368e9baec32c69466

  • SHA1

    70a9f4df01d17060ec17df9528fca7026cc42935

  • SHA256

    81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451

  • SHA512

    1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

  • SSDEEP

    6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS

Score
6/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\NAudio.dll,#1
    1⤵
      PID:2212
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3304
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:396
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa6eac9758,0x7ffa6eac9768,0x7ffa6eac9778
          2⤵
            PID:1500
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:2
            2⤵
              PID:4368
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
              2⤵
                PID:1888
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                2⤵
                  PID:1944
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
                  2⤵
                    PID:4480
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
                    2⤵
                      PID:1512
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3608 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
                      2⤵
                        PID:2760
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                        2⤵
                          PID:2148
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                          2⤵
                            PID:1136
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                            2⤵
                              PID:3436
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
                              2⤵
                                PID:4880
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6c78f7688,0x7ff6c78f7698,0x7ff6c78f76a8
                                  3⤵
                                    PID:1288
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4876 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
                                  2⤵
                                    PID:4380
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1648 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
                                    2⤵
                                      PID:2460
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5584 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
                                      2⤵
                                        PID:1836
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                                        2⤵
                                          PID:3292
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6060 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
                                          2⤵
                                            PID:4612
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                                            2⤵
                                              PID:4308
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3868 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
                                              2⤵
                                                PID:1196
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1064 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:1
                                                2⤵
                                                  PID:2768
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                                                  2⤵
                                                    PID:4656
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3184 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                                                    2⤵
                                                      PID:1784
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3224 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                                                      2⤵
                                                        PID:4052
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3944 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                                                        2⤵
                                                          PID:828
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                                                          2⤵
                                                            PID:344
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:2
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:2092
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:8
                                                            2⤵
                                                              PID:2392
                                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                            1⤵
                                                              PID:4788

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                                              Filesize

                                                              196KB

                                                              MD5

                                                              813c1b41e435242e7365a4bcd7adcf23

                                                              SHA1

                                                              2d25e1564eaf93455640413b95646b3f88f9075b

                                                              SHA256

                                                              70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

                                                              SHA512

                                                              268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              168B

                                                              MD5

                                                              c5098ee01fe5205545e2f33937815393

                                                              SHA1

                                                              8782140e907216cc7416c3578fa9cd40a62c6733

                                                              SHA256

                                                              dccb65bf76019e747b2255010cb21340955de3d02a176965f01076a3f42903c1

                                                              SHA512

                                                              f692cce1cb17c6688d4f0777c0f46e90d47dd8a9bb28d43928e4b656744bdd7f1c587366a7271b40744749f00b991c5280095c9ade9f7f45ee75cf2367cbb04d

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              912B

                                                              MD5

                                                              c89e982f9d05a8956404a6d791f8aff6

                                                              SHA1

                                                              9670cfedbcf476f60c971350da20f85c8329374a

                                                              SHA256

                                                              8c7f61f5f4e59d6e54e5ac57a132a17f6fa9697abb431cdeec134cf13b40a9d2

                                                              SHA512

                                                              cd0da65e33f4b28475d1231ab3c9e7906193ab658bbe7b7f6e73b6d9efcd19810b3d0a829d61d22e3fcc8e06aa783b6141cce39b5f23e60f24d9da0c4a1ae4f7

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              ae5c2d8cba44763dbf86b72d081d5bdc

                                                              SHA1

                                                              825666b2b7cba0594db99126bbd3c4bbdeab2d82

                                                              SHA256

                                                              91381f9721353e2356d625d2bbd7e9a4795155737605d3e20f3156f7a1cff709

                                                              SHA512

                                                              76d3d14a1d7f3dd9c109b4098f7d2c6f9046def9fe8bd3005e7093ca62a8db7691e259630839208e191fe40f9a6b034b200eddad25753bb5e219d8f40db5a85b

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                              Filesize

                                                              371B

                                                              MD5

                                                              9dce0610d6f3becd0c620836f7f54121

                                                              SHA1

                                                              92b979738daab6f0484d658aa413a58aea78f7c7

                                                              SHA256

                                                              6b9db084a9a055734ad0e479c80118781f2aaef077d7bd5c9bfc6ee214f660bb

                                                              SHA512

                                                              bfbaeae4cc3949a189d86c74ac2334f0c14bdaea6dcea2b3911056692a6844ab3ed3a5c52be684b993d2bde02bb0d227562f712efdfad8ff207a0d1bd43a09c8

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              8ea08ecfe7de960273d2d44c289933c9

                                                              SHA1

                                                              351f0b39f947a750b89365f28000e21269474928

                                                              SHA256

                                                              60d29302e6b073ac4925047e1b457445c06a6c43f1b8a78832db60c2b46a9850

                                                              SHA512

                                                              9af89e1e23307f20f5563f9efdba40c44e510307e59ef4da8a14210c0254beb1b30f94e66ffa42e2e41537e29da9e3a40c0a88f9f432fd795050a883b4289621

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              653a026e324563b25ca36cd88d27d080

                                                              SHA1

                                                              f7c054f0ffafb95508f88ffb4ec6296935969bd0

                                                              SHA256

                                                              8cc4b8f3be907cd65fa2dd854cb25bbf0c7acaef99dc3ed786d92f2c96b28c16

                                                              SHA512

                                                              e1a2a0d709077993931b433d01eb42579c9ee3a06f4fb41f757d51297876e187cac9bbafaf0ff48afc42054c06175ea533747b4d74d49e790c4437c497c066a9

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              0fad7645280522958aecabf3d14630d3

                                                              SHA1

                                                              e76cad002caa23dee3556b60e60b80cfd676a04c

                                                              SHA256

                                                              c91abe5306f36c368546237735fa1f5d7a3cad3946f52b87d33414983e4e2f5b

                                                              SHA512

                                                              93183b0213a8b78c4e942bb81b35c6d27a2af6a06cc950acb44066d7f5fe2594cfffecbda813d301bac8d2bfa502925086a22e9831ed45a2fc50d9fe7930cbe4

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              37291c97053ee5a75c4f4b79c7d6ba8e

                                                              SHA1

                                                              405514b8e25eb74b8cc0eaf76384b49a9218c67f

                                                              SHA256

                                                              d10c100c29cb9007147abddfdd24c441c720151a56eeeff26288fc30a04f7fa7

                                                              SHA512

                                                              43723f1180d9429a745b401ff94232c0bd9fa68b72e764c4e1d89390879a8e843c48d60a6a841545d72cf80b6b1a44c3900d4314193af291f2d203e448448ba8

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                              Filesize

                                                              371B

                                                              MD5

                                                              62a76b002a9d919d9531ccac95846b58

                                                              SHA1

                                                              1f107aa48dcf5b5afec00f45eb71db76853d81bc

                                                              SHA256

                                                              f3801309895f6b040aa8865a1210882e6b07fffd2ff3afcd18e83cf7bcf31911

                                                              SHA512

                                                              f5aaf54cad87193bd46b0ef381e3437a61cd8e4294eb2e2493bf611a80ca627aaa090523f3fa3286564a6094ad9fe62a345aa6f44419aabb80dd0faf74e0db2c

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              7d6d6c9d21a2c84bc811785201a5f1ff

                                                              SHA1

                                                              f6b8a8ef35fa933b56dd7bb75e2b919f70f35411

                                                              SHA256

                                                              e2f19b976006181afbb0b2dadf7e724b57910688438e72d51249369edd87d425

                                                              SHA512

                                                              cb05d9f943caa1db0f93f77a944201e19b8912b024893a26e992a8c354fb4485fec80b7c7cb9cff49e9f0ae3b0e5acc8983fa76314170fe73d0a26e968f8deff

