Malware Analysis Report

2024-11-16 13:34

Sample ID 240526-2zt5jafc6s
Target XCliebnt.exe
SHA256 4a67696157008448cbf2f2acedd7c1e26b3a7ac27958131e994dec482b7e9f5f
Tags
xworm persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4a67696157008448cbf2f2acedd7c1e26b3a7ac27958131e994dec482b7e9f5f

Threat Level: Known bad

The file XCliebnt.exe was found to be: Known bad.

Malicious Activity Summary

xworm persistence rat trojan

Detect Xworm Payload

Xworm

Xworm family

Drops startup file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-26 23:01

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 23:01

Reported

2024-05-26 23:04

Platform

win7-20240508-en

Max time kernel

42s

Max time network

90s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\AppData\\Roaming\\XClient.exe" C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 484 wrote to memory of 956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 484 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe

"C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feef7a9758,0x7feef7a9768,0x7feef7a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1600 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3288 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1392 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3596 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2784 --field-trial-handle=1352,i,17231594936743363853,6019361373365243065,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 pastebin.com udp
US 104.20.3.235:443 pastebin.com tcp
US 147.185.221.19:60312 tcp
US 147.185.221.19:60312 tcp
US 147.185.221.19:60312 tcp
US 147.185.221.19:60312 tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com udp
N/A 224.0.0.251:5353 udp

Files

memory/2244-0-0x000007FEF4E43000-0x000007FEF4E44000-memory.dmp

memory/2244-1-0x00000000013C0000-0x00000000013D0000-memory.dmp

memory/2244-6-0x000007FEF4E40000-0x000007FEF582C000-memory.dmp

memory/2244-7-0x0000000000AD0000-0x0000000000ADC000-memory.dmp

memory/2244-8-0x000007FEF4E43000-0x000007FEF4E44000-memory.dmp

memory/2244-9-0x000000001A7D0000-0x000000001A80A000-memory.dmp

\Users\Admin\AppData\Local\Temp\tmp7916.tmp

MD5 1b942faa8e8b1008a8c3c1004ba57349
SHA1 cd99977f6c1819b12b33240b784ca816dfe2cb91
SHA256 555ccb7ecd9ae52a75135fdd81ab443a49d5785b0621ed6468d28c4234e46ccc
SHA512 5aee3d59478d41ddd5885c99b394c9c4983064e2b3528db1a3f7fc289662bced4f57d072517bbe7573c6d1789435e987ef1aa9cc91f372bcfd30bc016675fa43

memory/2244-14-0x000007FEF4E40000-0x000007FEF582C000-memory.dmp

memory/2244-15-0x00000000009D0000-0x00000000009DA000-memory.dmp

\??\pipe\crashpad_484_AKXGIZRDPPXLRJGL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 23:01

Reported

2024-05-26 23:04

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\AppData\\Roaming\\XClient.exe" C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612382025443062" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4780 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4780 wrote to memory of 1640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe

"C:\Users\Admin\AppData\Local\Temp\XCliebnt.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f1c2ab58,0x7ff8f1c2ab68,0x7ff8f1c2ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1908 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3628 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3948 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4264 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4152 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4128 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3292 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1956 --field-trial-handle=1912,i,15649126317952753756,8143430636683172927,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f1c2ab58,0x7ff8f1c2ab68,0x7ff8f1c2ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4156 --field-trial-handle=1912,i,4609500371103646826,6020650596126618860,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 104.20.3.235:443 pastebin.com tcp
US 8.8.8.8:53 235.3.20.104.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 147.185.221.19:60312 tcp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 147.185.221.19:60312 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 147.185.221.19:60312 tcp
US 8.8.8.8:53 234.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
FR 142.250.179.78:443 clients2.google.com udp
FR 142.250.179.78:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.pornhub.com udp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 8.8.8.8:53 41.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.19:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
GB 64.210.156.17:443 ei.phncdn.com tcp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 prvc.io udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 172.67.177.254:443 prvc.io tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.21:443 media.trafficjunky.net tcp
GB 64.210.156.17:443 media.trafficjunky.net tcp
US 8.8.8.8:53 ss.phncdn.com udp
US 8.8.8.8:53 eg-cdn.trafficjunky.net udp
PL 93.184.223.43:443 eg-cdn.trafficjunky.net tcp
US 8.8.8.8:53 19.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 17.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 254.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 156.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 21.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.223.184.93.in-addr.arpa udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 104.17.248.203:443 unpkg.com tcp
FR 142.250.201.170:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 a.adtng.com udp
US 8.8.8.8:53 ht-cdn.trafficjunky.net udp
US 66.254.114.171:443 a.adtng.com tcp
US 8.8.8.8:53 hw-cdn2.adtng.com udp
US 8.8.8.8:53 ht-cdn2.adtng.com udp
GB 64.210.156.2:443 hw-cdn2.adtng.com tcp
GB 64.210.156.20:443 ht-cdn2.adtng.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
FR 142.250.178.155:443 storage.googleapis.com tcp
US 8.8.8.8:53 203.248.17.104.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 2.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 20.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 155.178.250.142.in-addr.arpa udp
FR 216.58.215.36:443 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
FR 172.217.20.174:443 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 142.250.179.78:443 clients2.google.com udp
FR 142.250.179.78:443 clients2.google.com tcp
US 8.8.8.8:53 id.google.com udp
FR 172.217.20.195:443 id.google.com tcp
US 8.8.8.8:53 udp

