5036fecd00ecb6ef5042ee327150d4ca19c696e6318474bdd912431338870d6f

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02-09-2024 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xworm-V5.6/NAudio.dll
Size

502KB
MD5

3b87d1363a45ce9368e9baec32c69466
SHA1

70a9f4df01d17060ec17df9528fca7026cc42935
SHA256

81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
SHA512

1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7
SSDEEP

6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697307958420570"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3792 chrome.exe
3792 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

3792 chrome.exe
3792 chrome.exe
3792 chrome.exe
3792 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe
Token: SeShutdownPrivilege	3792	chrome.exe
Token: SeCreatePagefilePrivilege	3792	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe
3792	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3792 wrote to memory of 1384	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1384	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3472	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3068	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 3068	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe
PID 3792 wrote to memory of 1000	3792	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\NAudio.dll,#1
1⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8b35bcc40,0x7ff8b35bcc4c,0x7ff8b35bcc58
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,2895928174124926450,9053565406246857511,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,2895928174124926450,9053565406246857511,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,2895928174124926450,9053565406246857511,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,2895928174124926450,9053565406246857511,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,2895928174124926450,9053565406246857511,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,2895928174124926450,9053565406246857511,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,2895928174124926450,9053565406246857511,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,2895928174124926450,9053565406246857511,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4944,i,2895928174124926450,9053565406246857511,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4220

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ad359403e0391b674cdfe0faf30d4367

SHA1
fec4f7bcad0f2b7d12876a992c7eee59ef3cbab8

SHA256
934e935a279f14fd731ed528e4d4ae4cbb1752d4d438b9ee7447676104f5f088

SHA512
d1659d6c9ffbe94054983b539613a8ae5a674147f9c0eb74085fe01bc847a61aba0cd310e73fbd66c9f596bf6c9fd099272460acb6470d5160c9314dcfa67708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
44d66ca773410ade4e68ba602c9587ca

SHA1
670838444069327f32b187a3cc42a85d836c5cd3

SHA256
0aba98fe50668e92a1e8f1e7516b251e89f5567945223af02ccb6bec1f234283

SHA512
a634034fd8e97bc101078e40923aca063d2c59a6278cbb28e586e96d80701e4494b63217d8b18254aef56a15a770b597d016fb624675743ad5224ba779ebdd8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4bd7e6bf7839d851ea19b20fc9ce64f3

SHA1
a119a307e3e79e1daf7b4980e069c32060f7afd8

SHA256
445dcc20c45f3da08f4d15146938ea74c8410977c134c57a5a05071294ce9027

SHA512
08987b00a01dae323b4847e7eb5fc2aa969c41722c2913d6cdb35e1ae27634e718b80caebfa8f02cb199f96035b1173d94031eedaeb3b8e1644e178977751f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2d906e8072022eb47f642eb620442c82

SHA1
3e968a386a1a26e714103938f0136e0a3f89cc8e

SHA256
a3cb18de73a8c35ed346737d0f3012405c9b12ab6fd52de83d6645d6a138b2c2

SHA512
4d4b2a6cce7f3be3e81ec211d2fc525ab771f918f885485c2ea8979c7a6064b333f78c04ed0a3be7ace028a16e6fe87f6086caec66bbf477c0ced48837a81dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
46693b9b1e81d896823d663974c0fb4b

SHA1
a5b71615b739449f3597178ee295576a82e6692b

SHA256
654ab3049d28de1be135d53d32246f9f5ffc01a9603dc1c047a86393afcc8905

SHA512
62fa33798eb8a4b22a713abccab40e93e57026c789262dbf28188f4670a440621cce66ecf11f8b7380c70c839f046b494bcdc12e14a295436c829b1880f42b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
703454c3d57bb342d690f2a55301a7f1

SHA1
212a7442e467b164c6eec4b14639703f697bc9b7

SHA256
9c2cda14d87e4cbee63c39387ff12bf5b9d01627788a8e40a71ffc7c727b96d8

SHA512
8c8c15e56558abdff5f61be0cec2ed584b4229d645f586b1eab943b4e19d78c74b87b47952d78a34954d9e95438df33690e6538bf3a19bdb6fbd54374eb031bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca16bc387827a3e6a11f98cd75bb9fd7

