xworm | d585e477ed646499680f7911e6ca4b2304c3077ee2d99f8050b4628bbad5e24f

Analysis

max time kernel
1199s
max time network
1185s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
15-06-2024 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Triage.ge.exe
Size

35KB
MD5

4b4d4104a63acba8387e5b045931e185
SHA1

5ce378a92e5010b60e3a2d6aa207111310bdd182
SHA256

d585e477ed646499680f7911e6ca4b2304c3077ee2d99f8050b4628bbad5e24f
SHA512

0afc7e192c77e45f340b89b7cfdc5e5a8356c012801cdc3e35b8b9232a547a2f22697d12ff331bdf9c1baa1a20ae70dd6ea9ca0db68c8c8b6e739b6b8a33206e
SSDEEP

768:/oHv9ouQGVrhiQfCYzseVFy+9FgOjhrOE8:/oHloqrhVa6sUFf9FgOjU

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

modern-educators.gl.at.ply.gg:23695

Mutex

IgkIbxNBigOKN4QQ

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4452-0-0x0000000000A90000-0x0000000000AA0000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Drops startup file 2 IoCs

Processes:

Triage.ge.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	Triage.ge.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	Triage.ge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629276589905308"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4196 chrome.exe
4196 chrome.exe
3064 chrome.exe
3064 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Triage.ge.exe

pid process

4452 Triage.ge.exe

pid	process
4452	Triage.ge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Triage.ge.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4452	Triage.ge.exe
Token: SeDebugPrivilege	4452	Triage.ge.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

chrome.exeTriage.ge.exe

pid	process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4452	Triage.ge.exe
4452	Triage.ge.exe
4452	Triage.ge.exe
4452	Triage.ge.exe
4452	Triage.ge.exe
4452	Triage.ge.exe

Suspicious use of SendNotifyMessage 18 IoCs

Processes:

chrome.exeTriage.ge.exe

pid	process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4452	Triage.ge.exe
4452	Triage.ge.exe
4452	Triage.ge.exe
4452	Triage.ge.exe
4452	Triage.ge.exe
4452	Triage.ge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4196 wrote to memory of 5012	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 5012	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1672	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 3084	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 3084	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe
PID 4196 wrote to memory of 1236	4196	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Triage.ge.exe
"C:\Users\Admin\AppData\Local\Temp\Triage.ge.exe"
1⤵
- Drops startup file
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff943bbab58,0x7ff943bbab68,0x7ff943bbab78
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:2
2⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:1236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:3844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3484 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:3840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4056 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4796 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2748 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4276 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4260 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4012 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2512 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3984 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5416 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5372 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4228 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:8
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4296 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5516 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:1004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3432 --field-trial-handle=1812,i,11716984459485396070,7725225002809356597,131072 /prefetch:1
2⤵
PID:2428

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5088

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004E8
1⤵
PID:2624

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6c682c49-85f6-4192-90b9-3c309f2d71db.tmp
Filesize
6KB

MD5
d7f1a7ad21e6ad797df63d23fe9b1281

SHA1
82a1f91cd97c204f452272f8520cd86e460a9410

SHA256
19bbe5460b0bc6dcebfd17e21caef4abc238d8b10b270141714f136266103836

SHA512
975379091297648380c505a6b3ddab82cf946c8e2dba8f825c5d8434c8136d6ec9075dd53bdae34cc87aff885cb94aaf41788f02249f4e63869196e80d22bd34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
68KB

MD5
f0c27286e196d0cb18681b58dfda5b37

SHA1
9539ba7e5e8f9cc453327ca251fe59be35edc20b

SHA256
7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127

SHA512
336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
327KB

MD5
dd242f4737b2737ecad98bc2028b544a

SHA1
065a4e6f50f16e5986df7f582d4839e59c4338a4

SHA256
cc8950f8d690094464d97041d919cab9ec3af790437c6e3febb754e245171cd6

SHA512
b393c7f0da53d9ae875743cb564b223b2031767844db1de296b6e652492bc29f8e19bae002b66e987c00b11009ac7df0bff7a36d661f7846e8bd8c9a0957a272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
134KB

MD5
bb82f6b975721f7516c470271507feb1

SHA1
992a23f0dbd86734402fd9a29706436bc76fba1d

SHA256
495e8e7f53579ef9db3cde689bd31c4665ef84d900eed9f4a58887637eb26e69

SHA512
371f71a1b5376e5befc6fbb3d4cd1c2530aea5a87be2da08c8d0efad4b4aab338c2aee40880ece4442f284fc26ee94a8bd11cbd3cf2cc9f80c44a4e0ba9db036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
Filesize
227KB

MD5
89e18efe7b6f81c6d8a5e42b0c8a74c0

SHA1
7ef35f0dfe4939c352259d038e39f3cec51e34ec

SHA256
091af34e492b67311d4147b801ff30a25af8705fe65e86eb6fd3292bae649a78

SHA512
75b79cd5bc74035dcec073484d2bb2ee3bfae58863251ab1413f3f6db71f7c7c13e10c49133287857f7bb8a5f9f8d5847f6645ae8a6b3a2a60aaeca760daad42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
56056cc272517230399fd3aa4657360f

SHA1
ec3585e8ecef3d04ab828fda6f39d36c5af43afe

SHA256
037717097f198c330949f67d023854bb8eb0308ebc1d8775fc382f3f39898cc9

SHA512
04e2fb194beab4901734c4519d4912af2e961baef27c179fbe389ac20a172f524b557c0e39400243f29bb014e694e2a10f2631177e534a1f5a7e1ae5633ff050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7934584af02c40149c0596d570be71c1

SHA1
47f7e0c3cff6abf907bddd090a67a3dd312cba71

SHA256
2825f4bd4c7f5195eea5b77e6fe44db33fba7c727630636e20204e9005159f2a

SHA512
9ca195da701ce9e7a328ad34dd783cafb9880a657f27817656e9f5beeebe9dccf211ca96c86e26a62da2528ac9db48b33f0bb1d05aa71cac6392317b2577daae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f8b7b4512eff8f00380b569aea350bb3

SHA1
263457579cefeac870f5fe21d0eacbe5b81bd7e2

SHA256
cb5f66be4c76360ccaa5d3cd469a7af48a145cbf7fe2436e5845507581f7fea0

SHA512
79e76c42668a517cf37cbf7fe46f0dbda2b9bb8a67e4d9c5f2cabb1736bfa0b12e9e43aa2f7a43af89cb53b8cc409ce5f12bd83f87f11466614267bf57032f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
e7e1512c725f94a511b808d427a986ba

SHA1
e79565d12df237f20803a5775dc496bcfe626b15

SHA256
4b84039172edc2db11e3bc07b9fb250fcc5aa33a227fa174bbd791903f5ba6ba

SHA512
9a6c97e177c1d607d55ad3f1f5e920bbf0400b58eaa78b56c855fb27d1fbdba9097ecb04782899003abe29d7032b6febd6b875069ca3a22294e0b6bc33d4c29d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
c3c4bcc83023f1e6e9409df6db78028a

SHA1
549780d88417480bd4597c58bab3cd249498203a

SHA256
3c912b42d54c8dd48ef522405994f8796658ef8b7b4fa3f5a05dda09dce65595

SHA512
9e55ca17eafe3636eebc2f237ae700da49e4ffb026c3bc8927bf323202e68b4fe31364cd6862c6a043c7f35c923736e48f50b8ca2725b7ee9297b095e65823af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
2b93b50642ea3dfa4779d8a6b5d04fe9

SHA1
cc04e5b7930192e77eea6aafd47e271ee42d304f

SHA256
bff4bbe6658bc1b0957c380c38d20ac635d33e12751e16ff64e6dfe5dd1739b9

SHA512
0d3d0b3bef18db51e5ffb9d3377677e6dbea894693a3055f221022ef5ba7340e2439c3b597b602898862b3715f162cdc92b13848250f62ec49646f5560ee5b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
8e33d0f234e8a7faa358ebc83d300e80

SHA1
f4dc9ec75e0dfe69a59d3dd4d51eae6043c80823

SHA256
1367e9154182a0b929ee4840055c49672b35632c6ab9611f9628ef1ea420e2fe

SHA512
7e278d70d444b9f36a86d3c3c9458fae0c78425229445632a90d382e3349ee28906fa3372f75b43ed5fa756aa2b4b5acb17a332da4380891afe05a459dbbe59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
a124ee06f99b38469cdcea736a9ed80c

SHA1
6f9cb87df7ec219eaa3adbf0f9319b6b8328ccda

SHA256
8ba12ba16de2fb13ca4d4be186d60bb75ac590f03af7a5533a87704389cedce1

SHA512
ac1e58743eb887fa6accc1754eb511e749ef352f6bb958ded50cd1f9088c95876e413fd30968d6d8cb8afe4237bda8127e68ed4aec331e8cfeacfd7d97188da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d58e1a3101a73cc9381035efd2460102

SHA1
895c726887d28c17000710fff364a98d96278b25

SHA256
6b04273b11f2f75c560757b0b4a2b8a4455ed6c2d49f0579838ced7e72be8b94

SHA512
1fb8e16b4cbdfcbc58c03b86a941a6e5faea27509f923a2187feb82f8e51fce8bb1fa0f5b3c7800c7fc9838f6cdbfb892cfcba7ea29f7ca77bffd2dffedc865a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
edc0360f5804fe7c5910ca1a8ec0da3b

SHA1
dbd6f38d62cd52ed805f6eda50f81a22499e9a5c

SHA256
559979b689f8198dbf9a3c203f3d72391e1f71311c7e6049b159f535f77ca4de

SHA512
2df98921ce25c78b40011e1fbb999999ad78b85cb858d481ac90189ba944b1f1e0ec52638508b75d12332c215bf41830c65b7e401fba38cf00d5413b1b75bb61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
59ac9f332f25e7233af3dd235f8da4d7

SHA1
8e724fedcbe4176da56baf171e272acc626148f6

SHA256
7923637e26073d5e5dda028c5e6744fb243ebf1d5229b1919b8c71643f363f5f

SHA512
42d6076a70f769e4cacbcf2632b9ec0adca6ab8fea3a4abb2eb3a58195e5e8110bc15333c82f347d85ebaf85bacd6d905d6924cfa82ba8c6f2b856e5c1c86eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3276dc7b3003c879eb997947c898a5b4

SHA1
6dc569c5749e96639c4e1b23c480fdf9e9f026ca

SHA256
d101ad23f3e127f7f79103232505270b395b2ceaa828735d33ef77ff87a9e33f

SHA512
75d4622b51a94e15cda58ef5a3e7f713c044e2d7211d6154a15f299dbcc7f89983d345315c5d57a59691ba3bf9c05627ee906807da23c0e81adf2966ff6104f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9ca327734e7d29116e7c1b8f4a8a8dd2

SHA1
a288984d4b593a17ba11a051ec42cca95a21ada5

SHA256
c68fd37108df7abecf6274b3978f525b178b87041e38a2aab67c227c0913ef38

SHA512
bfd715e9a29ee210b420e3c173204990ee82bccd0e2fac112e1c558a0225ae1b1c502b243a819ce0f020af619f38a9880fafbae1a45784de625f5a155d3bc6d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1f66be6e791f46aac4a89d6cdd865185

SHA1
ab02314b9be148f28816f35b82ac2e82f0f06bcb

SHA256
fc884e9f87e325c2ec0812b9331a641129f708a543fb923985d8949ba6cebe7b

SHA512
306f38487c029b86cfbeeadaac70c8833cc2aa41715f6b8158389ea569b6f37c68bc35242c2ea3cadd264b9f6337bd8ecc87b224dec38bac087f2888d628986b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6cd8421e4330bfc1d9e509d92e8fc00a

SHA1
aed7d6482d4be574d4fecc0d211e6dd0689109d2

SHA256
109d5dd0ad1510a99f58f168510f3d98e18cc3d70bf7f2669b15485bb34bf632

SHA512
650e77b84dfc40639674dd523b9b5d5099580bccd5599013fda28c0b3778fbe2e336408d1b15f458fcc25652c0dccbff3615668615cd9258a04a44d362511a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2f7c21f97e1caf59f6efb4ac5badcca4

SHA1
618d5e970cce56c48bda158911b2dcd88428f2f8

SHA256
5b90c96802ee5d6e660a151f8041429cdeaf100d123154d2e8414045d4ddc78d

SHA512
0fa2af437a4289081fecd948fadcd650af55aea8da0eb2f8812fc12336bfafe51ddd1d1bf5329df197c241f05b52a2885e8b0d1916c9cf168a6d282034edd711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
afdc3e375cc74b3f145b5c06860bbbbc

SHA1
2753feef22c422cd677bc2c78b12e7c33275b8b7

SHA256
f41c4e053e45f15a56a435ecd9880efe0233b469823cd2bdc77a2f59a09fd28f

SHA512
2e845fbf35f86767c21564d0679efcdd6a142cd68e2a315defc5ee70bc38e7c07645ec54f11d8562512274d412c0673b77dcfb71c7de20f5335c7d6bae4b31bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
ac8b3c9e4d862d5a3f8aed54119c8a96

SHA1
d64af50621610eecf0dd72636566ff2e04ef868e

SHA256
c1e4c32b0d37313e457f098d530b721015ebe4e0cd48fd09c4ac3ecbd3182b51

SHA512
bdadfe4b04b9b5a8aa83ce3c352dc598ba9d7a3b577245d8894b7a28c6845553318be08d7af2ad3abad404418b21d0dd00c98d6d9da4208fc1b38af548a7e6b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dad07a1cbf3b55eed077b7115a1cfcdc

SHA1
3690a5aea267f3e04b43a5b163d59aff89fa347c

SHA256
f07f778e1fde28cf6e8126ef71dfdf1fa8914c7da268e1dd80944fea09bf6d0f

SHA512
286b86f73aac879dec6ecb118df672e2fd638b516fb9d8196449bc683e5dcc14bc245086c5512cd740cd4d38eff83d21616c70bcb5bbf3430629a63121a47e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
691B

MD5
667d086dcbb947e844c5a6173c23bc00

SHA1
c90f1ffcb069724b5e29e8c8dfe40b677bacc2c1

SHA256
bd0374eecf9c50489dec62b935e0556edffc6464bf7f958718c85dccac65da79

SHA512
c8d4293efe7647bacc712befa69c566122c8444d4ef97b5397c237df24d85b9efdf05792543c256df756e5436d073afe7fffc6ecbe7b78ffea3d29007ca69893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
8f8faca10384ee2d8cc968389197274b

SHA1
673b98eb08b28ea1ec216efd2e5412fba318a7d8

SHA256
38a9da597f1e2657e502787b661af6fb40241bc516aa29408475c78795f07eed

SHA512
c3a3b5a85323985777332774b78d0ce1da7390acafc615933a231a29cab24f50fef329dcd3b6319ce768b8c1a624086670359bc5dc543263ee6d0dcda1000279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8a8b9c9828d85fd4c14073c747f62c92

SHA1
48bcf86e58be013b92fcc457648938338cfbd94b

SHA256
326e0255a6015cfff4389cd619e479146b1142b62b913fa83cdc4d4be7d3f53d

SHA512
5505d3d9aa6f2329da30f4d5cfd88f5929f25dcb8ef3f16aba48b0e2cf9b009aa433d0c309796b63f801d8fa25939cc40a47e72ce996ee03e8c5e8c32b87d5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a573035cadffdd97180d51bb043ae0d0

SHA1
01ea1eb0cee68e5ff31d59347f74abf89e0f1aec

SHA256
82eff32dcf01df1d21b824c08d3732ac44cd5e1bd650d6d918ceedd94cecb6fb

SHA512
c7a3e7163068d9d91b5a2f2b365fc76611ef4938ec28d98ff957c446011495d5f7892ad78511d47c12ee2208f1ea4d18303489ae18190d0d0e0b270a51e07093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
70c7fd74c96ab70f539abc5f1945d701

SHA1
93519992c374c223a70f2f5f9392fb593ab32f6b

SHA256
cbce2175d69e32017ed89172a1eebcb4100959ec3510d2dfd2bb8b8662a14ba8

SHA512
f7d4119e04248c115160d85cc17caca7570229b3ff78a7ee37fd3d956d916372837c6e6b024389f21c513798e1368b8c38f4d5bd0d6fc1a1683e4e208608fae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
110393a2f0256f592ece0abd8fc71b8b

SHA1
96291d5f0a7404a635fac8baabf865a9a2f274ed

SHA256
404e2fdf9200be7573bc90e8727e5fb4ef3350da4363ce1b7c04f19245cee442

SHA512
c7486d39b8a40679e167080ca48b9f069f0a877104d3f3c5ce0cfc955e114b1f95acdedb08aee64c1261b8a037e55f24678f6626049de7340323e3930fd8a4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d93c6f55fad542749c583bebabc46ff2

SHA1
de0ba4a48b9140dbb86392237cee14e31fa6e236

SHA256
d8ecd3fb06e712685a6115a4002f650f6eb15b66c389e759631209d026f6cf74

SHA512
994304a8da07ff07b615b74cdeff497c69210c8018fd351e6b688fdf79a431d3544da22dde57d92f8eb3fe01e99ed44e65d264ba6a6a1fdd5bbfc31651f9ff24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
88a09e9d370f1b69389d6c18c2193f9e

SHA1
8de3b241aba06bda3e54fb1c9a9d9c7fc33286f6

SHA256
b38a172d5ed577398fcd119e4e02ce59d606b7903839d0ce0844668cf393aad5

SHA512
beaf6f8a3b54ab23c6b8be5067ee44a44befe633c540ccafa710f08673007b4dc8b9b2e1ac3bdc4a8e392f03f770e9190bd5fa149b81b6433ad250aa097760a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
96b5f84c0c2fdcf23932011398e8e29d

SHA1
6749a4212541c24c1a68b0b0dda2a461dc03ffae

SHA256
8f7e19748a72aa94739858f45ff770718b29b98f6df4bfeb8b69aaf7e9e98c39

SHA512
db6ee6ccda3b464bef8a99691afd1e0a2fa29cff9eda05f23050d7849df97348a87605e335d0cf349dc77b8a66e7e623e21726720b34924f5e5b0124be72fab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
b6f48def1ad0dc727f479ce8ffec8a6b

SHA1
488a3d7c23f20d7c90d9cd3010d31836d67b4028

SHA256
88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec

SHA512
ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
d0de6f26f9cc405a496bf58dace02eaf

SHA1
1280f495504d1a845af169c2436692a5dd00cf19

SHA256
f3ffb05bf8261942dd4df9aad8217a563c8a9e69e7392b7966f7fbffdb483745

SHA512
aeb67cee1516cbe06a24e686908a3e2d436c70a0f6262c368f977997b3c3087178cd6210a09ed4d7f6f00acd8ab13e36a16809c68d69d2f2ded1fb5c40c00353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b1068.TMP
Filesize
120B

MD5
4b525c75534e46b8e487d6dcf894a189

SHA1
dfa03d2fa53b3ca1f303e8c05d1a5af51c49551a

SHA256
25106e8b4a046e638da7b680e1b32f724543ec318134080315953e75973255c7

SHA512
e0e8f617e01938c801129073a87933a008be3864d5b26e994d6a435aa009e885ee1b1fea9c18eb958657620d00d78a78b5191a15ca6926bc916aa370be080b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
120B

MD5
c2c91a1182a92b62289e7b9a3831f0ad

SHA1
937d01c36b882c13de3dc2bb0fa5289f790d31bb

SHA256
01dbcf6a3cef01dc3cfb84a8be04478626ea9de19301ac3a5aace3db62dc5e36

SHA512
4bd3f2e915ddb5579ea6f201f841c1a768a61f542d1ce907b619fb0d405e357709c57784ff8c7521e1efc94a34741884bcd4e529ae26dfccdf762e8b2460d976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
276KB

MD5
a6fb0bd93cb0cc37de1021d694740e93

SHA1
26fd6571de9bc4fecdf877ac907c3ebb2babe493

SHA256
96270e4cf87ce190cd8dd019d8bec6d1bd9b2d4975b152303e55fefaf26e7e26

SHA512
6af8c23fc1684ee5d6822ad7dac04d84729d4898b65899bcf70447ce7fc4f488c3dda55ae4efc255c7a635fa187bac1f74091fa9f059a00d460be9d272f283b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
276KB

MD5
bc33b2f4be9fa051012fd8b7d649c775

SHA1
20893e6f210f7005db3503b8e0d3b45e74edbdb2

SHA256
cec53f959a1c2fb1e6e32cff0908317da59b2e608bd625c60313d718f18f8338

SHA512
e7c8e73194de4b1786029be427256545d022976bf364e5e9cc1a31995693c83cd6d929095f635f5883160ff81a5e99e7411548585876d38ccb128c90c6cb4271

Download Submit
\??\pipe\crashpad_4196_PPHSNKKXJPFNMDYF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4452-1-0x00007FF9486B3000-0x00007FF9486B5000-memory.dmp

Filesize
8KB

Download
memory/4452-443-0x000000001B7B0000-0x000000001B7BA000-memory.dmp

Filesize
40KB

Download
memory/4452-752-0x00007FF9486B0000-0x00007FF949172000-memory.dmp

Filesize
10.8MB

Download
memory/4452-8-0x00007FF9486B0000-0x00007FF949172000-memory.dmp

Filesize
10.8MB

Download
memory/4452-7-0x0000000002C40000-0x0000000002C4C000-memory.dmp

Filesize
48KB

Download
memory/4452-6-0x00007FF9486B0000-0x00007FF949172000-memory.dmp

Filesize
10.8MB

Download
memory/4452-0-0x0000000000A90000-0x0000000000AA0000-memory.dmp

Filesize
64KB

Download