gurcu | 5abb51a13fe99203cb082d897f2a48e1d30766c28ba1180977a9807b55ccc22d

Analysis

max time kernel
988s
max time network
988s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2024 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GTA ONLINE QUEST.js
Size

5KB
MD5

cefbb39e28c2736956e5ff560b7592b4
SHA1

b6af6a91f118cbaff728a213ee205bff78995f55
SHA256

5abb51a13fe99203cb082d897f2a48e1d30766c28ba1180977a9807b55ccc22d
SHA512

c6c9585b4c0d609767f66b9b80643f5ea688ddf4ea59f9f420db4340aa179719e3ca6cb0f325e33253c1346842fb6a3b0252f1e0a6fd61b6b76d514bd7431545
SSDEEP

96:+b3IXPOqRfbk9bbdiZSxUcUk9+GdiofOxN+75p4j7NvLwNiUlxAlT6l:+b4tEbbfxUcUk9bUofOW5p49vLKxiU

Score

10^/10

gurcu rhadamanthys toxiceye xworm discovery execution persistence ransomware rat stealer trojan

Malware Config

Extracted

Family

toxiceye

https://api.telegram.org/bot5687152406:AAFin_LYFhJGLydMgYheeUDec-2orew51aM/sendMessage?chat_id=2024893777

Extracted

Family

xworm

127.0.0.1:7000

Mutex

6LgoART3hAaWLFr2

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

gurcu

https://api.telegram.org/bot5687152406:AAFin_LYFhJGLydMgYheeUDec-2orew51aM/sendMessage?chat_id=2024893777

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3240-3625-0x0000000000D20000-0x0000000000D30000-memory.dmp	family_xworm

Detect rhadamanthys stealer shellcode 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2192-1462-0x00000000024F0000-0x00000000028F0000-memory.dmp	family_rhadamanthys
behavioral1/memory/2192-1463-0x00000000024F0000-0x00000000028F0000-memory.dmp	family_rhadamanthys
behavioral1/memory/5056-2573-0x0000000002360000-0x0000000002760000-memory.dmp	family_rhadamanthys

Gurcu, WhiteSnake
Gurcu is a malware stealer written in C#.
stealer gurcu
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
ToxicEye
ToxicEye is a trojan written in C#.
rat trojan toxiceye
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

win-xworm-builder.exewsappx.exeXWorm.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	win-xworm-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	wsappx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	XWorm.exe

Drops startup file 2 IoCs

Processes:

XWorm.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWorm.exe	XWorm.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWorm.exe	XWorm.exe

Executes dropped EXE 10 IoCs

Processes:

winrar-x64-701.exewinrar-x64-701.exewin-xworm-builder.exebuilder.exewsappx.exeXWorm.exeXWorm.exeXWorm.exeXWorm.exeXWorm.exe

pid	process
3812	winrar-x64-701.exe
1244	winrar-x64-701.exe
5004	win-xworm-builder.exe
4348	builder.exe
2676	wsappx.exe
3240	XWorm.exe
1200	XWorm.exe
4960	XWorm.exe
6096	XWorm.exe
2496	XWorm.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

XWorm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XWorm = "C:\\Users\\Admin\\AppData\\Roaming\\XWorm.exe"	XWorm.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

Processes:

flow	ioc
262	camo.githubusercontent.com
263	camo.githubusercontent.com
264	camo.githubusercontent.com
265	camo.githubusercontent.com
266	camo.githubusercontent.com

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

1149 ip-api.com

flow	ioc
1149	ip-api.com

Drops file in System32 directory 4 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs
discovery

Process Discovery
T1057

Processes:

tasklist.exe

pid process

1176 tasklist.exe

pid	process
1176	tasklist.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

XWorm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ENC.img"	XWorm.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

1816 4348 WerFault.exe builder.exe
5556 4348 WerFault.exe builder.exe

pid	pid_target	process	target process
1816	4348	WerFault.exe	builder.exe
5556	4348	WerFault.exe	builder.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

XWorm.exeXWorm.exebuilder.exevbc.execvtres.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XWorm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XWorm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

XWorm.exe

description	ioc	process
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	XWorm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	XWorm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	XWorm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	XWorm.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	XWorm.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exebuilder.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	builder.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	builder.exe

Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

3428 timeout.exe

pid	process
3428	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679574422121045"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exebuilder.exechrome.exechrome.exechrome.exeOpenWith.exefirefox.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16	builder.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{B6D18BAE-C80C-4380-84C0-5C8B8E6F5579}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "9"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\6\0\0	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\6\0	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Generic"	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000fd26f173d7e4da01edbe8e9adee4da01688c4680deecda0114000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	builder.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	builder.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exeschtasks.exeschtasks.exe

pid process

392 schtasks.exe
2912 schtasks.exe
4960 schtasks.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

4776 vlc.exe

pid	process
392	schtasks.exe
2912	schtasks.exe
4960	schtasks.exe

pid	process
4776	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeXWorm.exechrome.exeXWorm.exechrome.exewsappx.exebuilder.exe

pid	process
1228	chrome.exe
1228	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
2192	XWorm.exe
2192	XWorm.exe
1992	chrome.exe
1992	chrome.exe
5056	XWorm.exe
5056	XWorm.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
2676	wsappx.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe
4348	builder.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

OpenWith.exebuilder.exevlc.exe

pid process

1812 OpenWith.exe
4348 builder.exe
4776 vlc.exe

pid	process
1812	OpenWith.exe
4348	builder.exe
4776	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

Processes:

chrome.exechrome.exemsedge.exe

pid	process
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
5972	msedge.exe
5972	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exefirefox.exechrome.exe

pid	process
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
432	firefox.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

winrar-x64-701.exewinrar-x64-701.exeOpenWith.exe

pid	process
3812	winrar-x64-701.exe
3812	winrar-x64-701.exe
1244	winrar-x64-701.exe
1244	winrar-x64-701.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe
1812	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1228 wrote to memory of 1844	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1844	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1988	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 3316	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 3316	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2000	1228	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\GTA ONLINE QUEST.js"
1⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ffdb0e9cc40,0x7ffdb0e9cc4c,0x7ffdb0e9cc58
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4408,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3552,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4624,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4616,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4648,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3436,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4568,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3380,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5124,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5744,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5200,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2444,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6076,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6056,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5188,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6360,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6480,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6320,i,1016571941422759974,1274179489421702909,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  PID:2160
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3812
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1244

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x508
1⤵
PID:3852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3548

C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe
"C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:2192

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b368b078cee143ad82fbc1123b34ebb7 /t 4688 /p 3812
1⤵
PID:4560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1812
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\XWorm.rar"
  2⤵
  PID:1476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\XWorm.rar
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SendNotifyMessage
    PID:432
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be0753e1-617c-4760-9fd5-1424a8f2d74f} 432 "\\.\pipe\gecko-crash-server-pipe.432" gpu
      4⤵
      PID:852
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2304 -prefMapHandle 2312 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b8c0b1c-3d57-4b98-b12c-6620dc47361a} 432 "\\.\pipe\gecko-crash-server-pipe.432" socket
      4⤵
      Checks processor information in registry
      PID:652
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2992 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc529b73-c605-4649-b631-d59c627f82ac} 432 "\\.\pipe\gecko-crash-server-pipe.432" tab
      4⤵
      PID:60
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4100 -childID 2 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51884f1f-8770-46ba-904b-14ceb1e8bdf8} 432 "\\.\pipe\gecko-crash-server-pipe.432" tab
      4⤵
      PID:1048
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5020 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5052 -prefMapHandle 5008 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb99f646-04d7-4f46-9e2d-4077ad2768e8} 432 "\\.\pipe\gecko-crash-server-pipe.432" utility
      4⤵
      Checks processor information in registry
      PID:2912
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5420 -prefMapHandle 5416 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {064420b6-8157-4fe8-9e21-0a8e3452ecd7} 432 "\\.\pipe\gecko-crash-server-pipe.432" tab
      4⤵
      PID:1864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5660 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a01e24aa-77a3-4226-b331-3ed89c387043} 432 "\\.\pipe\gecko-crash-server-pipe.432" tab
      4⤵
      PID:2348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 5 -isForBrowser -prefsHandle 5740 -prefMapHandle 5748 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {116c819c-d47e-4e67-a690-a8ea10c57f12} 432 "\\.\pipe\gecko-crash-server-pipe.432" tab
      4⤵
      PID:4516
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4372 -childID 6 -isForBrowser -prefsHandle 4364 -prefMapHandle 2740 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {446d56f4-64f7-4eb8-a80e-0a30a869f6c2} 432 "\\.\pipe\gecko-crash-server-pipe.432" tab
      4⤵
      PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb0e9cc40,0x7ffdb0e9cc4c,0x7ffdb0e9cc58
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1992 /prefetch:3
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4828,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5204,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3104,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4000 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5244,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3276,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=208 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4372,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5412,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1080,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6128,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=1220,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6112,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5832,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5708,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6196,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6344,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6556,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6572,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6688,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7000,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7200,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7120,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7512,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7628,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6504,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6488,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6464,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7864,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8020,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=8164 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=5560,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=5240,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8296,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=8312 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8320,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=8276 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8528,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=8560 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8340,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=8696 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8124,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8520,i,12702150131378152849,13608028814944980956,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:2800

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4940

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\7eb2097f175d490fbff9b0d9ebcaf18d /t 348 /p 1244
1⤵
PID:4904

C:\Users\Admin\Downloads\XWorm\XWorm.exe
"C:\Users\Admin\Downloads\XWorm\XWorm.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5056

C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\XWorm-RAT-V2.1-builder.exe
"C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\XWorm-RAT-V2.1-builder.exe"
1⤵
PID:180
- C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe
  "C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5004
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4960
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpCB1F.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpCB1F.tmp.bat
    3⤵
    PID:456
  - - C:\Windows\system32\tasklist.exe
      Tasklist /fi "PID eq 5004"
      4⤵
      Enumerates processes with tasklist
      PID:1176
  - - C:\Windows\system32\find.exe
      find ":"
      4⤵
      PID:1740
  - - C:\Windows\system32\timeout.exe
      Timeout /T 1 /Nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3428
  - - C:\Users\Static\wsappx.exe
      "wsappx.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:2676
    - - C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:392
- C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\builder.exe
  "C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\builder.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4348
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kz5wxwgv\kz5wxwgv.cmdline"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5992
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES937B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc128E70A152174300864533ABD7D8B1F8.TMP"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3364
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 804
    3⤵
    - Program crash
    PID:1816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 804
    3⤵
    - Program crash
    PID:5556

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1516

C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\XWorm.exe
"C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\XWorm.exe"
1⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Sets desktop wallpaper using registry
PID:3240
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 1 /tn "XWorm" /tr "C:\Users\Admin\AppData\Roaming\XWorm.exe"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdad0346f8,0x7ffdad034708,0x7ffdad034718
    3⤵
    PID:5164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,2221546749663535097,5339176436060716302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
    3⤵
    PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,2221546749663535097,5339176436060716302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2636 /prefetch:3
    3⤵
    PID:320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,2221546749663535097,5339176436060716302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
    3⤵
    PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2221546749663535097,5339176436060716302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:1200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2221546749663535097,5339176436060716302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:4048
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,2221546749663535097,5339176436060716302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    PID:5528
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,2221546749663535097,5339176436060716302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    PID:4364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x508
1⤵
PID:1604

C:\Users\Admin\AppData\Roaming\XWorm.exe
C:\Users\Admin\AppData\Roaming\XWorm.exe
1⤵
- Executes dropped EXE
PID:1200

C:\Users\Admin\AppData\Roaming\XWorm.exe
C:\Users\Admin\AppData\Roaming\XWorm.exe
1⤵
- Executes dropped EXE
PID:4960

C:\Users\Admin\AppData\Roaming\XWorm.exe
C:\Users\Admin\AppData\Roaming\XWorm.exe
1⤵
- Executes dropped EXE
PID:6096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4348 -ip 4348
1⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4348 -ip 4348
1⤵
PID:4960

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4776

C:\Users\Admin\AppData\Roaming\XWorm.exe
C:\Users\Admin\AppData\Roaming\XWorm.exe
1⤵
- Executes dropped EXE
PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2c76afc5a2c5731743f37706c1fc87cf

SHA1
7e9b3c33b0e65d011882eae9d8224a3f2e30f7f6

SHA256
77fc781aa22f91c1beb606634a96088bfbbda95c1c2f08b679c281f2ffbb2dd6

SHA512
6cc81e2569857200dcd7f7c161536e9dd1fff4c9fb993fdc58c7f86b79b064713001de5d6af01136b4666439ce16532626559734549150408c8c101601ed8683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2d35476dc469f0d6639dc88bdc2d0836

SHA1
707a06088d1ef7a3b56c33e760913b6aa9ac8d2c

SHA256
3625f024ae6707434ed933ef110ac9f9192911a5e8208eed1ea7ac8921e7254d

SHA512
f6aaccdb925f5e3dd6df69f78954f19a9e80276d77bb8d21669e7c766d0c2b85041a9c3224d6065191f27de103d4cdc868545358eb68799fff0d951528f73939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
ff942cd9a4c666fbbdbdf410a8f68ad9

SHA1
05bab4419143d6bddeac23b6d6c2264441e88876

SHA256
15ce7a5f703e63c8e4d12170772156b96bbc31fbb638114b24868b8cb32f3efc

SHA512
fb690e4d26604cd231cc62ff8f663352b3878d888e7bf97e3fca1705a10eb4de77e40d66702af3b04d6867458ee048da48b79564d1815650f2c81f7f364df036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
f881feb56291502935e79db6c2031ac8

SHA1
9c5d170aea86ae7bbee8adddeb9c54006b9dc36f

SHA256
9aa2314ad06fbfb4fe1f3ad1d9bd6ec49488160d98026ee22eb10c5746236754

SHA512
e5d17a72b1ec4c5f7d253e5d5b4f5c94a98274c8533b932254b2918f75cc182e334dbe04d839a7f2c36fd2944fc46be79391b61544c7458603dbc65bf4a15664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
17c414e7db9e928f5f3f124c3fd4c5e2