SHA1
cb44930208128056f836391476964395b9c73c7f

SHA256
82faf69a36b1bd5c41c82c78c023bb3c72c3540b5db6677788c8fb4a72952f58

SHA512
80f37316709570783b86010241523e2ce7de44f2188e48778dec31816c4e667d0a002933c9984653480195aea48d61ee79f0faf4a497e90621074889af153cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b911f420763599c30d1ff2afcf44b46

SHA1
b420fe5d368978a808550216e262a3ab1f4df3d8

SHA256
54cc5191c87ec79864ad24a653d3fe7576d148a780902c8eb10cd6409414da7a

SHA512
22d27045782606c20c1c718463a3888f1ee3eeab177e2f76d6ce87f333248419c2ec0f494adcc8dd05abec78b3c10a6ac65e0a423676830f7fd935ff0e6b3dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7988f8a52d86d93d868ebe3b068a55cc

SHA1
242504d1b55a86cd1e495cfc65a18e8a8ee322fd

SHA256
1cdf0e1f17f46700ede38fa206de439f79e14a5bc751442e63cb89ee3f7abeeb

SHA512
8dd6b11fb3d3d18d256723504c44bd70b4c4754c42376f9ad0ecae5e6007611e3198ddb3fe2c466f96c1ae9875de940bb12649728622749a22d3a7d71fc12d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
510ba553922dec3a466a12a1be446331

SHA1
b9df14888811683da1fd1dfc23208875b23c51e0

SHA256
8c94779a1255642626ab1d4dd35bde6d3c4fe09f53ddf48b606afa7ff3358a07

SHA512
456581aaec1a1806e19770d8a404f9b31b3279a0cb0e55f23d83bcff4d93ce32dcce89d658fb59545fa4c1bc0deb3065b6fc0f5386baa7c7f4cef3b27232ef18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a0470776ac4d614300342858876e436

SHA1
88edbcc89f61d309a8b2a48b564285a24c36343f

SHA256
5b1739149a39b0ca67a97d135a02c715f96788951cdde5ad8a19fe51da9324e4

SHA512
c63de4a5c6a45f339c8c3a1a7842097c2f562cb66a315ee667a87686f913a191b423308b16b94e231d10ad192199825d6dedd57e6bbfb4c53451026c202ed2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
175d03bbd4813bbab2cede27b5fedd00

SHA1
ce526e4e6de22072acabb1e715db74f369273033

SHA256
2bc69fab9d48c92714e7b38babbdaf73e3b83afa28ac81710e51f958b74a482f

SHA512
3ade3f43c8fe7fbd5feb34dbb72b5db52b77dd4fc0c5683dc35158ec1388e1c534d9c134105510b625ff71962b61cbbebae731c2d548d8360310e78ea514e19c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
43fcf92b6c5a8676e1732b936ac47623

SHA1
e0bdc5f43b43763c8a7d725166976a6be4ff0307

SHA256
401bdfe1e39d632c511756bb892112d3dcabbd960343f6518aa97c7e8001b99e

SHA512
89eadba1a6ddcad3bb559d653b168592373f597470ec0dd695620f99839d16652adb78cc7ce41ae88f94c383cf920f70916e5306e711502c5ff767fcf0e0ed7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
bb32a937dd234780b3e09e98db38b3d3

SHA1
1777e711b3ef058c6b0fde22f2f30353087cc496

SHA256
9a36bf28efe8b23eff3ff8a1d94718b04e2e3bccb3a37d6e01c1268375170157

SHA512
51f696e0602262581f31caa2d381d3a4e5530d8666b9a1d0b0a176c6f4251189736ecdcf78b627b5fadd4fb9fe795a5f21a701e9eae046d5dea99ed3ade21bea

Download Submit
\??\pipe\crashpad_3792_ZLTBDVTCBGMZASHX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit