c5ac8ed1214c7eb71d2940ce96775f650202ac4e1f4766236196e95d5ac66dab

Resubmissions

08-08-2024 19:37

240808-ybxnzayblk 10

Analysis

max time kernel
300s
max time network
286s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm v5.6 Edition Cracked By @Drcrypt0r.zip
Size

20.2MB
MD5

75337e93bdedc7c1ece453b5e99015e5
SHA1

19365026976f15aaa4f7ba67b855a07d9e18f10b
SHA256

c5ac8ed1214c7eb71d2940ce96775f650202ac4e1f4766236196e95d5ac66dab
SHA512

8002042852f44bfcec7ac9e04ab3a1ee625e511b9feb1ecf6480c77e78438f54288cf8557485cebdc1904aec9794477bfe934a5917ad374a8d776b1a24c5dabe
SSDEEP

393216:94DnrlQY6zWPMKajcl79+WfIEMtsbScaZMumzGG//1b1V0ByOd+PR+aEc:94nlQlE5UJtnc0MsOh+yO+PRYc

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676195322442762"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1104 chrome.exe
1104 chrome.exe
1564 chrome.exe
1564 chrome.exe
1564 chrome.exe
1564 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1104 chrome.exe
1104 chrome.exe
1104 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe
Token: SeShutdownPrivilege	1104	chrome.exe
Token: SeCreatePagefilePrivilege	1104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1104 wrote to memory of 3628	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 3628	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1812	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 3120	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 3120	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe
PID 1104 wrote to memory of 1524	1104	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked By @Drcrypt0r.zip"
1⤵
PID:2196

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd6267cc40,0x7ffd6267cc4c,0x7ffd6267cc58
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2072,i,1663927411219935926,9796542376831572131,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,1663927411219935926,9796542376831572131,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,1663927411219935926,9796542376831572131,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,1663927411219935926,9796542376831572131,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,1663927411219935926,9796542376831572131,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,1663927411219935926,9796542376831572131,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,1663927411219935926,9796542376831572131,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,1663927411219935926,9796542376831572131,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4972,i,1663927411219935926,9796542376831572131,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1564

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\30985c5d-5355-49bc-a4b5-de003d3471eb.tmp

Filesize
193KB

MD5
53bb22252ac8c3a9669ad2b23fd1ced7

SHA1
867abaa669c5a6e70c5555f5b207de3e738ed174

SHA256
37faaac0b9f0340f8c4c1d7b14d5ff60c5bbfe5e41bbb72236dccb82e2a4929c

SHA512
f2fc17a2014013a98662e6298f79ba00120ccc67c44662cb2549df558627c0233565ced1f48fd7f014e221a3a166939a69d23c9b2644eb17868dbb10d36803b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
69cc35805efe19c8098bb90411fb3794

SHA1
2d1701f3e081cd094a8930fe08aa02089105d3b6

SHA256
ecb752aaaa05f2644edd4c3a449d228c762c4739bbe5e6f9d9fdfd0563f66ccd

SHA512
aaa9bc583feb8e72e93be1885229514aa381756ddd7fdbaed6a381c55fdbd35588f90230c4009fa3ea8aaa6d4b202a9678d5e630b9eaa1dff44ac4017e711ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
94def88121ed0f08be4b0f05f8270db6

SHA1
8b1002013a5bc113acf2b1a998fc60b360698af7

SHA256
bcc2450f56e2e7aa92a23a024d6b275ccb80b65a94830594e4186b2d527be100

SHA512
e63c3f189ebb8efd596b7319308f7f544087bd0a94fdcd9008ae4380bedf7679dbbff888c1e76958c60806284e9dc710994d5137fb162f1f2b032f0b53ce3ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f775b13294601136bb42e02ed695c2f6