SHA1
8afba7f499664c72739e5f730d0794be6b627377

SHA256
c12ac89e7d96a050502eb0df3e7deff67a6f6c85fee78199cb45d3d5c98beeca

SHA512
52df7a5465bf950eefa8594bb2b2f43ca108a969034090b5da0bf05205e2f2d6c711890a8ed8be2ed4b911ddb1bca02b1aabbbc2c69c0bf4cdc9a9d1e5dd2ed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
ea1cacec7e49d5b690c48d47b98908dd

SHA1
1d44285b1f03826aac9b1d8fbf6928c187cec53a

SHA256
45cbecccfb5ef70927fe900e6b73db43d5373f40dd04332ab7b0405df6b326e7

SHA512
36d3792db265053b775e814f09e6061cb27f6cbb8754cf347ee55d16552109bbf4f5a5287d73445dc0879cd45edaa2edfcb9fe4ce48216bcf74d12435c7c210c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
49KB

MD5
8765273a6cc33bd9839201b4422fbcae

SHA1
817ac652bb0af904655c3bd4735db64baca3f4a6

SHA256
def9ce238dd992d531ca0f9ba9b8fd676eee56201986f4baa049d4c99ba88f5b

SHA512
7cfcf0a80c3d9a9c3282cfd928f8a7e333e143b6e4c36dfe0192eb40ff04885c6356f10837baa751883d2707a58a77811905adefcf690ec333076af29310473a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
39KB

MD5
d9a3337e7a0ac4a46db9f03a302b82d7

SHA1
ad7d3d47748dd1f42849398f61085ad628bfe25a

SHA256
9a79c2062e254ebf7809d822a71e4ab745c5afc9c177e4ea687ae1819c88f56a

SHA512
46591e33f230d7735e4bb395ae8efaa8f9928a97dba7627991fb337eb699beacb5c61320d8f5a73cdb845f76576abb985b04373ace77f12de00001ca19b5f493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
31KB

MD5
e6993dad681aec746e8b820aa82c9b86

SHA1
b81f2819c3b69a79efb33c53dbec2ee3ea8aea8a

SHA256
bcf082049e4137588124371d266eb9087860dd5a8d0f18cb02068c04d181a318

SHA512
38c562053f02de160aaf02fd74154a002d4778319bdc5b439cf3c529aae0d3c1ca80bbc88300a1f2dbf00b8daf67b77d54c6b6aca5a44b917d59b988e3552327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
47KB

MD5
036fc968c2f4ab525f7b953fa2564ccb

SHA1
4098d90a6d76412b3c3e1ef8e1fea150d220b388

SHA256
dbbe7cb0e36b8a3e1664e87c2e7640e98259f2dbc5376a7a388430005e4ac845

SHA512
91f3d43fff93f2502a622d643a9fc5703b80a83405f557bb168488a40b2aba007a769de87c472caebf77d12170ee970dcef175a3b4ad0479857125d3e11fc014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
47KB

MD5
cf2f95205fc61ad4bc36d90b203e52d2

SHA1
b8fa54b8e32123aa5eb4a3e148ffd98cec972d08

SHA256
ede51f757133fb00a4fc29b7a87e76cd87ea6b053f3879a60566eae68d38dce2

SHA512
b73b3c680f3f0e348a7517d5d56fa9a0f7d9e9b356d5dac1037cdefeb772a3aee2c3c70f79bf30597cf0ec91fbfcd365ed386249cfbe467597c2aac7621e64f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
29KB

MD5
d23c0f2af732c0603ca2d26cebfecda0

SHA1
89ac67b7179357afd2806e51bd2f9cea62a41726

SHA256
ce5d63bcc8f7793c091587cf4cf8de91fc6048271b16e07363d811c76da29b11

SHA512
9fca23c000a711b90d4a6c600e9eabb87d12f360eab92a018b67d3b1dc6d8c303db31cce26f3e03fe2cfd09992989df8f83f91f1294c3e23cd8035a61275a89f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
19KB

MD5
abf480d4410e537445cf27fd5a54bff2

SHA1
232e9823454907159f0889d96ebcaf43b9c1cea8

SHA256
d80e28d37704c5d8b2dd94afda4aa178546a515d7ea66457eed1e80702d2d6c7

SHA512
04e74b120881df9cc9ff0b0916099873bba459a8e4a9452bca3c003755e673a336fdae1cbea7faf82e7eaaf3adcfee96a11319001230086ba6ce7e3a27aebd58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
37KB

MD5
51d334b22bf12a56188b0566d0c832b0

SHA1
960a740bf30c0c3956452f545ba6ab5c434fb9d1

SHA256
40b71afa1b183c0004c4ef582b4fb97e1575f4994beff1c5e0520a74bba65da3

SHA512
d467e0314926cb39c990a942ed7e79eb7d820906b42c06dd54124928affb287b2811eb29ce0731fd1708178b9cea4d5ab90b32d0d26d123e0beaacebf902b878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
40KB

MD5
f6c0aa2a0b91d5aa934f0040dbbade25

SHA1
c3fdf15d00fc2ac794c4def8a89722dae96d183a

SHA256
284db0e4f6cdf2aee75307350f159eeff1ba8f05d267692440b97b45cf629bb2

SHA512
51a43c5d9f0e6d9bb1429043b555dc9bcb7ea145bc900933a9a027d395e1eaee9dec44e3a755e456f52906390ec271b890b086f82cbd7f6280092fc04a76ea1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
45KB

MD5
e12320d336f390962d1576f1f4a522eb

SHA1
1c47e42391cb0637a751a4558afdb9ae6bf1b247

SHA256
10d1d9afaf5b6afab8037e2e2d9b91c0e37176fb6b1e5fd8844928fea3aafab3

SHA512
cdf5296a524a21d5f8f7fcbd8b883474c5b3ece4183d98e667a6a47572c7e3eb1c0fefe9e4c7981a508b78208b1248bff24e1f5328c3bdf7703b2bc4573f18e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
30KB

MD5
32cb6e5418bbe7c14d5b3bba27c9d816

SHA1
64881d142093160ec2f4b0314fde0c7b88896c63

SHA256
15dac53bb2bf17daeeeaa34ba86033eb33648faa83ecfc09bf06ba865b4714ab

SHA512
a28606740022ea8206e92578a54aa6732dddbadc46b8253b0c056245debdd15a8c194830dd6e186e70c28506d017647db4f4b720bf5c535b0560c830f317af5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
92KB

MD5
65beb5de4dd7469816b4b60ec6dc13c4

SHA1
ecaa195dca613a841f38950134f10ccebfa1d485

SHA256
535529b3094899f90fb4353c19ad199f5c6ce458ea0d276c6c91d7cbd8906d14

SHA512
73efda371d2717e1138c5101b87351553b07c1b9d85f1766688d8f6ea621082c917712c69bc42fd50f5fcb85840b79e714690521d94146278e2c2c979c21b4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
69KB

MD5
314025075985d92cd9a743d482dafad0

SHA1
709a1050e7a81b54b48e4b43e44140ee8295759b

SHA256
f8ee013eb443b8c1d03179b33d6b550441f2e9772849853ba26755c34c3fad25

SHA512
ea69d1bab3267ef52f7fe7cc75528fe357eb8fe50fc87ef56e4627483288e897d00b4824948749e6b39f7ee064884883903ca634eee0d8d461dada8718847244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
410KB

MD5
cca8874a7d713be40b4b63331de53cb9

SHA1
a58a3be1713e65b385465d35624fdddc58bb45f8

SHA256
b52d026f52a0fefdde64df6ea9c97679d9b7c418231dfbd53f32c3205028e543

SHA512
015e70c639695b590e190f3d078f5f4331772f8a45291c57601e5138e640c29cf7f3aa7b9668dab9d802a50a3204b46dc1cc9ffd587c48223fc562fff3caa3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
47KB

MD5
20e193409981319aacf2f703c4a58d19

SHA1
43b4c7cf6a40fcec448535a0ed5acfdcf98ca55f

SHA256
9b9599c10fa006ea38672d1cee6fce6ab0f306498ba17a5bc458f58bbfe2fa4c

SHA512
2d49582bd1f8cfe105cdf5113cd1f21a19e6e64290719d4200958d139e51ab9105a41a5f199c2019827d28abbd34bd06645286694e993ba6bf363bc07a6759c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
230KB

MD5
00be450e53be4c6908de198044d0d123

SHA1
8791756b3cc3becb7a8daa77d0df718571256c14

SHA256
95675e664f3a169ccdc99be73c4fe4a1217d8ff21373ba7d6839c3d72f8ad8dd

SHA512
8d758753acc6ed7d26c5d770d55c88aa6fbf4e84bc71ed56b64b0342c17bb02164e26cc7d91049061fbb02c5563fde21c8f0ad3312fc35454524abc980c5f8a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
750KB

MD5
26921cae78b43f0dc55305de1ece8cd7

SHA1
f7afbf891f7221034a65e6c8d8ef5e5c6187629c

SHA256
c66af7480bdf137d11af12b4d6000a3b03f2b5d521a4cd6c37e5a1cf3bc5cf6e

SHA512
bcd86709957e3ca2d25519fab0439c048352d2abcb51214d466f7aa5bcd8b94e609ec9f31b6c48553365f28504b29a6049f1edcd8b196383ad806e65b92d71ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
32KB

MD5
a0873fd83e67b01b6e4f73582deffb3b

SHA1
1b86753d9a6e4ea69f5c4c009c84a575fa318a26

SHA256
99bf7d8df8bfb5dd677f065278baa181a7c43bf4d49465eb6aff476b3d8b653c

SHA512
16b78e3a14ec30f5e565dd2df3e795db500d171ce54e553d3af1a001c5fe4a62eb5689f0337ebfe5bd30ea0257a731f45f1f9728c21b48383017df6055aad687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
32KB

MD5
ff6b2553035b5e2155ceff6b8865d9c0

SHA1
5787d63f8fb57f48dc6c2492c517b97f90d4fa52

SHA256
6d87035fda98a8230128563231c7fda6c846b7dea0700a95aab13c777a247ee9

SHA512
eea24a3efe380ef42c5220d62a61559a1111cd03c6cf864ad9a653adb3d6491687da03372abb89188786fe0f42fd8dfb38a6501ef544e341d373548f3960179a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
175KB

MD5
0c68b7405bdfacbe36798a5cda4f3a82

SHA1
7259fc03502159176a2db935f14f992578f908b9

SHA256
7cb05a34bf2460a62c9615c2c5c45f000337bd52f7f382cba3a6d9b6d2839507

SHA512
ba9769c1dc671882a4cc489dbb4aabc852554354c446795e9dbb902c21eb26cbc9a81f5ead01025b72fc2d5d663f8383957f678a588425c36933f54d5430a800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
113KB

MD5
b912915d032ee7c4314bf72b1bddf81e

SHA1
1687a4e86e557e625eafec88b7dd1d65ec5dbd0e

SHA256
ad31937b135d1945ed7039c5b3133f38af2297f5dc5d6d3968e1a04f15ec8b99

SHA512
78162899626526dbd2a49cb8959fc12bff8e15f8467fb36454d9738ddcd7bcfd411414bcfa12a5dcda4a932db24242501ab38298a6074189ff9444f715160e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
25KB

MD5
558ffe54e51e0028138571b4b7247805

SHA1
c83fd549fcbc03e0e5fc4f1fcbaf02ddcba17680

SHA256
ac44cae0d1ba878a4ea83b0eaba4313d0022dc86219ff72cfd33fc9796905784

SHA512
9d4753a6cef338a907b90b2387b3b75362d51918aa31316438ce402d8269d6cf6cd5d111a9192c62325a6db8b53ad77f9e34e82f597306a0116d6065131b4e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087

Filesize
32KB

MD5
a62e306e9bf006f3fed077366627f84d

SHA1
71c1360fdf4dc7d603e44af5369222f1acad87eb

SHA256
b84d9656b5b6488c70a98f21d60f6c171268538870a11e9bd30002b0dd768e46

SHA512
256dac3b7952218654caf61013c4ebe9ae29d840fcff28f24a43b5e3c099ecc677effe37885e18ee30cabb3c9046f8bd7911eac3114b9a584ef78d25ae2abd80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000099

Filesize
17KB

MD5
d9b715a2856f3b91aed9312f38c7a130

SHA1
bcd23bfbee142d8d6d31733df985f43c8d80ff3b

SHA256
1afc9c8475dc190b17a1465026eec2bfd07ede8c2bbec75545a0a3997381f9a5

SHA512
f2f1c146e7d3c1dbbb32e5ee4db16cdc235363bc03fa4d39adf61e3f1852cb01044d5995185218092668511f8027da331b52a5eb311df291fb9451c04c35d7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a0

Filesize
54KB

MD5
01ad880ee50b786f74a5e4fae9ba3d71

SHA1
111387dbe885b7f3af44cdbbeea17eeb04bbf803

SHA256
9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e

SHA512
d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a9

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ab

Filesize
20KB

MD5
af076fce47d859d009c16f2192bc94b3

SHA1
2f56c334cd6338b69a0f39c3edd6ea0a5b21bbd8

SHA256
d36457358687310d026665a3aca628637697a703adde698287a3ea25ed49497e

SHA512
d89b829f8292c2ce770b54c86eeeacb0f59e251134c17fba214649b132a10b99adf120b45b6c3c939b1846ada1626b683cabcd6313748c6fe62e1e72086f1a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b1

Filesize
63KB

MD5
67e59a06ec50dcd4aebe11bb4a7e99a5

SHA1
5d073dbe75e1a8b4ff9c3120df0084f373768dae

SHA256
14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe

SHA512
6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0449e5ee2baf294e_0

Filesize
238B

MD5
e33a74b997705010a59de0834361cd25

SHA1
2eaf85e889cb6024dfa76054b6447ee0b83e7afa

SHA256
f396abc1d6d26d509bd4e70a1993d3b5511f990ecda257465f077c79a34b82c4

SHA512
9bbf63a89e4a83c6330d78378def9376762bb9d904f32dd4ab0734f31af2de327740c203e8c430b40a669eafb5a775c23384e0d8a93e016f8bd96418a4776600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\17bf20b6cea63ca0_0

Filesize
236B

MD5
94830a255700b46b39880afdea8b1a25

SHA1
337c8e11e325a27af087fed84e364a508339d1b9

SHA256
aa863c4d797d2c43077f3e594dc9da6473244d524b0227246a4abd28538a8428

SHA512
bd2b48da5a1c01d6aea59063ac9b1d500a0b3d3f4772949be782f3007c20337fe7dc51e9ebad6b92040fe004681bec8b7b12e7e56c11597c411b7292b99c00b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bfde39962961371_0

Filesize
267B

MD5
f793bfc2c17f239907913c41ccc1f614

SHA1
7cbd1dac3ca96d99dca61b2a41fb33d2e2bdf8d2

SHA256
26b55f2ef90c08783265546c0102b1eb96a6de5608b0eac2875d99f64da1648b

SHA512
3a10feccb4a7b7d1c8cb599273652f431467e196a3fd5ce44c417c11dc52df96b9771b439a0a2619a41146a70ba20dff7cb17723e2b84a71253f2657ba84f5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6348e7221a9260af_0

Filesize
233B

MD5
1505145e7b179d902b4e266dca3e491c

SHA1
ffd69c34ac909e20d90e6b081d0f1e10bdde3c89

SHA256
377833f4b071fb67cfe76e2f556937330c5e6c1702d690a0fdcff65d2d3e3b05

SHA512
065dea13756bcd5638c17126b9cf43ff34fcc3594239adb09d59847fe57993ffdca54050ef9898f66086356a4d9d70b669a387f65a5505c537e78958cd45500f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8cb325d57099f935_0

Filesize
237B

MD5
c336a2f0fba33ddc4546de9cff884640

SHA1
a6fa79768138bebe05b800875469b8e0f91c1fbb

SHA256
18ae31f9fbe2986696ab2d0f04924ad74f8e589b600aea5674630a0e66a00cd8

SHA512
d0f19688c1f9172f0f6ba0e9ca3f9526bd5b721423e1e8a9bfd94b47246fb5fed0992daf2d8e8b488734786d05683cbbf1f78027f2928b8c027166014bcf09d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\92e6ec84ed5dbb60_0

Filesize
228B

MD5
0197a5c5eb039dba14460a245592ec29

SHA1
868fae3991ae1ccf04403a945fa402c41b005411

SHA256
0e75c617d51b44d62c0f3457ba313c3af307e4f048a4000673088c491e4deed4

SHA512
bfa69df1d7b24439fd31fcb895504855a21e90839755cc89aceaa40de4f28491f5365b9e5e2f30117555c0554189ad0ced59172f8a92244c481573834e76fd3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b953dbf4921c7eb1_0

Filesize
4KB

MD5
a7bd7229dda4cbe856861424f89bf757

SHA1
be63ce5469614890f34ac8792ad89cb7ffa62ea1

SHA256
e2c686dbaf4f575fb7cf464b7bc6009b8e015b0d1d138f4366732154a73311c1

SHA512
a0886b322b1315dd48c7741df4061ad44b35de79d70720882e2e655738b495f06a31c1ef92f706712864ff79eb6082e9b546522e7297b91674984ba770f20a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d8f3a98cf5171046_0

Filesize
48KB

MD5
70424c35d0556fd2d7596cd70ccd2cef

SHA1
8727936c9bed383a91326c6d5b7bb1223dfb3862

SHA256
eac19661dee3cbe1ce485d1ef38cf447aea22162c482f55f28a0bfba12729647

SHA512
9c27cf90fd8b2f1cbcf3d243d78a2397dd3051c619b83e1c143adfb6be55b6580ff4a778d552d31e458459b82a881feb05516b7f2a9e3e0215bb3e1d6eb541c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4a5a5e9882df50fbeb1acef906d19001

SHA1
567a9515f5ab58997990d335f1f7ac1eb4822ece

SHA256
fe63efa2250635580a8b96d299ccdba1c6964ead41cc926cb2032395e61224cc

SHA512
879d372e7b70cf8252ad1f164d94ee13e5323b8a360a56eccaf9de92bbf42c40554d7c40765985e3e1d017e603a1bcf35540e18fb3d56b5e356bde9ef68893bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3460b58e678ce89bef16847cb7474d54

SHA1
5f3b4d72f773315b58b97f1fef24a6509de8a31f

SHA256
902cc87e9443c342ee390143b5b80cf83a898bc1b1fd62266fdc8b1f48c11a92

SHA512
7d19544b113dac1a8c07d9678b663cc5e8b6e25be3d09eab584ff41b4fa2deaf8d9c40d59d3f458dc5cfdde7e637fd056afd6bb5ad7a74831baaa01307fdb269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
428875a26934699192f7d7cdb3b8d299

SHA1
6dae8d0bdefe01d90026b67484b77386dae45e50

SHA256
60052b21cce5d7be1b743d11f1b51421a793663689f151b830c7b67185b4f231

SHA512
abd5c38fa274670aa35cbabb8645c8eeeff3a3e7f3108ca2767c3a9efdd16e79fa662f81fd4a293e91deb8c34f251999fddc6cbd2befd4a00a6cbb34d5188b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
aea812971f16237cfe8a029af789b818

SHA1
14a2c331fc7531f88d85be54a835976999ce4073

SHA256
6b75c938ee8557b354382867dc041efa91cc4b6caaf73597df133b49a0c1c495

SHA512
4f15bf387bbb0245866c520961034b689f28c71affbeda81020582e92461e83df5307f19d16ad3672e53475aae557295164030c7d3a684ac11f7275bbee89789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6a589350443516be7ba2e1c9cf4eb8ea

SHA1
4385593565b868b6c03db87ec8c0336e4e91650a

SHA256
6b69d883c1f785d15ff60a57ab0a08fc4a53603da6641b5c0e94094c7ce839c0

SHA512
efce69bcd0e44c5bae9f835ffde81043ce414ee95dcb6cd0fab4c0195b5779a6e0b839177acae82d60770ee9a6504c3b7a9a16149c636298dcaa2232e2e60261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
682130ef5f43385c861704f1a81a04eb

SHA1
8a657368cdb32e2134e0b4d9a247e5b0f9196aa9

SHA256
8dfa4328b51d9ef5e8ad22d4f34fa46c57699ccec68e3e975a0f91ceec6c6c1d

SHA512
abe5363e156495c791bd32d707fa1193f9c0c736287e116d4ff4bb75bdb6282c7a12a94645297fd5a1d4a0fcbf233c095785078ffb3c0d3ce045084e213d9358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e1bedd4a248291f6ce5d755ffe67c4c0

SHA1
1837644603f810affe9b69cc84c4c485730d5c1f

SHA256
5bfce5381bf5cbd8485315fa61cd2eb1a6b18c5d8cfa23f155fb298dbc76a8bd

SHA512
2ecd374df1abe14286ce4d688a70b3e801e3ae66c405360615d20cb85788bcff1b3e92347a584e00513ba31c5a41aadcf202f55a836fd420fb4b5effdcf5f568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3c612fa45163e883a22da94d802c20fa

SHA1
5ea7a71233a03907bd91f5e08b5c5bfbb9a98bd6

SHA256
4c06a645c10ba22340741b260168c1811c8739283fc998573a35137f893b091e

SHA512
f6b8edc68049efe65e12e11b09099243b38200978651ab3de7ee514f4e806f6026dce4dc2d0569491dde16819700d4c2c1653a6294e128d16f766ff328de2e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
89d19fb322dd6d198f61657d966bc1a0

SHA1
c79168c87690f9355e91a55874287292f0e3b0f7

SHA256
4659dccdf994ae13e63d115b23bde1ad933e4d8b9ca1ef95ba041538ec1b74af

SHA512
406f148550a4662a69732a1ed53ccf3f995075b72f38c1eb08fb63a1ea8a17ec5e01348b9e905170dfb69cb314c15eb00791f3416c5475f65c5f9479e043f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
9f568b157d1c5b04a17c271dc7f5c33b

SHA1
15fe23840ce12135c9e1574a7321eddd3f2a8cb9

SHA256
bac02ba388be90a1831b9e941fbf86be5f6a6442715f78e22070ac54039dc729

SHA512
c9e267d21b84f210819715e67464ff183ff53405c4eac364f9183735bcf510077c5a304fe0e4aa64337bcd158a0e7386ca2f05390ba1a2621265bcbf2ab38178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
ba9752a7f10e71d29534889cd9e520c4

SHA1
26446b37ed58e4440c7d27fc7dff00a58ec95a47

SHA256
f47b3661d41d590b5abf0bcd311d6d71ec4955c25b244c6d3ce89ee177a831ab

SHA512
2db96cb51e01524df3f25d336cc2481bbde6e0e5a4ce2308dcfc8f5dfed6262ca855ffbab5525fc789e316cd30b6fd9bcf9e3907b6ee9cc1e4b958596ed44f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\95c4636f-88ea-4a44-a035-f6f10abe0304.tmp

Filesize
356B

MD5
93d9a9492b4351c625189e40c85a0d91

SHA1
b11a01eef5b480aa3f11b5da8a623724ccd8fd3d

SHA256
aeb005761e12da1375ed6cd92a12bac0ae559ddb71fbb74f10ffe9436fbaf0b9

SHA512
d8bb29dafbab6bf84d72f67a62da98e604e2e051e393046f5c926e895f9d65ed2ea7c2e5b988b132f9c4bd874a076c82520dd08261f715111324d8a24ce2f7ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
f69020b6711202c64e23ffdb0ab086b3

SHA1
311982098aa9dadb703d430b444b703f3914fe42

SHA256
c194692e02558f133e4e27ea9098c9dfc14b83429702e9ee35841cda625be03d

SHA512
a67c38ef650a6b9a071145bdb84d33b273dde5957c71e828ea0c3a481f97ca324e5d02f68eda781541838475ab7502d352f9ec63a88d0909694498a443458017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
018dfe7bea8470454b4e61a799250be4

SHA1
87ebed7997683475d67af76f11cd25ff1d5a1d82

SHA256
ca134f4d7186388e0aca1efc8d4952263259ee35c5d0889b26ec6690ac75e0f3

SHA512
f867e5d782f312367c6fb1236ae9ce7086d27d905a7a472758c60a265aace0975a67b3e8b11d32479137a21dfc609f854c6a91266068cc40ff1c05edd5b6a7fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
fd6434aca57b3f8fe679c64cfc91ccde

SHA1
57e046c7ee2d208a68768e3fd7432824c41278dc

SHA256
fe16b4b2a3e535c52d1d16c2e4d8194d74260c44d3b6fc57567ff7577a8855a6

SHA512
0436fe06ae927aefaf7b43f5de90ee4df5402bba6edf5bffd815e9a367ae40572ebd972cae8de77ac62b8c77994e2f44b259d6c25cc11c06b45f7dd483bc9b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fb8806342f80237d4e4e382beff7f73b

SHA1
ebe4b6810142fcec2fc3b03c58502c9ecca04a61

SHA256
70679ce293fe5aab63416c46b7d77f44c0c3f7a434770871cbace3581b759491

SHA512
bc479b7bd30cdedddb4d1502acef221786a12f08ea3e860f335e3323686beb9d9f2d8418471149c70882e5b58bc9acff1d8440215d90b658438b5babae877e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
803de28f415d483e281336d8f28f4541

SHA1
615f103551db71617d459e458a8046bc57079e54

SHA256
acb0a45318dd78e75327afd87f71169638e1b6e1b29d983f3ba22d1642824d73

SHA512
368b3ea819e7e3c3fc7ecea45f2234b59a31344d4a7f28976f75fab74ec29578069c22d6ee8e98257e0b120a2ecadb83cc18d250b5724d4b34ab7029dd58c7e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d722e202e44f59b97c3ac6ee59c4fbc7

SHA1
a7403e3eac9da5f00afb62bbe7522d05f040e987

SHA256
f3e2e0735ee2a31cd0dd4ffd8b559d35db821644009c42c67ee3cf0952aadfb5

SHA512
73757387623ccf4983b70396ec25345e6d89d8c999f629609e9187b0d771f0353f6ac2d6e0ff6b6ccac979525b794e30f6e3ccefdb43f9437105423e8e517c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e34a663ff7ca65ad7f6ca8dad1056bb1

SHA1
9491af09d3661f96eea497d78f1aae2bb1f9aaa3

SHA256
32ad27f3f53399506727e420586141576d2b6fdc05d423d133e789f7b8f2c791

SHA512
2393c0f48c309d406e3ea43ca41ae86e50f596cdb6bc0aae1749b51d8ffa12b9a043afdb0451ac283389d2d2183fa82c2521d4241f4cbdc9251149547f1b9139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
405a79d895965b21f43230703e8f3218

SHA1
757dbd15a6f8c81c4125202d2968250f0f2063d9

SHA256
4521be95e9f2e78096db28987a3afdb9b610e2358ed8a68ef214a1fe8a763c84

SHA512
ef9788e265c07172012ec84f49ff46a9200c42faecc57b262ae34e1ba57be92362b55d8b6b2df89ef72526ffbb210b5c339210b71441f3164429e530bdfa4314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
580fe720dd434d6cb2d07c44e694a740

SHA1
02d4b19047141a420dbc164509f72e882cf117cb

SHA256
dbbfa1e784e28de262389e15ebe108f1fd8f281d26ccd0e07b489e723d48c004

SHA512
c627efd0d9d8392fdfb4a4bbc4185239f978c6fd6c65acd9661f7cdf50f23eec60cf7f4d465291f0c032f87d08ba9e5e5fa3ac06a3a9a675bfc2d62593f8e498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e7b57c189ce180466db92a0dc7c92447

SHA1
b661d8c12185e5ccaae870370e202464a94694fd

SHA256
3bf052424bcd4d14710f55b7e64caae6d41e363c14e4e4b614056de3ffc27411

SHA512
c5d759b2c4a28765f8d07aa264a29565cfd90bcb6e33cd0149c57ad230edfc15dbf30cc9d86c0b22001a85fb131e3e9865e4d8ab5cd73f00da0e505706e431f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2e50dfce3b14238b9d5d589b3e290306

SHA1
e3bbd1a3b5a4fcc64263834023191ae5ae3ab0ce

SHA256
5f7ff1763739d13f1e7e02df6f7712e1b926d7a1aa5fc916e180bb838c06bcb3

SHA512
69144196ea7988b1b1e21e5726c430e5214c5710426c6ccc7d8c6a9daf5f5632dec0c8f76160f9fef3df89d69d4bdb2fe3615e318dc2264f2975fd4e58703643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
359be27a5f47a0210bd92373603f2c8a

SHA1
58354afea75cd79b54d656383852d7a4e6a28693

SHA256
783d14715f80901937793e1be4b5245caacf07edac13eb7978d118ef0858595a

SHA512
8b0f90c75c20f9497600b8dcdc709a8196aa082c2f445d0357227521ca5015879c23bcc6d7fc03a90bbdcb8fd5d710f540e051bdf82c1b02c89f541626d4edb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6eeeaa5d5f061d838f21ee418d3ef8aa

SHA1
ebf18b1ff6415af16d229021cc8156207ca9b790

SHA256
99228e7a5f910f2040a3abcce1ce82f6d56cb0ae0b41a6a557809159e6fb1b29

SHA512
2f8f43ea9367ce08a93a53088490294f359d55a38ce95ca8c941b93cfdb2e56213a73380de3cdbb215eaa2fd7fb9ecb284bef838e400c73c17c39d94e6bfd437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cd1ee25747201af80640a13f13bc56c4

SHA1
d2bdea5b7d7d834d64e28d01df1dde91ee132a4f

SHA256
632431e9e46daf27954c829a17b193302f29dcb6ee517591b25388241640aae3

SHA512
d9cf210c3d715bf036681a5194bfcae18846c360b115ff10cb48ecbb3edcf7199a758897cb982ad33477507dc0d7f553fb457b8938be5cac5aa0cb25e51bd74f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d237cd71bf603d164ba2cf22b5ef28b5

SHA1
c61ef4705a7c9a9202ac696c1914496b8ccecd79

SHA256
450cad073a974ebf2634e5c798425177efef95ae56469d9537622435dbe39b71

SHA512
62ea956bdd632598a3ca3076fa0d8d5fb8b6e7a2e5c9ff7e96248cee9ad9966964add0b6840fe0ff47fb4d9d1e9c03f6e4ddacbb7ce9e1ff3a5a5b6f8a3f53a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1b9643b8f92f1120d514b49a4014c9e9

SHA1
fed593af9b0dab6e00b7a1f3b9cdb97a57c19b8e

SHA256
a13f0c433344410a2307b581ea83202022388687eeddada539db6f9d8f19cf7e

SHA512
6d4272c22ce8ecddb75e0c0b9ba3f07a9ea4e0ae4a0274090aad290dd38cfe785abf5de70221e5245505682566eba1bb411db58b11e0018f66cc90430153a838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
021532261a8a590eb41716782f0df8e6

SHA1
8edb1a10095a3a0b5e6357483e76d222c55820b3

SHA256
9a17068e33bb7910628b715c8fc3fb18b54c6050000b1c969877de275877339a

SHA512
4a228788b8dc4f48822f36fdc10365ec166b50fe39011dd6a051bf2af5ee4cf97ae8a4cf14247c19167eb8c1cd2edd7ad623f93a5ab2cb71cb1eec4fda33c5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c5e69ea1769be282db9f0c2df2e2a4af

SHA1
9404569d101990a8bb61c78a426deb89b3f5e00c

SHA256
0cbfaf427f00b9dd8048090ad4955230af3b71d1f22f8d32cf133e11224ffd55

SHA512
cf8f3cb0cc6cabf5f5babdac55d1a8bcdece8dd56dcb152b0343ed87a2445536df5e39c90dd90f7cb26d207c44bedacc468d0e760c4ce3ee5fd87be4590b8888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
a79c47068b61c0637d2eaaa87b8c1853

SHA1
5c8a97e1fe14867f63ca7e817962f2f2c4758f8a

SHA256
1cec584db092716a8b4498a6b1ca38eea8657ee389aa56641c86f7f5971b6ede

SHA512
5af2b0f575eb2516757390278dea2e66ca16a9a81ca247d8ca1d735dc4f83c1f144afb0f5d8c4f1c296fa3b560a156ddc8bfa56ead9e358e9f64bc2f39530550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
599851b7db6d56901cc4a980caedce1f

SHA1
3390317e886b05680c07d98aacf95a7bc1dec0e4

SHA256
aede700a880c8a93ca64abac5572223cce2dc6957eafe89af7330f3bb0c69133

SHA512
a1ef9c8f3d36fbf853c749e7ea9d85d4c4d6c671c5d9203a66c12036bcf43f51dbedaca246e528c70d4fca51f5cca1407bd6ea776087e418bcf9eac5bd6e1004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
7ecb19d547de905877a18e038af919f1

SHA1
ce2d3ab98c330922c6bbf0499408fbf5e7e3332a

SHA256
25607529125b04e6b64cc89025ea454d1c87ea77b990795edc55322769176a8b

SHA512
0492b627b5e9aaaa7ae2e852fba9026966cd8ddbc153e6be3a2fad2b13aa22da669aa99d88c6b266c4395129b9587e57d681682c10b8614155500bb09e64a440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
ffcf0dd8a9476cb8e974a7e47deeebca

SHA1
3e970cf501ebe2be9faec032704184a9aca24ed8

SHA256
ee6d25691d6737061f2552c50dc2641bd038b03e9ca5cac096003186cf13b947

SHA512
2b01bdd46888714bdafc513306bd997a9fe1ac7f838eeaa64b458e16e0dfee08fa653e554d6fc43005874f21dbf8b64e677bdcda9af653a3ec7336844bb080ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
3b83f87051574c31e7391d10ced26f1d

SHA1
967a9678786ed6709e504ac121732df4b28ef8ca

SHA256
86df14392095c0e98aa9afb475abafc56c61fb69c80ddd68942a1439a11c2b0e

SHA512
372f7a5a4ee43e8eca27ea834ebf46c4f02740476aa36e42bf4836b766b745d29a0dd5d644d13d50071139ce1338d2780e1ad98408cf3a3b50e80946ebfe8d89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
1974f0fce86acbbe0f84082a51733e63

SHA1
441b836f247a3cac6d577aad0af8f76d9eb429a8

SHA256
df1581cdbf52eccf235e427f4b44f779f766cd78d0880da4b513cd4099faca1a

SHA512
459b0be40d390210fed83cd99a0f4195d8d5ae0f932ac871159d56caef1243004e4aacc66ff81eace98ffcacc40d91fc126cc81d9d763a8f280a12763efcf61f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e160d947f141944380b81d1128c28950

SHA1
b8d79eab808deeed678e5f9fa49d2f0aab471cb0

SHA256
566efb9baa7de6e69e29e1361fa346fa3b7a8643de051f4a7ba7ed4a21e6f2de

SHA512
04ca36dd9aad770eff2f192d3d2f2d62562c9f214d16fffdc91445de2c1fac4dde7e9e3e77bc20e768e8e1fd3629b0a2ebde2413b58b0e5edb00d3bb80858505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa4ab39807f7eb90cc8076e0392d7373

SHA1
a84e7ca3590a8324630b3250f960b3afcbb8f68d

SHA256
86c7b8b728b53baa15c1265997c9daad513ac4ab044a37a090667b4448ca3f20

SHA512
1df0e0ae42ef7e6fe8d47e5bd439017b5ea6ced07163d31e54c7a6c1349523de9ffd037f2fbf05a3f886225ca2f4a6073479efce1c711fc1033bea0198631f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dde0de56f8e05a4ad3286bd71331f65f

SHA1
1af8ec7dbe762b7a17c4744e2a65e75a132b8fc5

SHA256
358e7de73fd462fb16d79c7c2aebf4f15b0b084860e41cc9bd911edfd472eefa

SHA512
7393644ed505dfe2c8d9e819f1f018cc5c7e4489bee120fddb3aa93bfa4a3466f67ff73adfb5d000b52ef195dbffc2be4503f5a35905e13380d59668c0462be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9e8c8f76c85d7d047beff7dd47c6d55e

SHA1
4565a159fa78fb2287b93b4c93bf62df549692d1

SHA256
28f7db674b1401852c017a1f8fc1e3939cfe882f35916e0d781c116ce448c189

SHA512
60ecc1df2ccccd4c532118461fc4599b421b6c0a2ed9aeeecf62d90b6c36767b5785f7a1586b42812f8684065546123fafdf3983d911e04406f569007d6850ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8c9f76f560c445b6bf379d37aa216187

SHA1
bfde9b277cadba0ca1d604caee42a3ad3b701f66

SHA256
3059431ca0e7c74999da8b7de389582dc3bb1f6965140bd1d19e28b14fc7844f

SHA512
2511aa719fcbe180be4ece6f22cb99cb7a770d69996de901137ad029e6141cf430326f9494f15e3a79775a48dd802dfed342104cffbac51fbbd63ccb045f917b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
7f55fdfbeb8434426d922fe8ccb81231

SHA1
fc6f3f93a5a81dcf439ba2bf50356622e5a16e3f

SHA256
43f28e282203094dbbabcd344df3f3ab2e7000ceeeeabefc2aa8d774e6c4ff73

SHA512
7f3c625a1abfa323db99afd657c9fa291c8847ebb1c41f6db88f131a9e59eec04570a79c425ff0e6bb2e1e2a2e4a67d3b6df39d9fcd21bf295c9018a0cedafd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed4db673ca9c9303f81985ab14a5dea7

SHA1
b524387d5d44a42fd6c04192ab0dcb5d63edc3ef

SHA256
7764c252bdf9f343289671e75e59cd7c6ec1d0b383c3528e3a7062bcbe9d4b08

SHA512
bb0ff5640f39432e248f759c46ba25b3777a61c0582721e83dbb22a0154ebda0dd1ef65e73378da03a0b4a46631d5a74b133f5d4271acd22b7a68c1f3b1c0adc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c41bca15a3b7a3b4517912611fbc886

SHA1
53336fe86bb447f8692f635e570b38bdae1569bf

SHA256
f1b0d214a628eb45b32caf1e4954c67ae8018abefc4cc1a9ee602a02db567927

SHA512
8b8e392e22a9cadd166eeb8e32bbafcad516d0f45990b14aa6b706ab10e2cd63baa98b002cf7886408af702251f65362fd6942edb69e2dd44bd0489085e60bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
c50174630635b9f902c5fa62e548d2bd

SHA1
657c5dc844d5ef78e7b952f339ec161404792780

SHA256
bb1bdb6b4ccd016b2babebcc0d2daa6edf7aed8143c066cb7721670e63593881

SHA512
2e90393ad41ae0f7042896fc7c542eefda6cf1d8db78dea0195d6704c1ff1c79a4b35f880544b41815cc52cc17cdd30794c5462028c47c4e935d142ca8633881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a30bab8034beac2fd07de1f03d5e8361

SHA1
63d2a9af338c6a837b13c43f19426630dc235457

SHA256
59b7796f209ca831f97141e823db7d6bb88ac206faa901bee3679d67cde571d1

SHA512
3f808a89a9d65d800aadbd6945f9ae92e4828377412a27ef8d602c7cfff0700601d6692a6aacf7eec3f12ea9a7b311d18aa677989ac17620de6087feefc3df82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57482047a342d31d003d8a3957517fc0

SHA1
7f732db4e00aec9b01e0d420e56b4bdb854fffbb

SHA256
c447392ca3618228b2b8dbd989e0ad893efbd59931f49d691f5f6a9a5ffb9036

SHA512
d9c47732bb388df7106b9523040853aaa2a69097f7dba0068988956a4b38d264ff9fb6f8665e3b74cdce1423bcf7a44f26cfbce2c7be758279dc1544e06b6420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
e5de00b113ef7c7aa7bbb6e6034cb102

SHA1
04bf5d5a65525a90b76b794041cf17669db69aae

SHA256
8691465087c0e8b9e80d69120453c4d75968d5240eeb53264579487d026f2539

SHA512
11257f2c2d9b667c7e9609f817e77c93265d26b6e3ebf35fe3bec476ee7b58533deeaf87997b73ba538dda49be6d8650a2c9fd165cab6d76c60b0afc6f1988af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
0995c2d50984a5097ba4c08a2b2e0d87

SHA1
2ad6217a6b57313dd5ccd9dc13d6e16a311cd6fa

SHA256
a49825ac4fd30f33c413af2ce9e66b4de6948ca377ffd9140187262fbe40ebda

SHA512
83b69dcb3af77528e0531075f16db708be8fbb06f9cf72e675ade55cbc88320a652b1505ed8ea4be95647084993563169835fd3f9214536ae5ee594aeea8c1c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cc8e0db2959c0377cf7c94559471d961

SHA1
43f7c25710e15bc617e50492e5056fe8b8d01b1b

SHA256
05c1d024f4c4440e1e7004a5d6b4ff5abd41d05fac46db34fa1f08f11ebf4050

SHA512
d967d50e78364cce42d53f94c258e7c4da67e0b6084b4b8f50abbdfcdc00ac36314de438aa513811881ff61745cbd8d84a93bd8a94b7b2ce3a47f35e1352baa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3b7bd58dc5aaf8f2ba4c92128472ddb1