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              5KB

                                                              MD5

                                                              75b3e89a52aac56151cb6001c1903c5a

                                                              SHA1

                                                              ac31a36bcd0dda051c607e832e5edbe84a2f4baf

                                                              SHA256

                                                              606b57e533f05c5d34d1b851da07414dd901bedfd6cde3e84bddf105bd10b415

                                                              SHA512

                                                              4be1c799e575d9e706c80a34b45ef9cda8d7240bfce4e709e2dba3697e40875f58d70f48dbe0a33e858d667a5c75115709c4ca54e59e446b4c5a25bb677c573f

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              9df17345e1bddd7f38ba773fec7b3a0c

                                                              SHA1

                                                              95742587d6189f2734a57b810fb0c059fc4761dc

                                                              SHA256

                                                              5ad646695886e1b40d5d171a0a0658baa77c484b4d00b37755e42d8539aa474d

                                                              SHA512

                                                              eedd5632a1c23cb1c8a00340eba42fae580d8f8b55dc0049117b709467edf036aa7cd378da2e5a51c500bca12913ad20640de938d917eb10cfbcf2e088250867

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              e084bbdde634fe5d18a4cefe634abfcd

                                                              SHA1

                                                              8be74bd45fb0ef15f4ddf2d0b461c63318328485

                                                              SHA256

                                                              20f0655cab00447357d4017ab1beff2bcd892218e3377241545eae1aee612991

                                                              SHA512

                                                              007731381bf9ec93b7f60351d3102dfd1b66568f36b762b97c7cabe2a388ee1ac7a1ac90f8e1fdb96d4c5de4d59eb5564a6bed6f18726c4b59e06803ce936790

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              8b95114041e4e54b13fb6ffe8cb66a9e

                                                              SHA1

                                                              c63efb8b6ef58e8903592d5c4fdbd565b37bc88a

                                                              SHA256

                                                              e2a0f0e0b11148a349a54d55245fa45c708137d006f758b4ba791765197fd70d

                                                              SHA512

                                                              8abb32e59a3f5d45b2af1a8c2025abe717fad1ccc18a9ec974d9ee220083fc2ef33d5f1617f459a319e847ed5139db2ad8adf8a25d6e9b6d56cfd542f9b2f553

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              d5a38c164b4cb03ac41d1f36dc677f27

                                                              SHA1

                                                              03bef893815a89aa9eb977c670a885266288c72b

                                                              SHA256

                                                              963b7a0b5dc7f45a130e024409da0ec97c43d7f0f325b6a8255ff7edacf0391a

                                                              SHA512

                                                              509993b24bb2ca2a0b83fb161db9b0e4116b350a7635d760c3cf635d3fc4c6fb95f712d6209f338b47787ecb4e8354972cd1195229a84fa555c963abf1508b3e

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              c2967c262d101eee1c32c6daf9b2e481

                                                              SHA1

                                                              fe9dabb0bea5e8562671c9d05498e9cc723b4bde

                                                              SHA256

                                                              f8b644145b29c91f870b4c18c6a8a7bc6e743a699d58046a4546790989027fe1

                                                              SHA512

                                                              aee3cfae8cb4e4f2e1fa78fe98ad180698bac7dcd1888ca638d7f33df3ca04a4d2c244fab8027b03176583e04a200bf9bbaf35500eaa3611a1f58ee561a37f96

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                              Filesize

                                                              12KB

                                                              MD5

                                                              48fb96887d2935945a94d6963acfb752

                                                              SHA1

                                                              db43471487dea306664987efc1720e0778230c76

                                                              SHA256

                                                              7396eff1dccfefe2a4b2dc6eed5885e6b7cf3b5b3fbf2f35d51cc59058db07c2

                                                              SHA512

                                                              e0b917541fa2b0309ee5053720a1103754fa737a534d9f2a98612c1bac10bda2d56bfbd3db8c6ed86beb36463202cea67f6c9e7f600e2933b88cdd6953b85847

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                              Filesize

                                                              259KB

                                                              MD5

                                                              7675074f8c30539fb8df7fac305514fc

                                                              SHA1

                                                              fe57c72ca0b4ea402b753bfec83d80fa0448e148

                                                              SHA256

                                                              428f4588f747e4193ef9c84613f2c4761637876b407576b0e00f42acecaf21c9

                                                              SHA512

                                                              bed78ff16ef2cd3c25fddd454ca94ece7c7b084ab9728eb844b99a08ddd0b43e00ef8fdb12ecc6e28ff5c1899243cd28b75b066eb30283ac474599e4a437c48f

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                              Filesize

                                                              259KB

                                                              MD5

                                                              bee2ff48d04adfd566f9ce779f0d6704

                                                              SHA1

                                                              206db3a659ef140e53fbac728e7e0844692ca518

                                                              SHA256

                                                              ff2e239c0a1c84f6f4254766d3087b4cf2c8926092de6fd70d9629deb33ac3b5

                                                              SHA512

                                                              e93894ada4fc22d37ec1116ca79aa9d698ec0e1fd2b4869ce985af8778359afdfb5f73db28e810739ae11860ed8be0e6119c1000c88bc257a532ca5a9d167458

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                              Filesize

                                                              108KB

                                                              MD5

                                                              4f7a80bb747ce40c05d5254faab06e38

                                                              SHA1

                                                              a0ccb5fbd7fc3f689d1ca4a95ea9284930e52414

                                                              SHA256

                                                              f1711eccdf81b81a4faa6f5884ddb4f274782db1f44afad240faca27764faf41

                                                              SHA512

                                                              2e84a5b67638673f07534809b45f90ad3e2fb6e2b61590b4a53d734c026d41cdcd5dde7ccd07178cda86bcd8ac947bf786f12140a7e35a6b19c648e2595ae72d

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                              Filesize

                                                              101KB

                                                              MD5

                                                              7b119af5340a45a4b545b1684b9adbc3

                                                              SHA1

                                                              46623786dd389ab774422e15a5765a363d18ca1c

                                                              SHA256

                                                              93028e741565b4420159dfe6944f9ff500bae42007b9d5aad9fd7652abc59475

                                                              SHA512

                                                              38ee9fe24231fa405b9fd46e6010f2476e057bf1bd19124fe1ce7e04f76ce816fded2a3dffd4aedfa1eb2350071c73b4b452de819cca7ff0a7857e0e1683a977

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591fb3.TMP

                                                              Filesize

                                                              93KB

                                                              MD5

                                                              c2f53f02a5ff0cd2a50ff6f82b1dffe8

                                                              SHA1

                                                              067ceef45328d6d7c1dac82f1cb74743d3d94422

                                                              SHA256

                                                              aea70b6591b3daa732ddc3e17ab3f4c750d84a4bf7c27228c6da66733c6ad249

                                                              SHA512

                                                              88346679d4ec38da2ac4517881b46631f0f4a0fad858f172b10b31905ac7d2b0898bdee862ba78c847cda7b8f84c367ba33a46526efb738372b95a8c67e9520e

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                              Filesize

                                                              2B

                                                              MD5

                                                              99914b932bd37a50b983c5e7c90ae93b

                                                              SHA1

                                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                              SHA256

                                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                              SHA512

                                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                            • C:\Users\Admin\Downloads\Unconfirmed 584496.crdownload

                                                              Filesize

                                                              9.2MB

                                                              MD5

                                                              cb0b68fecf135471dc855390f6ca0c93

                                                              SHA1

                                                              2ff0261ef39a0fe2df8aba8a95501fe9c1b315f9

                                                              SHA256

                                                              240c167dd4fc902976fe2b27e4a47689f1e18c564f72cc5083dd62b81ac15c2c

                                                              SHA512

                                                              d69e645c44e80019dfaf9a6b40c8b2d2fa568a4b83704e54b568c944e442f01897655ec1ed89f340d987b4b68f251214f21e934ad510ad01103d722655ea1c0f

                                                            • \??\pipe\crashpad_396_BOPYACBAQIXWZTFM

                                                              MD5

                                                              d41d8cd98f00b204e9800998ecf8427e

                                                              SHA1

                                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                              SHA256

                                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                              SHA512

                                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e