SHA1
25723088bb3ef4b91d7f4ef0f9845d26c452da05

SHA256
ab6c488a77eceecb87219dad382d91fea58b8c2cbd5b069881c08d726b57a039

SHA512
728ec5c967eaec13bb2efbcb7c0939d9141d2c61c8f0f22d219b84dc19fc90c8582d1f1f6b33ef27e8573f1265ff6537c588520b9d3dd52293c00fce002b2bbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d0e2b8650cccbdd27f8de445804c4e7f

SHA1
3047359192320243b825a384287f7b2ea326bf84

SHA256
34c772175d11cf244f243a7bf33e2cebc8aeb45d464db588ae1c7a012f1cf551

SHA512
d65a625f6c9d21199a56eeb7158e66855864118f3ec5fa7e28a268e1804ddaacc6e700397bd537bfe3a0faaad67043c1c84baf5775ee5068f81c86d838841b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5d9c3ceffed98a0f273f1f6a5cb2ef86

SHA1
69dd2da38f2e5951d28725a9dc11e27f8ea73304

SHA256
e7050064d89cf470210cfa7d9fdd6f68b2e21f038a9f98438252b7585704364d

SHA512
3d53b0cff35d1c17f448c58ece4a2b9bb66b45e48d6e47235eefdeecae9f6039c8be9b3cb1304026cd4a7f9980551ed54b50f0e1c4197f1d12f85e2c226568b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6838ec92611d2bb3147a3c5531d91312

SHA1
a88d4a892d81574ac5ceb0dd86b3dd89492afc5e

SHA256
8cd77216f5d998d9b81d9f7a24d3887f89ba6c56244731752d1259ca33a25334

SHA512
fcaee7b93dfbca579e2b0b9587b035e73a0f15ebd890607faa8b212d21e9df45eec0601b3bd87ceb257d48bf3106ca978d13b306eb2f00bcb5638787ce2fd5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
80f9ef8593778438554fde4bdc8f0dff

SHA1
075398ce04ab98fe626a653f630e7f597049cc4c

SHA256
1967b7a03100be71ce30c22b611ddd98e010a67d76c881fced5163675d11d758

SHA512
7b54262f2f06af1b1b1d7f4afebde3fe483719c4cb200dda4ed8f63e699ee21ba6e44ced820b3e70dfeb6052ed4a7a37791625d7000529bf4071762790b75a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
83c3c1cc64349c817942aea993d4d281

SHA1
282b14be3e41260bf25b0978c422c128a5375833

SHA256
bf4059611b622efe3cf581f025356fd3c68dc48795a0b0eda0ff7a5979138564

SHA512
c64ff932f7821d4a16433325d33ffcf6b02c4e41edac9086efcfc1703ae095ac31e0c713b96408735f655c3fcb3419c9ac8bee673634e2799602a1aa2c9093d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6e07f3e391e5a4dde6e4c52ad164dd55

SHA1
cdc9100c412cedb3fbd4c99758d9b07837becc22

SHA256
3d7d85c76a81cc236afe1934e218f05e6e19ca809948aea1ccf77ea77890d046

SHA512
a0f6f7a27e3e96f24f6909cfd199edcecc5d5fea3933af5a343cdbb02914b8d0521fa2fd85bf958fbb9824a524bd366423051ec0dcf75386b5614d8070c88f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
266395ef0adcdb97262e03157836522d

SHA1
02691e256d070cede41defe55f602a4f9d088296

SHA256
5b3c3ddbfde52c77bae63f63de1f25a035138dd2a5b3ca16b5c99d059737a42d

SHA512
1d245f6e5194300f806183a35ceab7c0776207ccdb925128dd488431437f678f551594dbe7a19a6e636ff4163f9543840466a87c792875c77c16541831b43cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
505160730624f65e73049a1d6dad4ffc

SHA1
cf3c97050088fa1ac20852e883db025e8d0582a6

SHA256
461762dcfd60f9bba39961a315a0a3f4b4e415d8f24498002907e19de2cacbd4

SHA512
380259a736498107da70044d3f1e4292a1c8a8b78bdd503fe7e9a8ba61875d373c7800a43fa0b02d5963f95680c1932fe3bf3702dfd97594f40abac8fdbd2272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cbdba6b97bad35b522923ceb3c9187d0