SHA1
0ae55e7393cc6c0557290a8b43fee2995b4fdf54

SHA256
68ca5ffc1782a315114ce086b405f4349d8f9e2af10d71c1ac8d71bacb49318d

SHA512
145471daa538f9a21095a132bcebd900fb65658d24ba396384a9bdacc58c75e539921aa7d079311f5095d7a1684344a6d22f1390df7c67ec42ca662f42993421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8994a22196d3552fee0f81ea4d159dd3

SHA1
629124312d90de7bb870421b75415261c7d98fbd

SHA256
6d913c5327951a1d5741794ae63eecc92fb66a68df802a57a8a5db632a9e0c46

SHA512
24808ecfa2a41b840b0c6ce96a14fb8011f29702ab4e1e7b8e422e1b808bf408235622b0a9a4da354a98fb156b1fc190ce39197a1d5a6f1dce6d9239422a4340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6c068c0c922d2408b0f5b739636616aa

SHA1
cd2c2bade586b78af6484719f0504b3eb7dcf076

SHA256
2febba10e8e9141c18a13d33f7a6f6b1afda9e92c479230d9dfb2a58797cc3f6

SHA512
742c6f1b32bcc75f745145caa18633e7a6a4484bb3a75fc5587ed8007b74381f697d4e17d2e8bcb331e94b3b2ff8f954e0bc335355cc63109c07c27dfc38a6a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
95faa5c5e5f63991c822e909b6b232c7

SHA1
01a30833429d302e1677bf64c6fd941962723f78

SHA256
0be6b9849e65525d2dc759aba176b2c71b203b5223449e3d52492d8d2e46a53b

SHA512
0e69c0323024e5d70f3ba2ad8e4a7004331c2e78c21dcbe652a2a3563f357dc50f926d193d9f08cba44ec17f1141233e8b529d71aca30ca63460d38451048f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5317592089330bc2bf75a06b3d63310c

SHA1
6d99928d368ddc2aac702a5dadc93625a02d5d0f

SHA256
7df7fe58fa88b0fd73cb7d2bb8a6fc168fbb417bbea7b412968b670a28e52012

SHA512
b9fe5ae248bea71a91661b1ae7931f1c1d9afbd7bdafc7f18ecccc74a4eb5139b8a06d50971530467b2865977467ba5a406a73fffec39e41bf11651d61774b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3c25931e4e60f4c6743babc1c45da482

SHA1
8615c47f3665218334fe90f96f6fd95db2859eaa

SHA256
966f6ef68cc35194c2e4f54e9f56638b5f25bb306575db44c465732220b7f95b

SHA512
814e69eb55c5eeae3ea6400ac141027fdf1f74d92ee9f95e7f25c01557edfeb6e763f27236be28d755d6b3ceee7448696d019d007c32bbe09a3c3e72eea8acd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4c990b5baecf17e39eac530813a6f711

SHA1
03e665651621666979f7e66bd715f7b724e6de8e

SHA256
fd595dc5f1dd41c2a42267e02cdd479c757b0b763c8d598a60128d6f15d0e57a

SHA512
756c751fd614e717deea36656994d21014558932e382a560ef7d33652f8122edd8ffab2c0c87859a8e6ddc1885132e336e8b7964bea56dbd18c844b81a981373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
f7bced1c42df3773ce5e38c717ec022c

SHA1
e5a97dcb49b0efcfb4583a0b47f990a7173d1ca4

SHA256
c212f693799bd13041666bfd14d41e2685bca52dcaae574210fad509a4239837

SHA512
79b34cd7ef73711d8651bedcc07904fb81fde4b95d81531fd1a81b93bda1a8e3d39db113a18e3f17c5c0ebf27a1cf219b2d9dabe626175c75ea49f6c9880d1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
1a504dfc4325657d4b3b9075ddb7786f

SHA1
8d151dcbd5a0b3c766f97324f0779d2834d624e3

SHA256
83f511f650439147984387c3f2704a5be742036955e678593265dc4cfb798e4e

SHA512
52081793ff9b9908a9ed9e8a13f94130732cca4d1008d60ed0f2c999e3b904ee808f23b66ab59b46cb6c741968dd2b394e0deca24e790a0b2d1606323fca3cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
c0e832e80fe4b11637adcd1e2c86caf7

SHA1
2ae57c209d475e598b07a9e1f4f119e7409d4621

SHA256
07319d9a9662b0ffdf99062fcf91f87b7d59f9a5ecb0fd38038983d622b39192

SHA512
e4b4ba138697a623a60f7cff8cd687a106eccdc93e301be9f0ca8ecaf19130916915dd37074e94b05b56b9b2a10b3a9a331793c555800b2f7b1eea36f8e39caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
1f1c5da7e254f827f3100e8caf36d634

SHA1
f971cab01cc896c202921ac52ada016f23db91cc

SHA256
8838724df2b5c7b2b1debe7ba02ed2eccfc7818a602036f40eb6f6ff8090ed05

SHA512
e908f91eb673b21b7c07b9b08dd3e0f351bc5c3b222472001c9bffd3ff18daa346f8efc375f142c39ae71a2b4e5b40cd4478671d15c575e205dd53d97eb6325c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4168189deee5ef8fcaf1b68aad74fbf6

SHA1
3193d1aa1f8e9e0261f929753fe11031830f88fa

SHA256
e0b1d66900fe9f5400a71f31a5f9dbac4459e4fd3fe29670aaca8acf03dff340

SHA512
a73b301309da8161e7eed74c5fc257215ce3b6edf5f15099968aa6281c5607e6a212950e7d09d6700fc987fd4d8e0cd565434c4178e29c239d6813c1933f4457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a0914c3f8ca0d140d22be0ac089307c

SHA1
80e7d8c10de013d07fcecc2d6edc94ab1e571bd0

SHA256
9bb9046c6777561a8435a193096bac5d4bea679eccb8a921fdfbbbc4fc6cf8a0

SHA512
6738295241a8c22ee84ed3baef0f230e3c09dd47184b17a5fe8a15beeb726d7f3fdd18cd3b375b62b23dc676b0afdade94da114f85abe9faee6e120c1892dc06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
546ec81cbaf3c8a3210e211107f7ffc8

SHA1
d119300b1b1b502c226e6075c7dba9603049bd63

SHA256
46e4ba3ba3911d215056574b7f648db75999f0843e39c6e96560e3247d415805

SHA512
bca8f59c6605f642e2e141ac35ae733e835adea6d3e512aba468f4528c9621a1b804ef5118d61f4add3e90b8dac37385dbc248f825e283baa12a31eca4de08e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
332b9072b8773da250d1fda73d7c9455

SHA1
1501a1f91a7fa0f7a99f4eae9429b327a2ad019c

SHA256
583ba93a6c950692edbf34bbe5601660194bcf71a835a196c92ab181eb65b71c

SHA512
18baaa03650e17418b25c005df06a2c82e563201b353d9ef41f880d22106be2f1fdf8394386b670382f1034795d700ec22a217db7dcdbca3edbf916b6d4b02b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
63f29d74d0770824201d04155ec5e9e5

SHA1
06c72ae6ce91e59edf7d61e84e8fe18cbbe9bc06

SHA256
2cf368bb8d4f7974e0e0d1ec05e74544bc15d59eb24dc15fac3b3223b6a31047

SHA512
77f5a9fb6306b7b3066a06739b1b801f56aa6b7bcfa5eb407ecf6995bccc846146f42f26830a717540d26b2b9929970e790a3c87d0f013b3d2adadd62f20770e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
65141fb5dee55e0e23aabe6680f88bb2

SHA1
c9f6c0fe533ac1542c4328284174d30e8ca6ffbb

SHA256
bbeeb4da209ed9c84dffdfd9c39db2f5d71567560a13c18adc582df09dd5142d

SHA512
91cd5bf876de9aa0770e88c855dea248daf5417790966a85d23875475e30acabeb2ce6c4cc15d0f4b751babb3b3b4b0013dc7df3c5c06b13e744be96735ee485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
65bbd41209c460d33739b52bb37bdd01

SHA1
58215a0fbc2beabfd8579ad708207dd4c7869666

SHA256
ca9633c8a603f68c76f920527e9b8b8bfaa0041bfa84b6c8ed7922220c1fe5f7

SHA512
d1a3d24c93598e5791d8fee84f226eeb6ee5f59ac9b6409685d25419fc413cf0e8bb80da47952de7497e4aa0ccba7ff47ac44a492fe7aea9708d37f994a7aa02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20bfb9d50b8b4a73f83addaf94c150a3

SHA1
a2669efa1aa5b9bc2fc69aeaf6452fa4c9b32b05

SHA256
df4f565f4121787c175347fd0e0c6ec08a89b52ccc99eba85b22d31e0b71cd72

SHA512
4d11b50f8aed7f85562e580cdc38ebc46dce0197dbc21a5d0621ed73c28d3a9effb47f38f33cc6de0f47948486f3e4882ab9685a405890451d1d75824d733f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d6f81f305a9cbedf0bd111b34743925c

SHA1
dd64f3b54e39f26548bff23e8db7ff073c22fcae

SHA256
a4b75ea30cbd5ca373450f021c29d3cbbe0d465144efc2e00060cb191f6d7194

SHA512
ce13a090488fd71302980766be20c4718f9d17d3a7f42415b8b98f8edd6b011cad97026914dfa2329692640d58a5fb9bfe7adae538891b030e0cb24489ab2aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7bc753e936348ed9fd4004e96f854bf4

SHA1
8ace47d548d06792663d0147847cbe5d363bcdec

SHA256
7f3ec8d3dece03401d35bfe15412f19654214a59453ea6a2a43079326adc4981

SHA512
53b551b30ff01f87652b845afe0d6e6e9da54718977580b77987249be052d787a76310981bd220599e7386b873518611ea93904520621e1543a5eaebcee595b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
30b54486fdc96f2e8329308155c8507d

SHA1
99900412925275ac0b2a3cc0190c85ca21d5168f

SHA256
6baccc6ccd24860ac78ff3f0b8ace40c9924bb282f238a6b2731cb462506aae9

SHA512
0e760cebfddb8fd8f4aa2be869ab0d6060ca666ff8a09db4e933b65117d5be6007d9ccc14f50e712f0fbc63f55b483f5cc34de0e4adc268b3ddf3c4758562274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
abacf032413c244672eb56f3ea2f6eb4

SHA1
805d8cd69f158b8164d97fd8984507caa90c4e85

SHA256
f745dd8fc1932893f8334978a772fbf51aa23066a25c075d9f55709b72cd1428

SHA512
f7d4ea017c3213dd621505763fc288f1b19e3454fe31d3edfec3f5fbc753d17fc7b70255b79900222a8026d83c04cc3c5b20bf6f2c926f96ecc2cb1bbecfc0cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
e8fc95373aeb4167195aea3e7cc8879a

SHA1
a7934404b62a32f16cdb1d23a1a821a016fa7a1b

SHA256
1b2ba4dd9762295b94e57d6b7bd691d425b49b2af1a271f6ba2fa929961cc9bd

SHA512
cded4cde06bf1a4861b08236dc3e8ebd45af7358eb0ed31ba66a3a71fbad8bcf12d65d68d92c05afe179d42ad1a4dcdcea06e68562565e50193ce823d6d83edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
8cb10daabca9d843274610e39f1a6b3f

SHA1
b8ec4af6354e0b5cf9927f44a51474cc13ae481c

SHA256
e05a1fe11f006a3078f534785323572a8d86f4878dfb4d5794bc5a6e8870c253

SHA512
7a53dacbc7e56b3c4c39af746625839083abb08e59d13c9403b679af1dcd870b9de2828625af730ef037037eea4de0a92ab40c39eb9ff8331808dedd2619c6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
f15888dd16bd8f98b9def16716ca924f

SHA1
aca47803589ba997ad1c78f7a58170309c76be2a

SHA256
3eefd6bb04e54d88f5ef77fbab259f099990bdc0262a23ab6ff210383a7750b9

SHA512
8c289f199bfa930cd1ba65576039881ac51c11d5ddc9ccf1c95bb26363e79424e46c1f55c8a86b98ef4275e29047f3dad198a23a2236f42c517398f65467e5f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6b5bef71a62daf07ab8d375b43a0c568

SHA1
d8681140b689f04ce7b736df09240dfd40da0749

SHA256
93ed249060f290ac233101deae477e3be7f818e0110174f6ad27ca5cac2651f0

SHA512
d673c9bfd61b455c5752701518de271ee86d9af1e1e5a4ee89bbf23f673e77d729f0b7ea3c66a1f45dca7b252bba985969f355e412e58583ca6864a76f06548a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f05eae681625d2e66b2953887d53a477

SHA1
297f99d98a2cf606daf96ccc0b4555dffc4969ed

SHA256
77873be6ab4946cc729fcf5662ffe28365dcee50910c42716dd8d5eef1dadf8f

SHA512
b1a32d1e48906f30e17cc477e29d33fa421ef2fddbb4d23f559d82894bf6c5825997550ce1b95d4d847ed3d602f868b715e2d3589f0af118a05d195ea00e2d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7ccf81b7afaf209a632b3015e78fad10

SHA1
16eadcc7f9cc7272f49ca5a3fc7bbbf3bd0a89ab

SHA256
40957926a0b24218961a57af8612d27c9bb92ff033bef6556a4e5b6432a7f380

SHA512
afede076895c3c238936fd3020b9b3b0a623a4abbe437f53e4b48ac5fae321b0935406e4fd46d243be2ee76454ed90be3fb8b438970ca78d44f012370c5aa9eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4e1259b5e0960a8e05b2f3f7a7aebb6f

SHA1
c7cc492840a2d7aa9bbc0c13e019ff62c17e7a52

SHA256
291766ab03ecf73da95f35252b7107fbd6a9f25d69e45c41ffc8a587ebde32bd

SHA512
12de6bd8c6c5f7b1f996cfe8985242119c788a44e1e7ca42f9b52ad475a7e84b953b3062542e096f6560ee6c3973ba355a99b776bf84c0610c2d90d991fbe9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4f88a9fa9c78370d6540d2dfeef0132e

SHA1
5968f2e6bc9bb62a52ddc59a1aa8836d29d93128

SHA256
fb17d1ad0599d44c1e503d4ec40fe376598a200c35bde0f6da655efa3377bc95

SHA512
457d6c6927c098cf6d0e7f8070acbf38f3421723305c4447a020491906cb24cb0137173b301bb8257278b062bef555c1abe5aea6a52a70169ef1cf7517c0771d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
72c23258be822fa23ae58b0d9c6ce9ad

SHA1
4f1d11c73f6a593bfa639ed3f4e86321a350f98b

SHA256
769c054a5a229c0a91992b6e2376bf69a5e84714f0f3502983c2ef7325274933

SHA512
fb6f04aa669d398a1cddeb7df52664f3cdf5c31a634c69f4006fc745a6068a459efdcc86a93c781c2e757e9166874159b9d9322ecdd8a1b2b900d951f8154ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
5ada38f88f74c98753f0e735329e6fb4

SHA1
bbb1efc66178bdd9fa0707c7217723373905ef82

SHA256
ed69f57663f169cdc210cae32713ec9634919b79e8a1e3455d00ca38d6b1244e

SHA512
886c73496174d664c4b3ce16843251d3856be9d6e43f011d8a54808120286e5f1fff84f897fb81d11434401395ef36040c6e518ffec501e910f70767a7e05e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92c2acd4e8e70f69697e310cde2a6b44

SHA1
17bb7fa2cb117224e06f04622d99e5a5f5b99e0b

SHA256
4ec0896be4dc1ca9c5796f97f6fd4de591e771547c0bb14ba7cb4fb9b6c9407a

SHA512
5089922b5434058b64ba0258fc4ede48b67843d51f9044baee8e0f9fcfd9af69b37b5c5246586322e845ba2d609e27c73af81a0597b9ccbcf5f803b2095af24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8d2b560a6cd478b7f7676562dda42f54

SHA1
1bd91263400a50fcb642fa58e811bfe3b393b01f

SHA256
f3e4f8aabad2e73f66ec9bb544d09ba3344710c72942e7cd695b8f0defe6f0c6

SHA512
d98181af6df5abd187d20bb0b2cbb7b304f173e85d4f8a5eff71230cc9ca0f7c58e7550daed549bef829b4d82778e8f7593e780f5e6f52e99b2e72ca8eccf1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
edaabd058f0afbe8859a956f426891af

SHA1
5d0b75711283df23b3c3b5793584333f761b6084

SHA256
7ea5cbac8f0cf3ad8bb39fe0317e69b65cca17042baeabd167753e0a1731b62a

SHA512
c34d043daa056f06e94daa7a5c78dfa9a3591409809fcf9aa9181e27e96fabeca4a80ee2109b09b378c1d0c307487190a456fd0a01115e9a2a23bc9234c23c68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
de35c862ce81cefddfeaf4f5d3c632fd

SHA1
da5267a3e2dd58d2dc082e0c29930dea74699538

SHA256
a60c9abdfd8c2b9bccab6e753318ab72265b299b4e1879b64f1880fa7b22872d

SHA512
6fc27d4dd871157aecf022dff84405e0b9dd44445d0b8e05d62b89f581031e3e55c33975545546756992411dbf922315d8c8746470db9892a70eb8c1768ec1cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6616d8eb6727ea769fba00c53af06d9d

SHA1
63560fd069e878f328a4ac96189c200cab713a62

SHA256
aea13041d610a6e5c348669088943e8cc41f926e5e4687459164f3e85a2502cc

SHA512
a89b35ab549e5ec75189ca531874e6a761506804ce85ae3441e014751621762f197e15bbc8ee2cf7611e2b90123dd655ebe5f3995823becbcf34905ae19343b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
561fa77df5b343d3fdab33889f7d6c96

SHA1
e06d3197c80731bf20035ef2d196ce4d08a173c5

SHA256
69667ab73cad9d71e7ddca1d2df491001e231477b3ba856509b1fb1b70749165

SHA512
5ff59d7a419a57cfe51839b170e63bfa0205530c5240aa9d7c10fff6b2a8b860efab823a002548f842b8d14234317e438fc186da6397360753b2ced067536224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
0ef97c29189bb9d3cc52d7a4d92d57f3

SHA1
b3eb748c3337a00ce6cfea3950b95e9863101ac7

SHA256
a5e703a49d389a4208ea20ad0e2935b1d6d035d16174f754eecc66b15cf42e06

SHA512
f878b42a53abce9291bfcd5451cf692919cabe0e49a07754df7b118f401d58d932f2566e7a4ca7c266c1e8760cc6e6550bc5d053438d52cf0d45a9c9cdaae143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
1bd3ccde823ba0b31332210de21754d1

SHA1
63296b9cf8027ddb1aadf7441b78f04dd54b381b

SHA256
adabdeab8c21036cf2e4695f1ef096b61205de22af4252d836af1bdb083dab06

SHA512
74627465d2bee145a31e4d989b78e6a562bd0629018e4c6069c2da13025619c268622d83790c71043e69e63146cf5a9f0ee05e93c3c7883991da8da4e6acdcd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
e56684c13b0afedc12fe27b129d16df2

SHA1
2cf1e59eca92ea4a3639b7b99e57426d03d42846

SHA256
032f1d1b4c76338c7f83f2ae520f957406910e7c09b63231f6384123085329e8

SHA512
d447b6fe7541ed317806bea04c4f05b26d37e68c4a440c35474c1bea01a6b9ce82b559717811085f0afb010b18b63d066760330bde631b9ada045db5139f1f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
59e8931814d7cf23ef98676c7647d2de

SHA1
63567c14a3e2f33e3766d791ef497808e562130b

SHA256
b658c2f318c2d98a4d1a56ec7e679965f5260a44cf07811f08c2d6412d5a4872

SHA512
e7f2de83871018900e7efb6d6ca980f1628465d2c38d73fe1ea838c41d95ee9835207703762f647fcb6d474f37083a1c54350acf0a813ca4ee784a9e26cca2b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
18bc529ad68850e9bfb54a25f931cf1a

SHA1
cd6b30d8094dff432470e82f68aad6bc4fc5f2a1

SHA256
9fce60dfdeb2f5ad0b73dee55b7ff24ca2856be7c1efa66c45393bf4068fa490

SHA512
4f83e07ecded08cff557d6f71ad9b06c8a531d140a18b441d488b5906f9347c5f7b81e30743797e52717e64636169ff0d5c887e2fd9e4cbeb0d58500c1d83098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
8a0bf8f0ed4e130909095880689a71c5

SHA1
66a99e7b0c2e8a10afe56684da45cd8320b11ee7

SHA256
ab40dc00bb9bbd7b9eeec9f7fae8b4bead154ce2c121b74a1ccd37a622874eb0

SHA512
66c3f6550bc72d693e037bbb15fe08a3e41ed391caef5ebc245db42ee459c7da9b71e3b2e1c93f87514dd3740f406bb9da1f70447f034d14d4c139cd6958f26d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
1ae2740e76a6fafc42122c9a55e35d64

SHA1
5d00f4b97e26ab2d6d2c8936f3c99988f696fb37

SHA256
0fda311a027db5ff62499a25de0b4b90a24c017601e96dc005ab49b23c8145b0

SHA512
8fa7817f6a43e40d2e7203edaef51f2c56a794337df6e6f09d76dec62797c40bb544e44d32c9ce3406f4f801f978e696b31fe790118f87a270ed30a182921732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
ab7f2ccfce4da5bb8e2d5f330c7fd89a

SHA1
6cf61e95ae6bb4738ca75c580b89d54bc13c971d

SHA256
a7c12b044aa4c0876cc8ec87f592e07d7824b54ece3cc0ca6f2db4d3efdd784a

SHA512
0f7ac050d212f01ebaad0815be245249a28f0a9b608e43eb686f2dfe5887895ceb307f314d6c1502c29223783b157abab29688c157c78cd069ba80e81f948d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
7834f1509019dbfdfa01fb0beb2fcdbd

SHA1
a7256e78169ed467246ccd6276a7ecaf1457a8d2

SHA256
c016cd111ff1b3cc29d75ffef8a95c4054ed4e07462d130b490a336c27d0a0c8

SHA512
c3fbc654dfeae6d0486ed5deca12c9ea182269eaae0b9b8e54ec2f5f96a30a3cbb7d691a5cf3e61f87b05a469925c63938c6bb77a2f5b77cdd89c3b4393c385a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
29bb182e2100dc399fd5e32c6b859d4e

SHA1
3e7b7a6a248ad3461671b1d6ff190a0262a8e247

SHA256
0a05ae36cb7ec2bb711eb0fb45c654ef3fa5b917399cb307c9d23bca6ed0b252

SHA512
35c9593785be2a41ac38ccfba50c4564b0a28501556dc585ae809f49b8f23ce4eb199c33344d2a729c1bb18ea23951857b6063f0907f7bb362dc0e4ee8c4b765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
3ace7c2fbbf6977118b956a42820d31f

SHA1
b55336e6de673a360ab85b989cc32db115536063

SHA256
70eb452fc1378e1a9c091f0b213f9dda6ee070241d3f53651f2fbd9d0081299d

SHA512
92ca7e284b6ef48c48dc664be1ca5666facb045b89f5d84276de31fc76a26eb6c16cc8fd9223648afe75b1241a62365fd7cbd1dc38d472f490ed10c55ad53bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
7139b7a9f798133ebca9ca46110dad67

SHA1
7dfe4113d13830615420da3fe63baf007494456d

SHA256
a01f5533d6c0f9dfd7a6e8363221a70c44291beb608485a218be3c1c8349eb78

SHA512
f6461bb79f033fda9818336e6a8ebe2f25c69103a858de05da376e512184694abad681f44fa87dcea484f3d2e3505887a9d6a79d35bd8a0e2b43e71b0430580d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6a5b4abb109cbd549d42ae26609448b7

SHA1
c79f7ce76c6f7192569cd976cf129ef93acf8082

SHA256
86cfab1800daa7548d594ee0bf17927a5249a2c142beff27d1037290a959bfb5

SHA512
22639df3605ded3b75c6b097a820d8b41d097d0f7cd2152420e2d533c9589aeee654e8c45317c2d8e8cd375935b3d0e10b8c1b8d4c82b6e40156f2ca0df0fc66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
ecdfc12014210a08708387603f71dee5

SHA1
cdc28b090035318a75e5624548d84acaca28a03c

SHA256
7f115054e3e44e1bd93d4ea099566121aeba5f34e769b8c5ec9a4d4ced316cc2

SHA512
f18af01652fb0e93d9073ccfcc8cc968a30dc9f5af785dd19412483b3d383d9062565e19e4e2eaa38f19ca10b0919a685e328af8d4ccb1828563e385289e8d6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3465a9823cab984a63e31c67feaa5513

SHA1
008074a42442f899ec3fec9dce224c2c0cb10fa6

SHA256
a1085d2f386dae786a70911ac87eb6757fc8a28896a1410060a5414d463e3639

SHA512
d760c56e74631d657b3d4ac4b5f90b41aabd94033584f6deed3534c4a1733b7c453ff487322b93ab81eeffd1c72c2793033e764dce406c590977e4c9e3fae26c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\54a6847a-5b28-4021-9b2a-6efad7668f19\index-dir\the-real-index

Filesize
624B

MD5
c7a128fdae2452deddb770f810f1e717

SHA1
3132c5a568adeb50d8cad727eb37478e57a999a3

SHA256
c8e6c9bdc02ee8a10d6cc5cfce078548730bd0812e0f6a8ad575f0cbc4cab21e

SHA512
9f2918033fb6e3157bb94bb712f4a71e4da3ed7149ff85921b916d0941f8f998bb92b58e04709fc45fa11187740bd6671ffdc1fc71079fa2a9c2491261fdd3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\54a6847a-5b28-4021-9b2a-6efad7668f19\index-dir\the-real-index~RFe5b34d8.TMP

Filesize
48B

MD5
0a2712d71c9745e3367a01b9e9157875

SHA1
c9a45f7baf6df433aaaae9f23a1214d1fc4800ff

SHA256
a787bc1314cfd0fe6c2dbd5d223182490df9aef3f6df17fb08ed54123480e96c

SHA512
4ce701dcde9fce545f2804fcd74d2a38d91bffec795d6d75cc3b62261388374e16cb81054e256123c7254f3d591ee114961e3cdf5713baf6a0f64e55889c14b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59aa861c-2445-4f1c-bd6c-79ca5728f843\index-dir\the-real-index

Filesize
2KB

MD5
4032002415388b6112640d731425dec3

SHA1
c862997d5c6232d3bef184f76451d316e3ab859e

SHA256
f21bf49b3db40b597e1510d71761489c5cf813a1bae90dba2f18417c51481704

SHA512
a805b4f1206e2fcbd055dc287ad633c5a9dba2d7c443c88ae6408190a8fb3d5dc5a1d66b42ee54a734754191e58cbbf9128734f16b42c506eb3f288c6a5603fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59aa861c-2445-4f1c-bd6c-79ca5728f843\index-dir\the-real-index

Filesize
2KB

MD5
02fc5d2e5059db06e70ef38d29471bd3

SHA1
3084865ba5ade8814ade71323424ddfe7c1b2a0d

SHA256
c8d249189ade67812e6dbbb06fa09cda032803996cd248c7b071b8ced325173b

SHA512
dc08eaf5f42f63d5babdaaac0a43d5bf65e1c04302b15f19363923099f649f9283a80134f96c02c47c9b98a1e2cf9194f0f9a5aef77543f6bd50c827b8e0fb5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59aa861c-2445-4f1c-bd6c-79ca5728f843\index-dir\the-real-index~RFe5ad8be.TMP

Filesize
48B

MD5
f9ba1ee888cfc14a83535cf3c0820b9a

SHA1
5c0044b89e52395828e27381bfea5458443557fe

SHA256
b68bc4d5c590e1bd75e0ccc74ac24368e523d6c233c6b4089b4cd6bdd503e897

SHA512
910e4e169798757b3d4205e4df3719b0a20a00c286974af3770d6647e780f1023168370227c250b91b65410d889268de4455b87c426ac99dae331a8e0da338b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\60deed92-80ac-4cae-9c02-585f4f383ce8\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
8678afef7ff29ed46bcb77ecefedc0bb

SHA1
f3f9fb8ed6b06cfc7da8d8d7cc91f9d8ec250b7e

SHA256
760ae76164ec6a32c18a7607310afeddc8900bfd4daf3ec5f54a644b119c205c

SHA512
ab5189a30267131ab9772d5e91950309ca753d4d9f5d2ef73ee903fcc397ae1e7104f589396133260859587766abb465c894263e569b7fca4f3d082e723015e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
8c16d5b3a94eef3b8ddbf91348ee9e19

SHA1
fc51c33cba3e0ea5257457ee858f8ae0ff218cf5

SHA256
bb397af78d3d872bac027874ab5462349caa228bcc1da86020acfdca83d59617

SHA512
cd8a392ee816a57289187a33df43d2bb6c09032ae4a30cf419993d408732aeb02fd20adc2661a9122b210e6b5a8b30aca11950e2d74adf13301a362ae1d5f015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
879577ecb148eeee391d20bdb06f1cf6

SHA1
bcd195cde383d71862bcc11bcc49a19602eb164d

SHA256
101a44fa20e04c5a4c8d2f0dc9dfbb246ba7b950f821c41b8ea5353c0f4cd5a7

SHA512
8639a35ffd48756ce53fbb857e8356498426d532e8a9712d47f09d401939b0d1043413b22ba7b29f5c4d327c494b6ac90c25eaee2e180f99bb55610a6f13df1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
49fecd35adfad01bbc653b854628f3cc

SHA1
d3f04277da1675a26f077285700e3dbec88790f2

SHA256
c2350d668383c1f89b0d651e6ed452dfaef5cea6afa6de30ee3502ff711c230b

SHA512
4ed4168127da78976460a5055791814c483e9477219fc4e75cda97fc20be1370b4e3492d2fdc4e837556eb07e322e412654995073765f857c2e450ea6c229612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
a73bbe56c059eaf935dc0cd14188e0df

SHA1
fafa64195709f94a5597766218d339146b65ef9a

SHA256
e2d80220b64706367bd1d0c259dde43b88c48afda61761fa805579a5c496c092

SHA512
aec3562dff3871ee7fc5ebbb461965bc643fb2ddb48cfcd0a880b7581a6ecdecb50542c5236e466999b8e8fa4df20342bbc530d495b84aca7951b62734d255af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
37acd37820d21d4184d0e3056b0692c6

SHA1
25411e3de7ac61199c4f2314db01358535e7eaf0

SHA256
40b8891373a04c16088ade962404b4faaaca125b5c1dd04b8f38da0daa855404

SHA512
43fc09862b088070fb38eba1906f28d2d63cad2c8538e9d1eb6e1525dbedf8e8e15bc11228be899282a92624fc043d2d2d9e1fa6946def709758e984e43631c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5abeec.TMP

Filesize
119B

MD5
3d091656f60c9033961780996791763e

SHA1
b479c2c396393e74631cbc1511390eb72cf348a4

SHA256
8247f46fd104f3cd876a0bc23d0d9c0089924906e8f36d03add72369320295f7

SHA512
516d9f9903e7792cb03ee302850924be004308105949aa46999fbd2ff259ea3d484a9cf124d20b46f8ad7dba0f2057a2b46f885925629d004222aae0cd9c84c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
661765e9b149371d0e772bf3939385ff

SHA1
9e2c6d75e2f76e4d9bfda5990f53132bff698d11

SHA256
e13e67e59001497295e4bfa3ac3c2dab69778cc19360a6ea44d0ad9aa39bc916

SHA512
a6798c53ed2a0606cbcc9f0637d52c1957adadb8acb3f821209194001608a63fcc7f276bb0edba9d9a4f20fee2be3865c5304f1c94a755e0095bfe6b2e2ce801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
192B

MD5
ecebfb5d136afbb0b02ade9d94a60f6b

SHA1
2ffea7834ae874ca6ee44b791a0fb4fc5fa0d55a

SHA256
73cfaf617e5aafcaa4dc8e122c8129610e87402e651fa662929c9dd67e9c712f

SHA512
85178c2300ea9fd99baeeec123c1af51f5bcc43d4d20505cb3c1a41fc299461308cdc6a2f486637f98901962297050e68f6016d42ab897482cf7b9905fc8c319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
c8407f8ee673f69c2ff3e447a2348864

SHA1
f93d857d8942cbab97d464120a7c9a2a5fd7df60

SHA256
82883faeaf104c5bf521485116d74327d0902bb7ecb0383c478630af76ebb549

SHA512
ee7126117c66c7e34a0836beb8f56a25e36131d7b0a7d1f4d34c631b296121b795e05abaaf8e773d179ea28c371d0a7652b3dade1af4001de1c0aed3572d0070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
32eb2daa1db20e06f6b060f4deba88c8

SHA1
a50748c676399264584397a1c5630b6b251aab9d

SHA256
4982022c72269ba3b0e041e4d9edfb666a500ec78a2fd6842cfec9f2c3ac00a1

SHA512
333c2da3b6bca55a51df618091372b4702cbc6b5fd5d03c2debd5d0cdb7a3b55cf6dda763592ac5577a29e7306819a9fcde4e48f4c0ced31ec6b7398a486fc29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
3b658e90ad990ab238486bb26fbdb8bd

SHA1
e42f5a6dc7bc270f197e7dfc71a88d38bbff53aa

SHA256
177d2dc51e9b2f4bc2264bb6cca32b9c8f7d59ddff50b2710d485c35a135509e

SHA512
788294fed8ab66e9b2d73cfde8c75997cf5b35e393e333cfeac283bbdf7112a52e661012967cf63fdd6f2d6c69ffe52cd5a059218673bd15bd8001e4a3c39008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1228_1954304325\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1228_2143804152\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1228_2143804152\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5a5ca8.TMP

Filesize
140B

MD5
73eaba6012e0ccab2dfd22e8db4a3f61

SHA1
d64c45ff8a5aedf9ccd5411edda4008dfc193cf1

SHA256
d88ae1f86c142055b09b13a76aadee23517e9107a9f8f06662349d680350cd88

SHA512
daa205dd9c4bef0ab2a991c59970b00555dfffa1be3776054147ba1a04a818def55fdb3db26585036ac6535ed15cb950cd57d8a3ff40bceb0901487fbae2c85d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
128e81b83f1cff7f3baf4a996f3ecbee

SHA1
91c66199b31c20a336a4d10f8814d34b322168ec

SHA256
2170dd73615a8b826fc42251a0faecf58863915fcc8f0ec727ece57bb5449f42

SHA512
80f443e18f51cc4f5140d90043aa0db0fa07a83aa1405efbf0e43ff3babd403e1e588eb3bc361697be8cd886a4ba9fa6e99d13c2ade4ff13ce40b41c69c4ea56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
af2c4b4fb4efd275542944bf69580065

SHA1
2e5f3ba58bee137e49bcb46e02a2783e0521ab3f

SHA256
75b5a044d9aa13747ded972d76bf491b40276ab544be36e44afde12c362e8707

SHA512
ef0bf8e0b8eeaf1b4151d753041e963a1ba0c2e537cd63124022e626bcbe29b772a6c3ed7478eee758e4cb162a9c6172d56e062b52395553141adf98f93bd102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
c19c913c5ae781dabd0efce69f95a8f5

SHA1
c079c70b1ec9e5702db70cf9ab7a04198a7f344b

SHA256
80aae11c2e9d8df05414788fb98000cf52cdf83820ae5383264198dc0b234f8f

SHA512
2d1bce717473e77c420d60efabf125e050a9ab0a959a86757262680cdd6742398b2376d54ed69b6182de2368a6d56785eec65b3c3a4e9c268cfbf79f5529954c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
7c61950d2b4d4fd4ce19a8bb41241391

SHA1
7dc1676412f6567162ac06caed42e44ae575bd12

SHA256
cfa8e00604caf0552cc187b2f01d2b7930a841ede6a3960d07e2e20746895849

SHA512
527b7163411fd1143f00d07819ed927952f02dc36180029ef757f514f8a9049d95b432316778650f0cb35b40926afac4d3d5c0be053549d7ff33af3ba922c0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
f36734330234e4c8713f9c0ea890f064

SHA1
e4fcc02cceef52771cf4259565d43652bd851524

SHA256
b090a42140fd2517078ffaf2453f93d5002a2bd88bddc4e9f6cb224f8a5d8d0a

SHA512
b6ae5bd2c76276ba17132a3e2dae1cb501a9ea25f3b625d073794683f531a08774fef1f5275d963f86d0142ad774174e82d6b9f383e35abaafa9e300e15dadc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
bd59a0d9de5353fff125b716dbd4698c

SHA1
005f8c113b69cb5c7c7f67a2c7d297dfe04f5468

SHA256
c25baad010f635e562f1f323bc66da459e770067bb149d9959b9e53b2d83747f

SHA512
50c106e7d999e811b473a2e0e5f54d3d47db3a9ff950f4147ca3dc91e30499617ecc5e1cc7ecefc7d342ec1c385a4fff16e78522aaba38aa38077b437a1d2a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
8f0f0c60bbc87da0eee8fafc8e6dcff7

SHA1
243613dfbce14eb0e63c752bb4db73d24b71a3e1

SHA256
4ea98aecda1f5c8377d4b5d5dac4cbbd0229b1dd11c0e4035ffbd3422b06e99f

SHA512
ea43b7073eb85fbca96ab6b70df4e928924fdbd87cdef622480e4585c745182abe65ed3d2f4cd1cdb094be5196191142cbded37b8afeb64dd41e9e21297e6847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
0def0134c29091cce5f097874b485806

SHA1
12c0681c9f8ff361494be1dc482229ea67fa45d0

SHA256
149730621110a7cde2f4f427f028b088ad95a58207694dff0ad3c198872fb65d

SHA512
f2083576325cd04e5c32f91883c7086161540f72707ae23ff81c10809387bec19ecd0f3fbf9efae2df71cfae00894822e88f0971c9be1d658f9528729a39a56c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
f4688cae2ff213e9a5e3b37bc2b69a2e

SHA1
e61896b5c7e9c0215a1c33449b75016313112daa

SHA256
e50c0903e75df91791c75b668cc453ea6e386f36191c8701833129b92d2b429f

SHA512
bd8bae57d038bc383bfafc4060862ba661203207e687d42b217ae7da207066e35a9ab71bd672e37c1314265cf78239c98de50e20daa76f052a9ca1a22b5f2064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\79f7177c-49ae-4326-8530-c7dca4e9914e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e626c0d49e22ef8610e7eac2d8a5ce3

SHA1
65cfa680f92ae6f5402d8e6b3350f9b394ff49e8

SHA256
3713766a30d03c0aea0080538695ce4643b375f0297b4fd2932434f677a92fcc

SHA512
8d5aaf758a9792a5dd41259f0b8ab3e84c05f2fbcc69ed04eff776edd40170c6f9a10278af42836046617fe33a8813fa8235abe1a848ab777b7db7ea28d338e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d292bba8bfe0aa53a3d4f9a01d031e06

SHA1
f18c0694ea65605ddd26f4e97b07add02173b9a2

SHA256
d3a10cd519ee24162c8de8e64580e4308612e15bd0fd686554358485734bb524

SHA512
af59c0cb05dd23d3cd42dff54a85350ec7927cbe0bede145c0bec4b8aeebdd43b538ae52167abc2441b06cc10ca442fc3d42e79059376f8051129a5a42c2bdfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a70398b15a1c2fdda6de7e06d6f2fd8

SHA1
5273a36df3b19fee3dbb68e1fc699fbaa2bb615e

SHA256
d22116f2f1effb3ed33ad94fee876fe372da9af9ae5f8214264b669b47fbec70

SHA512
36c87c61c95d238709abb69261a21fe156bd85b73e73a6407759d4a91ff1b13b69c0b5468b05ef042c0c3b9208a43690dbd923313efbc7f09dd9bcbdd0e6ebe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce36d69c62f3a72e8b570e41aa610b7d

SHA1
e7959b1ea22a259b42bec3d5d57ed64f6bb39015

SHA256
ced5b3ab5bd4c66bc1cd8d15a6b74f8d7ab1aaeefdd5280252f16808d7617a2c

SHA512
7a2edb0d5b1748426e15c8ef6210001805e7f860ae01cace690e4d41fec605d580fecd78ac446c4c9b283e9f0a95146fa01883ebcb62b0a29c9d762766c6659e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a89f2f84e6c28d1b3143e0bb62a31662

SHA1
22c3f560ae01059965e5970b68f8635b732adf1e

SHA256
9c09b60b01fc3b448b481bbd0c8655c0056d4b09f7ae73adc0eb1921a150e800

SHA512
305534c534866ec1ae996fc62645db3280694e0ac57a5b92d43f21f2c67012701660e8ba2f03d8f5f2711528267646f63f7243abc205c7a7bf283b5f9d67e5a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\activity-stream.discovery_stream.json

Filesize
38KB

MD5
8895ea02c479a759f969bbbd078b208e

SHA1
5b9fd84beedd8ed53f20dda97772ab00b1eb7f7e

SHA256
0863727f43ffc8722499fcb5c36aa6ca0724e454ce220bc9c9e9ba8327312000

SHA512
4e06e0fa2437dfec6320ce1dd10c50e522463590ab6aae388b7e6e26d8b639969948121d455e943773a7a48a6b8d915099b1d4eec05661c7fe0eebf6caa6b19d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\8772562510826789695AE9501BB8DCCE134EF762

Filesize
32KB

MD5
418f0c7c6e51588015e385ef014421e6

SHA1
2fa7fc890ee56e1cb32b6c8c2961f8aebaaafd56

SHA256
36b76df58b02b28fedbe64e078e9677f80366f174da046062b90faf79c04d60f

SHA512
77b57987f137d9840aaddc6aa01766750d6527704ad34e3a8c8b4dbfbd4b67690a64074a915f2e52cf00f7f35ffcf99869766ba85f81f34e9d110adbd7fb8520

Download Submit
C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe

Filesize
793KB

MD5
835d21dc5baa96f1ce1bf6b66d92d637

SHA1
e0fb2a01a9859f0d2c983b3850c76f8512817e2d

SHA256
e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319

SHA512
747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

Filesize
7KB

MD5
a482a0a515009086fdd401c6f1ae3d63

SHA1
2924ae7bab96a77afc84ae49f10dd95c59d35d18

SHA256
2600ad2349e20ed08cc052220256b19de75a22cef4e11dd2fc213e4c9ddac858

SHA512
35e91cfb3eca98a576052c3d1e7e9653220cc5fd3086bfb1fbb89728d479b09a9dd999a83cfa5452518fa77b3dab03dda91867e65e96abfc264e76736eebab50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2323cb094221b78940cf8f032ca43dcd

SHA1
ef94bff5823405471680b25886d96ef99fb5bc6c

SHA256
bef44cdddbce23e19d27cd1525ff4976967291d79aa2e8e14659a7dd9b2348df

SHA512
e7ad89ec522140293ff99e34e94b280d2ff6560f0b3ed057e65ba85b19d435643e41d6801a6f76647079dda062898ada460e062583ddea735b970f7378760c82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
be1c827dbdb20fc57863ab14c4809a4b

SHA1
617f67ad351039143faa4e42c938bc489f98fe16

SHA256
07e4fad298a9c713d26bdceea0cc8b3005e0ca315cb172ba16d221e3a6dc4673

SHA512
6609fe1f0323af8b6067164e749b077a7c29edf24155e66f905b65de1616aa908151bdf147f79f5554ea2233d65887f42545e137eef7967d43393da5291d7e79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a4c5f62a8ad7f35c13d439c37544229c

SHA1
21c35024f8fd642a48076e6db785185bc4916f8a

SHA256
2edf1f1e16516ddd3e0fa685b58a4dc378c2031f939d3d0354a4abe35d1e8da0

SHA512
77a512e4a0dd831e1e88610e5858a2271fd57dd1e593f23df8a655a65b3e2971ac3f2a0d19f47861929167ffc82515a5195acc2256c866360b0d65f86e3cb25f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\3954250e-6974-467c-a462-0f8a78e1fc28

Filesize
4KB

MD5
1505502c2ac5514e4cbb91c6b5536b63

SHA1
79839c3e01fbf9487cac2a27abfc3d060639d8f1

SHA256
9f92e26c47c9b378874b6b7f3f0cd0854eab8aba9dd2874f271bb4ed3af11eb7

SHA512
1d1b416b6f51c6cf7b21f2737ba7bd029e2943fb1a4fb71d5f4afdcdc87cae4300092d494525934dafe1bf7a0417b637b94e77e3d612e2bffbcfc3891b279469

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\4aa664a2-6d85-4083-87e3-3090fe21854b

Filesize
982B

MD5
99040161d26f8155d55d895c842cfc91

SHA1
271077c502d102f20f0b10e262bbd7cb9e3e096c

SHA256
8450f55133adaf453fba59131561450331264b8f6fc093c28b1ceed7adba69cb

SHA512
cd84fba0e27aa1e1b6baa5fee9e2a336f54d5391218b0fda2264743de1761f3da78ee444a4451d4bfdc73cb6401b8fc14e0541c62025fa6237f0448a2578a794

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\53a7a7c0-e29b-4853-a6f4-0016fc642da2

Filesize
27KB

MD5
6ed7edcd672ea70a0f310e4616bf3da2

SHA1
dd83e749ce18cc71a5b5ef0280c4b0cee41cab2e

SHA256
19e52022cd01e2c77d742684a30127f17f301e4fdc76880d084682ba042e6ca0

SHA512
7a78d822a7fa9f88d5d229378f12f12d1d274dd30424dcad49a809b391cf1fe50ae5d46c8bdf3ef5b52a14a4083c921c71295f660b4e2031ee571a6fdb66a4db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\b291eda4-c510-4e9c-8f02-d5a1446a7c7c

Filesize
671B

MD5
c42b056b842c7cc475b2c77f43071e5e

SHA1
eddbffad31c033dc05678b891e81bf1c9d1b524f

SHA256
c0f8991a787d82fe203d632403dae92dd41df72a7252e07b7294ad7118da64f0

SHA512
6a43032fc9d9fc054040201e25c8a0fa6415f5b59725e0dcb3720b0178d40d49b7aaf1509e7035f4e91e699df5f551300bee36150134a05620294a944a59bf80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

Filesize
11KB

MD5
f47aaebd412844a2eba28b6bcac8307b

SHA1
6c7f46d3e53ae5c3ca3b709af006314383aa9fdb

SHA256
e45b443efc10edb72a283c60456f4979535e8557bd2135cf3e7b149804462cf8

SHA512
48ccbd40d15fbfaac3c91cbd334666b478e83021ea1ab436d33f1d9f6fa3715a6c55fff2d3e2ff10fd1d585cbca054c304b2a873fe5a9426db3883b16eaef71d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js

Filesize
11KB

MD5
b4447a050d6686460ac039f58f0d1d51

SHA1
1e64c2557c5b3c1ae448b39ab9fe1e74b8c18326

SHA256
a0a0b50bb235b3e9b4b7c9b9bd45ca39f41f9216e0ad0297166c3662b804302b

SHA512
0f98c63763f5e94c17704a0ffbffd81cf8d616eb69f7ae20cbae9a6d506b212ac3e7b7c5f19d9ecf9aab04a46ae6fccc75df486c94bc35521659481dbd4683ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js

Filesize
11KB

MD5
370b5abd9b5ae935932df0f736abc55c

SHA1
ef2de53ecd9d2bb4c52708b58b0e33af40892c43

SHA256
c4a38e37ef4ae9caeeb8558573b31f0b032bd94a1deb67ea619c42bf5da40e13

SHA512
1806a8c065151fea5a6c9ee30de1fd713d569a76fdae1f164d2064e53069cddc0b2cac69639d5b94160579a9ca084ab976ca4e0530bb7407937a293e2f0a0e1b

Download Submit
C:\Users\Admin\Downloads\XWorm-RAT-main.zip

Filesize
34.8MB

MD5
82ccb74455818f185b285bcfe0338c7d

SHA1
e30b03aa4e431c7244145963871ab43419440415

SHA256
f0eb7f58edc94075cf2d0567ad4b9c7153f7bdeca5e3537ee88360214f6a9076

SHA512
ed9cd181d17aee8a40c128c8476439f8bd13ce4984881d852eca9f26dcd79e773b637893b4b96194cca866c6483d22ebd3eb762a07f1846dc2aa579b38d3dc6d

Download Submit
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\builder.exe

Filesize
6.5MB

MD5
a21db5b6e09c3ec82f048fd7f1c4bb3a

SHA1
e7ffb13176d60b79d0b3f60eaea641827f30df64

SHA256
67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5

SHA512
7caab4f21c33ef90c1104aa7256504ee40ff0a36525b15eb3d48940862346ccf90a16eef87c06d79b0ffd920beb103ed380eae45df8c9286768890b15ed1067c

Download Submit
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-XWorm.zip

Filesize
6KB

MD5
c292e1a75d47607dfbff55e5e7dc5986

SHA1
25e148c272f419eaa32a3d356afd5330470c464d

SHA256
938a6dfeb94edff33ffc7eedcdf2d0553bdf10ba7b9595e41f0a9ff874a8e086

SHA512
bb50cbbb79b2e0b4734a1aac23b86ad7368573336cc7cc365c40d7b402df800818af8f902de9c893d47c336f4aeea9bfe98fa0ddc1d03da053586107aaea4aaf

Download Submit
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main.zip.crdownload

Filesize
5.0MB

MD5
bf0fb6062098e30425a7445ab0a9d0ba

SHA1
5c990387ca1d16ae01a7617df5d0836fddbbcc77

SHA256
8a7a0550cf9194d62f023f712512b5dce1295106ab2f8e8d3939391fd25d0bd4

SHA512
ad0915d6445733fee79ccf3caf8205483265cb7d20f4149fbd44cec40e67a8b921b6fe7f63f34890695b8d874f4b608f17998b40bd46d68a5db46b474627264d

Download Submit
C:\Users\Admin\Downloads\XWorm.rar.crdownload

Filesize
3.8MB

MD5
72ed99d6168329b94021eaf282af0552

SHA1
0be0ad479efa7b5d3021b06ab5f6b71f858ba08f

SHA256
463eb31b863993ffc7ebd1e67a593c0fc01bfcef367a988191926facfb93d93a

SHA512
b11c5657389e8e6f5af5bdbef2b22daef62e26484117c9a30de184a63980e6108cd804e43db7494f24057eaeec32ced7ab5ebd6f7aedb6467a207a209a2bd2a7

Download Submit
C:\Users\Admin\Downloads\XWorm.zip.crdownload

Filesize
5.0MB

MD5
9a9cbd02a20307713c6c2a059204929e

SHA1
f69e8c07223b03934d2cc8309ab44bf8c0d43a0c

SHA256
28c76b8931042a7daf5729c1202c92046beb2272556c787174de221b2fef282a

SHA512
ec325d6f1c4b3da0332b0984ab5aa6f82d7ac88af603a5a43e7594360d2c3dd92a3642f34e79fca774729f8ce23f68222c8093402a3dfd5e999e28f0f35b17c4

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC

Filesize
16B

MD5
f7f5c6b5fb4f17b9d81233422f46c084

SHA1
4dba85df5129c88e0d7ee5bfe2a9043c8e24cdec

SHA256
a14352b16d9c0619e1dfd4b7c7e02b10e4be687f5319b9530d226b4e967fa92f

SHA512
a82ff9ca1d689261bb225e3933242ea6e95a85762f4e6e1fac360d563a40acb782b5f49182c07d786f5a28f88f65932bd949e3228211318c41ceb3cc778fde8f

Download Submit
\??\pipe\crashpad_1228_NKBDWYXGOSWAUOTE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/180-2795-0x00000225ABF90000-0x00000225ABFB0000-memory.dmp

Filesize
128KB

Download
memory/180-2799-0x00000225C4890000-0x00000225C489A000-memory.dmp

Filesize
40KB

Download
memory/180-2775-0x00000225A9FD0000-0x00000225AA30E000-memory.dmp

Filesize
3.2MB

Download
memory/2192-1463-0x00000000024F0000-0x00000000028F0000-memory.dmp

Filesize
4.0MB

Download
memory/2192-1461-0x00000000022F0000-0x00000000022F7000-memory.dmp

Filesize
28KB

Download
memory/2192-1462-0x00000000024F0000-0x00000000028F0000-memory.dmp

Filesize
4.0MB

Download
memory/3240-3630-0x000000001C660000-0x000000001C66A000-memory.dmp

Filesize
40KB

Download
memory/3240-3625-0x0000000000D20000-0x0000000000D30000-memory.dmp

Filesize
64KB

Download
memory/3240-3745-0x00000000013F0000-0x00000000013FC000-memory.dmp

Filesize
48KB

Download
memory/3240-3671-0x00000000014F0000-0x00000000014FC000-memory.dmp

Filesize
48KB

Download
memory/3240-3641-0x000000001CFA0000-0x000000001D02E000-memory.dmp

Filesize
568KB

Download
memory/3240-3631-0x000000001D2D0000-0x000000001D7F8000-memory.dmp

Filesize
5.2MB

Download
memory/3240-3672-0x000000001DC00000-0x000000001DDA9000-memory.dmp

Filesize
1.7MB

Download
memory/3240-4397-0x000000001DC00000-0x000000001DDA9000-memory.dmp

Filesize
1.7MB

Download
memory/3240-3714-0x00000000013E0000-0x00000000013E8000-memory.dmp

Filesize
32KB

Download
memory/4348-2800-0x0000000005400000-0x0000000005492000-memory.dmp

Filesize
584KB

Download
memory/4348-2796-0x0000000000260000-0x00000000008F2000-memory.dmp

Filesize
6.6MB

Download
memory/4348-3629-0x00000000131E0000-0x0000000013262000-memory.dmp

Filesize
520KB

Download
memory/4348-2803-0x0000000009000000-0x0000000009066000-memory.dmp

Filesize
408KB

Download
memory/4348-2802-0x00000000054A0000-0x00000000054F6000-memory.dmp

Filesize
344KB

Download
memory/4348-2801-0x0000000005390000-0x000000000539A000-memory.dmp

Filesize
40KB

Download
memory/4348-2798-0x0000000005910000-0x0000000005EB4000-memory.dmp

Filesize
5.6MB

Download
memory/4348-2797-0x00000000052C0000-0x000000000535C000-memory.dmp

Filesize
624KB

Download
memory/4776-4557-0x00007FFDADBC0000-0x00007FFDADBF4000-memory.dmp

Filesize
208KB

Download
memory/4776-4556-0x00007FF758C20000-0x00007FF758D18000-memory.dmp

Filesize
992KB

Download
memory/4776-4558-0x00007FFD9B090000-0x00007FFD9B346000-memory.dmp

Filesize
2.7MB

Download
memory/4776-4559-0x00007FFD93150000-0x00007FFD94200000-memory.dmp

Filesize
16.7MB

Download
memory/5004-2793-0x000001DA10A10000-0x000001DA10ADC000-memory.dmp

Filesize
816KB

Download
memory/5056-2573-0x0000000002360000-0x0000000002760000-memory.dmp

Filesize
4.0MB

Download