Files

memory/1312-0-0x00000000007A0000-0x00000000007B0000-memory.dmp

memory/1312-1-0x00007FF8F5A83000-0x00007FF8F5A85000-memory.dmp

memory/1312-6-0x00007FF8F5A80000-0x00007FF8F6541000-memory.dmp

memory/1312-7-0x00007FF8F5A83000-0x00007FF8F5A85000-memory.dmp

memory/1312-8-0x00007FF8F5A80000-0x00007FF8F6541000-memory.dmp

memory/1312-10-0x000000001B220000-0x000000001B22C000-memory.dmp

memory/1312-11-0x000000001D240000-0x000000001D24A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 06db557671379449fd4aa36fbc54866f
SHA1 45d9cc263ae4524bb07fe624aa16acec904593a7
SHA256 771b3df2c500dec774ae7da80f8a7e45fe20d4366c6b146ea4c44a5abf6b72d5
SHA512 6ec175d52b4cbf839ed3f97c7e246929a3b0532137c5a9f444cc626872456400669a1987c5ecbeb6bf743940631379ad719a14b1c4296fc470d4a67b44244bcf

\??\pipe\crashpad_4780_YCQNFFKOMTVSYXVA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8dbfb482cc32eeb798d06bf78a218041
SHA1 84201cf6cbcec46a9875653cde912c86a12d8d23
SHA256 e7257bd6f66fc091b3123b453cf8f8e2d1fcb1b6acaea656ee7930b85cf15c21
SHA512 b1151b304f4b6c9e74286e64e348e53deb110ebb699cb0cffff13c4d7d03b5e447c08ba25697cb32ce655ff8d96c0738cacee17121f9511e2acecece3e5aec41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de4cb07c2e7d1789be6497c2bf225c14
SHA1 79f01cd7460e55f9f58dfd83eb60c9c01b816b00
SHA256 76d62965371911e39e17ab696b6221fc1a8615ff724260b3261dd94d3a0f79a8
SHA512 9d33f5ffa971c965f1c902204997f23a67109df52c9edc063cd4c289c5a7b31d0cb87fdf75ccf626a8d51cf189130899b850250fec45bdeacb6bf9dc1b869906

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5614faacfd1f685cb67a0d3c5b25c650
SHA1 3d11dadef2c3d3084c8049565e04e942b6890d6e
SHA256 c786f228becdc9576f419c8cc0be705ffaa54952712e32666b8611212747e12e
SHA512 08f202752d9c5d666ac684c3af558839dd66f6293825b20d0a44de2695fb651be7e6e9dec120e8f8bc6aa3863bee73b37530920247475894934d7d6ccb1a3e23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 047ab0b0fe5008f2141ddd1222f1e5ef
SHA1 1e7c94c6f1bd7f812c89b7aef1e9c705b7890f55
SHA256 5ea9d16c08dcb6b048cf00851334687fd1fcc973b2ed6af6f7edc1566f4e0f26
SHA512 efcc6a22ea2531a6bf8ab103761a7dd3ea424013f64d4c5d00748c7475e1e0f03e57bb662419204a7eabcb7ab75d8af6fc7940528336a6e218949daa5a6ddbf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da2f492a421594f5fc42f13902e63b0f
SHA1 2abd698a63ae91faba80ff1e1953e2cd50b95ded
SHA256 68799769310e53b8201475f0bc66cfee71d7a907e44d06f526f52b0dfe775f2b
SHA512 819257eb3369992d15177c9529a368da37b2fe703eeffac6c63691fb128d3afce09fc861c2c0cc44dddac060f7b0fd573dea32d59602c7e437b53bb290461fd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fdcf4b91867576a72436f21d88f8f007
SHA1 b98b8cd81883af71c1b8d1b82c4bd604eb7aff66
SHA256 4b5cab66029155e835030a0140a70c10f156f8acb1bb24e3dec7a36944df2d94
SHA512 238018d81ab3d15324b737a7c90c0277b55720608b83a049ca7271e4b7360d7aaedcf85db2c55b2f02cc00717f0a861ce88b176b7bb0b2c3060f8be61e8745cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b0d6f123e89dfb1ac68ccc5cf0671b60
SHA1 80864a463e89af8a2a17d0aed6fcce560d23f843
SHA256 aa9e55d039388e5d1e25e7f1eb714aaedccdaac9f05ef5022da534bbc750b24e
SHA512 1e811c608e9617dbef66d5d9baff7709e16e4a55a49ee75c5b30e98215f4c5a25fb67663b9a14eeec674412b8336fae586b9dd02f20f2c7eb3ca70cc4aa865bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3f0b7ff6d4b6ce805924d0273320b04
SHA1 77e7a9958f06a4dc81f1bbf7e76ec4cb25a7903c
SHA256 d8c459f0ff6ca9cc5a8c829f82c1226bc1b375d65fc80bb0c33d78fc2a832e97
SHA512 51dffe194524b14ce610163ba5ca39153412bb9e326872d438184853c5d9b650499badfeb4a04cca6338331eff9ecbc9dff9ef1d962506a38b0583726e95a4ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3fa6d6054ea854fed09dd4d6676c2b13
SHA1 1fe4f5ae6addb90ecf40bc8e7dfcf2e6840074b7
SHA256 67df43bc5aec6d0628651626211758d3c311026c0371fc438cc392b52dfa35d0
SHA512 f8d97baaf9e78ae89a92233cf0086914f5cad075a815be524e702d0bba642391ee4f205c14c29472fbf3baa22447559772317a15baaef4590746a23193e73c19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 37b26ed13d9770f14c18b875910b6a90
SHA1 c63deb18e867febf3472672c9dafdc1fd23f43b6
SHA256 e0f53e878af953de96d3ad5b97265bc5715c31d8ef37303842c45d2cce8becaa
SHA512 5f8ded8a6c5e91fb7a19be17626c729d62bb6bfdda8bc085ee24f8cce7eeac7b2a2c862c66dfbc2037083246f4fe5f98b543cb831a26356ea8171d3d810e7135

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595e72.TMP

MD5 149d7e4f6a4f4e7842beaff3db1f4adb
SHA1 471a7c429b0e16a424838cdf36e574efd1bb4794
SHA256 5f4f9a7bf07dbe79be06cc2c2bcf78755591cf2c05a0f2df164a86f9c4419fe1
SHA512 e2d828f732a642e50b3aed593d7d7b2fec1394956b5ede489d088d45265e9056c2669872346426436afbf1ca4f084d11deecdf1bb9099d9ba51b1474f8c719e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 10096c228c52583cb14427ddcf6dd6fe
SHA1 f31898fe4489da984c658961947ae1a474bc70f5
SHA256 c631cee9f0291d1cec88fc865f723a6bb851168525983500734f6ad456849c4d
SHA512 0d5a29faa4e8c19f60417c2a6c1a5a3e23de78a2d64e8cf54dde0ed9fadab49b1749b7d1131e6ba27377ce67018ec787d2bfa1f67538f253898e3a64c3e94e02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8f40a0075a9053222beb93a3eb798f3e
SHA1 6c49c27ef996767e62296f8baebf4e2e2bf413b6
SHA256 9099d766b8ec00b10438cc7316ddfcd97006b78a0f77cb2292a33a9c2e3e97c0
SHA512 ede134a7c286fde67d70fcd45ef9e2b65245b21289c6c4a81d74d53826a0513274001def63fd1c5bd84b0667663c7bc33ff16f52162c4b9ea5e4a6b84c57d457

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 588a952fd8760d7111f83cfdd51e6df8
SHA1 2fc802918071fc743032e09d7c80154ed5949ce7
SHA256 956697a55a52f90a3a0cc690a0936a8002eec56fdb99c9a8012ee0bacbe94212
SHA512 3c4afcc718ddee355d4c17447df99cb7dab9b868f192c1c0e1ed4e5ff030225cebe7c7d81b2cc71d7b37e44fa1ae34256a94f43f5a31a4a73a2fca2108160680

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6845211bab5f2d311eedf9f70bcbc04e
SHA1 b36f2757ec64134608b06cf69596be23f0f02acb
SHA256 14afe012b616cb8cef13451c25bea0ac21e106be60afcd0b87638eb9f7329528
SHA512 205259aaeee9ee26303f52a30eef59b4c9cc4371fe05628a2805f8729c355cfa78f10b75d4d1cea26d451dbbee664b5ccf73fd58fb16ce06619e48494f690902

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 291300cd10b72dc796406608c7cf22bc
SHA1 144a8f2928ccddc3235fe90bedc9fe37cab6ceed
SHA256 68d6647803b388b31cd4228ff6fca4ad171d39a5c910b3dcf16d92209fcb9ac6
SHA512 27cf72c0acf364359076221da189641327c7d9ee9db467b6ebc776d3adf419b521a3ab81ec470ebcd2d36583f6c9e9c323973de9388a3a16963af864a21560ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 641014e1e2283e3fc2716f62e7827d45
SHA1 92e08fd739070112649b2b85af79b9ee1ea32daf
SHA256 1a83a3a3479d1d0cd611755c8bd6c952a909bf59ed14987bff26a20b0ffb0565
SHA512 bfc83a69cae7e748514530160b6eff227a112dcd9987ed7347a7bcf488ee9f32c2d0722fe7102529d72681ef6f748c3028209ff28b18e5da5ba2acadb22cac6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595edf.TMP

MD5 a5b94b79fecd65b05e0ae40e90c492ad
SHA1 8308748cbdbc9f5013f2c52efe9e1199a06034e1
SHA256 744cb9e48ac9dce4ce35d835f511f9e1b0c5524e777404e2006ce9f8a9742007
SHA512 1b1b8f98794e1001c9f3622e75b5e7f338701fd3e0d61a680b77296d8ee5063d6dbc8424d9d4de6bbabcbc762e9985c54c5c192104d2879f1fc599179c428681

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

MD5 d9a49a7d6d5ca840cf0f0e937007e278
SHA1 90197e483cc1bf8970cb6012997b1968f43d8e78
SHA256 183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876
SHA512 142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 757f9692a70d6d6f226ba652bbcffe53
SHA1 771e76fc92d2bf676b3c8e3459ab1a2a1257ff5b
SHA256 d0c09cff1833071e93cda9a4b8141a154dba5964db2c6d773ea98625860d13ad
SHA512 79580dd7eb264967e0f97d0676ba2fcf0c99943681cad40e657e8e246df1b956f6daeb4585c5913ca3a93fdfd768933730a9a97a9018efa33c829ab1dea7a150

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 7626aade5004330bfb65f1e1f790df0c
SHA1 97dca3e04f19cfe55b010c13f10a81ffe8b8374b
SHA256 cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e
SHA512 f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

MD5 d1f5782e193cb9720f75ea46aca9a502
SHA1 fd0e43e5155906bf3d8f5ebbf5fb49603a572f40
SHA256 813dcd4f95904daf4355f89678103b6d2e140fd52e75665548ef3b544a971270
SHA512 c4e987bd7f56d9eb16776bf446f2bf8d034734954b569f437e4d3b7d1d1655cda6473769a735d1322e3971a4f6db917dfd19379e5bc03b768394c1ac1d9b6ad2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 a9daa7aa8b6b2e77fac4493c2a0c4666
SHA1 1c196b1f6f14e4bc402c1042a6d6beb6a7f1227c
SHA256 729e6c5b1001d6308d7c0766823a4c572c689dc6ecf51636f8f2a8f64c80a76e
SHA512 7c5766ef702225523b1ecc50e1c512bf2b494da548de168311b917d18128caf32d04c1c436b8190fd41fb42fad72cda84d577a2c1abe4020759a59044db38e50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 4a377746b51ee3879ae2260ec0c579fa
SHA1 ec783dab1657e198a93799fd6e794c23d75069fb
SHA256 e9f5e7919cd9b14eff2b73a166390a1dffb9a74e2a12675685b1e4def95a3f78
SHA512 6dd03ed18e6a69098c1bd534ab5448331a3b37b180c033527abca7edf5c910e4437cd34c4722f78b971147907c9427dd8036f04212586664bc25448a3f191bf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 48c80c7c28b5b00a8b4ff94a22b72fe3
SHA1 d57303c2ad2fd5cedc5cb20f264a6965a7819cee
SHA256 6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
SHA512 c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 ffcaba5344275f92faa301aef7f6e832
SHA1 4a9e7ed9279c56c01a1c2831e212a6318de09817
SHA256 c476d23eaa980f083d7b08a67bf0214addf6b3f1095a420f3fdd8abd30897a10
SHA512 a4968af065307b37eda59d675c1c4ce3b8c18eb80fe1f603306c661e9b6509611b73b5f334a3219955b718444a1c000c1cdb60f9ca11671d1e434ce8481c0ed6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 a672a66f7ead8461c346d4e15d39a815
SHA1 e3483ceceac736f4ab9aadd8fb7399d01255b326
SHA256 f95f4ebb3f120c3d7fbe854543cc038e160ed1a83ac9647805dc60a17b09dc62
SHA512 70d619cabe80463665040bc38bb7a30b2aade9e22397db7c22e8dcb88a1d37f83473866000e73e37ddea11e7f949c3fc6fd5e8e598cec03c206edc4c200294b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 c040a072005610d2196eb949a6d17e8b
SHA1 0ea7ded89f1346f41059d1210ea9d779b5495d39
SHA256 415c3b7fbe16279669155429e0a08d101bf8a58194dca7a7918d7aa2601ddc20
SHA512 2f3192f9c71554b09b6ecf51b41807c9b3fb279f64a22479728a7578179db9ca474494d64db6e18b2a9e15fbf300bba158ec49ac77b8961b06ca82b217c50a2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 e66db295f52d6e8c7df84a33eb14366f
SHA1 6b15e68d92144eb3079e36d2e7aef7d633894051
SHA256 e6332d9f0159c5582c9556b0895a3d75c56fb9ae48f51c422a74e4c364e61399
SHA512 3aec69bd2c144347055d7ff5a3caaac1485b2d15484932da455f7a616869afe5a4ec6aa4c2df5b28e75b93659b8fcddf0ebd4b1e70389fb1efe5bef24f4680a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 b2c7be7764097f9627a0b2f66a75e5c6
SHA1 f17e08b411d0c3dfa1c4603a925d01d75cc9796d
SHA256 3fec2a845d77f82a0214452ea017bf6851cb5815966ce1ff9c1628dd7c33b98b
SHA512 5cf1ee08f9ecbe85535f2f9ad6faecd891b431bb28d1d2289bec833d1d15a1265e57183c42a609cf4ad3fe1408cbad4ef90ab8b896cda173287848fcde28fab7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 21d44f16f8158478987df7fe5c23964a
SHA1 8d5659e3c2755b0f0a9ee37293627920f92f9830
SHA256 3bcd6ab98076afbf0e55eb941d741215f7d919979d72d52e4ac0b0f54e3e1730
SHA512 09cd2a8180fd01c53b4b280b274f7df6387c00f5b8b3e3742ff50a41db4d97a5f425bf5974fe8f02744457385c21c37ddd059e4416290dc9e52d066915740112

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 9c2ed8942290937614422dcc4c769cda
SHA1 1893bf2e40c1c7ed9cb03ea9eed89096d4c00177
SHA256 465494ff4401d99b11f1eb15b7ba4961ecae69f5c279966515dc889e8f11fd03
SHA512 8f7be284a52738b3c4faaa3ed88ae6a953369510737fe37fb6f44307354cd14d44c39552d0bb65732ff55bfb51831d28d5aaef83f70425b1a76c406c736fce10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 28f6acf4d313477810ad57071992c7a1
SHA1 c29abd2ebe753a5d9ca7c13c80794e52e57ad1b3
SHA256 358f02ec83b2e6c9867e662993ed1ee92dd56ea78c04e3723823f547d2b4539c
SHA512 1a72c2e98efd2a7f1c1e4ebf30f7c224ef30ef4486ce5889474c3c45b037d4fbca43f4a51d2f1de233413c7b1f94a8cebc857844dde3b663b941c0bff8b16266

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 3f28a3eab593a93e2f4a8eff5bba2f05
SHA1 b9e3a42eb03487d02ff03104cdbc95acea28b3bc
SHA256 26d5dc5473d73755aaeeafd7a2660762f8b8e3baffc9a7896118600140867985
SHA512 8b723373e2a43d01b18d06ec6f7a6fed2fd09cf8a7f075bb79db5b8fc981ac5e4be53003d20dfab77b1a2650dbbd8731f8f1aa9a34d2e5997c185af5ec69bf72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 b428010d1e63888d7dc91920c2135e24
SHA1 7d88aa246f53abf5ad5bb1cbdf940c5bf2daac50
SHA256 7abd2b3f2ce7c0eea015a4168b6818ad555db2202abb0514d5fa082d713e9080
SHA512 cbdfdf274b143d8569aabdd8b190e5d484781f282afca5f4342faee3172b741324ad7cce992be0297430e3be1062fa6f9a8a156a2452f5881db52a8e49e443f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 cf776b128a74f76a26e70ddd68b46b61
SHA1 24c15fb603cd4028483a5efb1aecb5a78b004a97
SHA256 346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc
SHA512 20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 a7a5fc28391b1f11bdf4898c8c7391fb
SHA1 c40545f1d7e86348969a468e103e28b9816c2352
SHA256 3aa8dd21075ee945dcca222a4839f28b2c91d8aad1f327f01ac23de83677a5cd
SHA512 78766428f9091d9eb79e7bdc8e75d25ee29b027c38bade3e01d88c92de63e63b98dee9bc9ad15fdd4644807c4c9c4128d2ad604967a916d631dd6a77000ca833

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 c5f3e3eb6f23b67b0edada18156c487f
SHA1 a63aa98f3396b08eea066ebd9bf102cf2253602b
SHA256 0519e8dfe9cd403182050c3d30d063ce0deeee7135fcd3911bd7a3a39a78468a
SHA512 b161c18061a5f374c169e7c84ba2b3b9139ab693274e4cc780df36789220a4dac9e27b1f415a137bd59ac97538e72ddb37f66ab766aaf71c4cce033255244fb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 7f8a4f124f314e0f1a6d26a2ad2606f9
SHA1 b10bfb19db2d40eb4ac17735c385493e7dd04c48
SHA256 7bb5dd5ba2a9a34556880c1a064625644803bc44e86914e0185ba6004e917676
SHA512 217479bdba2eff0c329faba1f3c90cb287a716d50c1270617231efd40fc554ff9867875582222dbe0120d0f0325730fa4e43ba76683faea1cb8868e10e0f13f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 a79ac3db98ac8778f7871701c96b865d
SHA1 bbf80e2bde5998013e07f012ff4de4565e38f61d
SHA256 58c7eb61f5afafd724965ee3586fc03be087ad2afbc4a8b6b37d74bd65cac415
SHA512 38088f198e320423e29bf8a4f2aa1a4f57cc5629f08caaaa3643238c3b5524b05477cc054de93403d525b6dbd9959f56d408f2616d3db77658a03545b46abc23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 f0d94847aedf469e758b6761344da253
SHA1 34456dd07dcb4f4d3f9f7edd1c17504cf3c4a002
SHA256 cedc8a42e71a44585fc7ab0d1c0cc447b7b031459f5945cb927131f79dcc2053
SHA512 631c0cf4ec297ec5808ef452810a3165389cdafaa941ee907a10a15496db5ffd9beb486e8266cd77a4ad8a9043a853c2788f669f0700d35c9da691f6033e0bc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 75f1d5724eddb6c481e2e87727c0a19d
SHA1 3cfe079018e25b2646f23e0744bc5af2114ee256
SHA256 751f9ea75e28033193df30031bf3d33e0553e1644ccbaecb26fe7d3bda21b78c
SHA512 a52fade9a438e7896f12afb5b8cccf05ab2cdd71dcc8683ba80001e74800d0c6a6d446d162e75eff573ccfc7106c1beb6f91bdd41753b81a6f5b7510c7c36b4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 655407f31c3dda6b14e18307f7450db1
SHA1 8a74a3d080474529bae70d910f7f9bf5c1195666
SHA256 8c0d1c1259da1fc74f9ff13beb4bead097eccec695973ef70912dd853a49d973
SHA512 d8163d5b283b7a9b8f5f494e00e3ae2c6b49f1899b0eb819f9d7eefd9116735efd421cbfc9374bf9ff0d94959a86d0ab223eb3d676abeadcb0ee192c7a07878c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 6551c49f0663fffb10b6c187ac8899fa
SHA1 4cdfd11f6197633d0154b2cebb5b94afc9f994a3
SHA256 9aebab994516c79ac780ea465283d5463c9b87ae68e7593d618921311fb71af0
SHA512 df2b36079f78522ca080a310a47f0a9ed28276d866d8924c39e21cabb512f3185835e149a95c3470ceb3074ee4f5b98ea45df28a9b89d4173651882f15728b62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 c0ac1de18c0a94bea77bd91ecee8d8b1
SHA1 5adbc3b55dbedd9a26f1ca378ed8aa49a8fe79d7
SHA256 b818a14c4a48675660f38725bc3a3cb3eebfeb8d081eec47e3c422c933b7afe8
SHA512 30cf3c99ae843e8aa40cb9036019c27c9cebfe23aab69a63622d547d57226f358794aab9a5570ccd4fc62ca4391c16e786cf3b909550df8f7e24c9f7336a417e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 4874fb82da9e619ba014c987a9d29f4e
SHA1 496a06b6bb1551f79ad40d25b06cc63c4754a5ff
SHA256 d24e3cbe3927d6225fb5aa27b745caf8b079266e9387c1b755fabc33b48c60f4
SHA512 488b6aa4ed0e810311b9a40d82707008fb01036aec8abede9e947ab9c6495b9455691caa7398b4f597546237aa3f34cfc10c7687889952b1db706c4bbe542efd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 8cc90c4a9a722661f7f95267d3ec489d
SHA1 d85a9de381a3b94387f63b2d22bc0da7e4c3ed47
SHA256 cbd4f0279c7be7202dcf4c5736b8a2f2d14dabbdb8644242eed6b570b5d7ed64
SHA512 d727351d103e7e61502acef2018ad9503bf234560b078897898a3599df183b58142d853046d79c4ebfd1ed60133d0ad77c6c5a725b99d170e323871f40f4811f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 0ed8278b11742681d994e5f5b44b8d3d
SHA1 28711624d01da8dbd0aa4aad8629d5b0f703441e
SHA256 354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2
SHA512 d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 73e8051239a0d80d65f7a526ca2190b5
SHA1 73a6c1c5301b322daa7e36c01df62eff3032e9da
SHA256 bbff0b2a02b9b0c485930f9499b0d922a6946e291f3190d4acb49dade6c5e111
SHA512 7a2da4aeffcf6a33b44ded6cdb6ecff3fcfd4a107d1f007c8393b167b29c03b8ce7f9ba3d33c4b9b1763515ca1a1bd0c7c69275d9232994195a9a75dd52dfee3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 2ed0beed7aea2e59fb5b5ed975f27c33
SHA1 1080f4efdf8c6f539db2bf6c49f2785f1ebd8e32
SHA256 5563f818dbb3e50009f9c1fd40a61d3d172f6f35c7d66a15323688ece2be68c7
SHA512 96420b10e487889ca9ed85dd4cb38d234ce9d78360bacfd0b74dca623127677d09dc9922e200a9a63ace84d55360c8ab0be20d79438a0e5f17acfb059250bd84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 26606d547e278af95acca2849d3f311a
SHA1 e6fc80f89ab901f9e41865280bcd38a66ce35334
SHA256 a2f8004fd0cdb7f7c57c6344d987224ba335b59cd3f7c7c5125e7b3cad98d94f
SHA512 c7285e2049cebb5c7cf118809768cce1e30cb4fd5e662c6eeb79461e8c10f22dd76c6c22a843b5fb7b48169c126c7653d75f4723eef4af3bc0d441de83c18a60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 53f6871e09f2fab1bda3b3b0e0c17c6a
SHA1 5a86c428669e0483b5757a7214e4e7c83cae07df
SHA256 0fa9a364c7bbcb773e17db33c8dd9d8d0dee2347c6aa42c4cb23115f59f413ef
SHA512 5671d1599304de5decc892ed13b72c6fe455129234c632dae3babafa1429d21be17259dcce53c1ff5196da6858314a7333c58f982e3f746ff1c3775f5356be08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 09a25b2753692cda0d16bc8b5aa4f3b6
SHA1 73361ac9c61fb562675912047fc81c7bef43c8dd
SHA256 1e4fb18391792d8b7bdc7b351f18e0737fde2e05c99865d1e3c9a7f1424fde2d
SHA512 604029c3f76e7d241ef114f64471749f85389763852651066c479b113200f4ce2c6bb5f16f3e8f2481fafc491828abacd32f2107762fadd8c9614951ff7faa52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 81f95c75135848ffb7ee4619193de209
SHA1 a398e97abd75551707b0f0ef23d10e4998910d10
SHA256 bf1c4d1444b9803faa673e892abb17e4e57f6de3ea55f20cd020a163ff8d6673
SHA512 fc8c4f608b9f8dae51a6c2031e5411500cf3c92cc24f5f12b91592e0b010def9a52ff5bd54f163f009f9250385ab1626e1034bf6f423abb021f1e0fcc3f58b89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 7f156bc2d97d4c6c625841e721c98924
SHA1 022954269f050b945dde8132495263f5aeb1e842
SHA256 3e0d13e4f5406180f05c14a0912484b18dbfc6ae249e1d2d205bd4f4bd2116be
SHA512 46d4f0a31dc9b143c7ec82d057d6a4adb906154d93b93ccb9eb9ec308bec78ff0ebd68653d987cec21f829c5ddbecff5b5d95ecc6a2e9512b17c7432ba943d4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 ac626b3643a3c74feb620dfe0d32bf74
SHA1 c3f28297b66db1398d668c1cd23bbe5eae4df226
SHA256 bf4bdb244b9c1fc1827ecb5057901417198ee2988f0b238ef60f086b71d550f6
SHA512 bf744ed998e3815ff3b26b541602d2a2e1790f27b6a722a20ea50cd4cdba177c52fc4f112a6d72b5ef77e3a9b1ba135c6465f5c639b70cb6a47f00beab2dba7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 4d378e9a1e2fcfc2e7ec4b08bc51d651
SHA1 3f322cc6639fa2c5180758207fe6d0c04b7f13c8
SHA256 ef231d895529b4e01f7344f95cec2bf275b9adf4abfd098259e05a9bed74f4a0
SHA512 867a1250f559ff3a840eaecaf1dfbdfe172471d5d67e696fbc9b612a2660e09cbfcab136c5cf10ff5318038dbe42bfb37e5d407fa046b63b0fc1c848b3e88de0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 48a668f023d9c3e6cc526c3ecd649897
SHA1 8f32ff645046a04a8d1227f76117011f60ec7227
SHA256 c88874f17c06034bb4f8c67a66e1667eb039e85dc057851362921a3e8d4ec5dd
SHA512 2b6b458e6c14007d010854382cebc066aedf1953576bbe59be0da89b650cfd79fe704d7bfbb83f1316eadf7cda38547a5cc6ad7822eea38cbb6287c6b90dd9fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 323d1d0faf21a0a37f066eb870f08159
SHA1 a3509225b9c94d27514fac9408484916507fa90e
SHA256 9fff4338cdf79f50367d6081dc79d3dd32309162c5d9e64cfbc28f88b2da2a93
SHA512 e48a7146a01c3c835191efa5f9605d4824a7735dc3512922600f93c36005c8fd633646fd108cb589493c62b87946d660f3367258903ce08f58226cb7230c8a44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b41a9f86dd4c33e4d383627b53587f42
SHA1 7c9e117f3bcf2d9fab1c16e175e7ac92dc74d7ad
SHA256 fab46ec7f39ed21fb58565143f5af2abd9a278e3277ff28c300308ecab7fdf84
SHA512 127c669010ef582d6dff42d77b9a638e9b574ba912ff4f0a1f83e600f7f06c67895ad467dd6577d2f6ca83e6fce48d9fbfc533b5b7d6ce331efc58cb0f7d6c33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 26710d25217ba3a15b60c3bb1815e378
SHA1 add24e306d0b3a282c0ff4a9c2e7d4ea5b1f1380
SHA256 04a5e6b5391fbc4c0806a32659c8fc4c84fe8a16a9b8fce480154db28eb61286
SHA512 f5baab55d389a82eeca28ad67368ecfa8fea575028c4accd9fd043dd7e26ffb60d62f8cf87b8fead2a1d26d6c6f8fd9c7e71ba4d4abbae50b16edbdb162528b3