SHA1
d346bfae6c5612b0a1cca668e9a5bc8e519488d3

SHA256
438ba4bebbd98bb77947b5248eede765b407027c49edc0643d41d50a3c93fe02

SHA512
85f815a26c7dfe6eaa84ad5e8167dbc8a40bbd413c1a19f4dfe597b337f58838edc37353ab36efd39a2212aa147b0deb546f4150e63cb623d80f79961e78d444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b4bc3537c6c21735e9682b34dc0870da

SHA1
53da68e1ae612a6411855acc9cc3f25cac3abdcb

SHA256
44b4c4b4475f2d73ab150aa9480716895416c3aed20e5752bebf55cabb5b08da

SHA512
e45a4825718350f741c98df22a38dc7a42857609293406b974322c233a448ec875c1487b749f7189172af071cdbaef50141e01cea1ef8e872f414a863066c414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7a220e19f8f7aeeb93cd691a0b352dc5

SHA1
382c90c3651a215c837650bdaa21c4fbc15c384a

SHA256
a2428426e8daef3f5932b825f0922dabedaf513e85edb1cac9c328769d6a462e

SHA512
95390a145dfa1c04a7ce0ec06d1ae331ad0c4e72343773a18b21b89721b670b895c31821a90fdb7effd81bb02aa7e1ce50a2e1d7a23163e550bd0d8dfda8362d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f0fd460548dfa3861c16956f17a9598c

SHA1
a9d53343e3ca44d08ecf1d66307c234556af7ea0

SHA256
f2cf646bbd6d88738dfedbcceace28150e3441f8f223bdaef61a806a14bca3db

SHA512
d1177784a3738030d477de684678ce950d6628faca9eb5602080396517875d202373d532a2296608623afd339fb1a21426ecf45264d1af899e7c1ce344e7a693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
458f0cc39926777b64e22033a56aa0d3

SHA1
bd87514bddab02cf5391e52e84f04f2c7147a06a

SHA256
c6d0723cc56c81c951db4bf107754ef4386f4e74add3ad7fb9a77d914764a57c

SHA512
9689de1546a7f5b5503ebc22fd97587e9c9a4a3ba00c603316ecf28e40736ce1c88a784b1f438abfe22bfef00e48c88bb5b71646ea70521b06ec2f7dac3661d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
91baa1bfa20131ae86a7bd2e5f8070cd

SHA1
b87685622d343b413463cc6960aa9b3c2203b8d1

SHA256
6f57b6cace018b7706816ff3551cdec5cd7c352ec1579fb5fcd22e25ff22208a

SHA512
6b76fee538f36aba0f1076bb4a26e61eb60f18f14156a60157e4486260d2e454324fc2a0c1bf5664d1102364abe15bd07159fdec6af7f34e69cdeafd92d1180a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6c16417901a5e31f9099c05cacb46409

SHA1
ccc761581d56362237a15ffc4ffeb39c21649473

SHA256
5371889f0e3a02e218b47d9f0e7f356255f21c0a7baac6aa0ce9c089ee57913e

SHA512
6a2f25468bfa20cfc390fa7726ce05b9b92e69fe9d87668871279060693ee43cc933066132eb11f98b882c668a4ffe18844685b70b5eb10f0ad792745f0cf922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
a8e27ff791a0afe0d8afc499e81e7ef9

SHA1
626cdb0e240adaa993338b855afcc22d3e833267

SHA256
f4fb091421ebfe5e77b2831602735c2d3d5d16be41e0c35452d5873ad77c1f8c

SHA512
742d5a3014c3f68f9a8fd2f4aa6a3afc64b8ab839afd1cf10a55b7ee37621b0a6d9110d32d3d9aec58c8338b3be8dfa703a194d417525926246899be93ab9df5

Download Submit
\??\pipe\crashpad_1104_QNZXXNFEOZWDLGLV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit