xworm | 57a21afc8268870f6b98d2e8ae8676f3c089e8b17d94d12025e03519f12955f0

Analysis

max time kernel
67s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Krampus.exe
Size

60KB
MD5

2fccd6bfccab646df29691a508029a05
SHA1

f9d6a3aa63eefab7b227e10ac767367b562139d2
SHA256

57a21afc8268870f6b98d2e8ae8676f3c089e8b17d94d12025e03519f12955f0
SHA512

ade549fd5b5e79623c578e3e74895d1d8e7880e888b8cd562e5c4117605fe590efe4a40cb4075d030e4cf5900c4c4bcbef64f1f6e7efe9d4a3e1184d1a726bd5
SSDEEP

1536:OyXbySczQdKSRH+mCYI3iATBhkbVkoe8WoVOz/u7+xH:rXuTRIemCYk/kbaT8vVOLJ

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

127.0.0.1:7000

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/4344-1-0x00000000007A0000-0x00000000007B6000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133736737444614624"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4344	Krampus.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2400	1184	chrome.exe	104
PID 1184 wrote to memory of 2400	1184	chrome.exe	104
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 3692	1184	chrome.exe	105
PID 1184 wrote to memory of 5008	1184	chrome.exe	106
PID 1184 wrote to memory of 5008	1184	chrome.exe	106
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107
PID 1184 wrote to memory of 4476	1184	chrome.exe	107

C:\Users\Admin\AppData\Local\Temp\Krampus.exe
"C:\Users\Admin\AppData\Local\Temp\Krampus.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0a65cc40,0x7ffc0a65cc4c,0x7ffc0a65cc58
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3724 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4408,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3180,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5172,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3516,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5264,i,609035185809064445,13009600739431667675,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2476

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
89f5d69049a74a05e01aefe2df4a66b8

SHA1
06bc6c53da7ad097c6b9246b241dfec4671ac9fc

SHA256
49b866e4d15da9bded602d3041b08cdf87657418642e842462026402c460fc37

SHA512
bc2a59f36a4d24ac97c301b266580203634bb9592d6dd19e8c45dbadce4c560ce520cf702d0c01d2d1fc190777d527eb151a30f89464cfa45a467e900ba39f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
35bc6d25f44ea79d03fc0f75cc4dac9c

SHA1
507d3a10a8a8813b07b9ae470fcbe10be3150e3f

SHA256
1ea2b0e1355850d885832de734b2e3c034067cf181f66597406c61b70e4c1929

SHA512
90732dd373f04b891135dc4257468ab256286e75b7cdc84e5c26b056c053388cfb6e0f8d9f69e0f6dd74085039e235b8c746266bd8d891e2e6a3461b418b3f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
8378e42c977e0fccce165f22d27ce8af

SHA1
5431d07921e36b5b4a7294a381dcd4dcbe2bb00c

SHA256
9f6e65bf64e23334b8294e0d1c8ce77bbdf19208c97efee283655da572e90ca9

SHA512
a47b1f99b2e59da0a30f95e0c993c26df0e0cc4f9f919f6c44e09a23c62a1c62ab70f45c19a4c74fe03e318220990bf08714d23d5d10065753cdc5486744b45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
6b317ddcfce6c7412327f0620f1a6ac5

SHA1
a861b0c5705431afb174e6a3846cc922a566508f

SHA256
8083847c227eb6bce9819fa6f87416c3b3dad0b5f4bae0bb2eee027939af326c

SHA512
af0ac2cf382ea74f0d9ce328ad3b1a3131dd16fdf4747a3785fe16a717260f29f750ac5466ff39d1869bc156d9ee750bc61c4597eb8b639d5063f51ab7256725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
de6b42202134ee4bb9c1971dd0dbe000

SHA1
6e04f8e0e93075eec3944ae118558a6328ff604f

SHA256
2d879a72944dec1e3b863d7b9e8d34a97b7c885b7879f24f22b7c76d0de42884

SHA512
f77d4adb4b54872f0c17d567e89a9fbe79514ca3acdc22666189547374e4edb6b6b458beb9cb5bb2407a155b5157cca605b5034dd2fc473cfccb91fb28821ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
f181752c154c88d83b0e7aca532a707d

SHA1
9f2e8d071a9d7d6284c3e3fb979d3567a00b044a

SHA256
94c5e52413799fcbb852b5d308516459039ab4e89c6fba5710c36a914cdbd440

SHA512
682af27aad9b712bc19fc9e235984744e7edf61f872f7746d9d1587223dcbff1789242459bb9b8d6e2565ecb18aff5a369c2bad8d3170c6bae6ddc0d6daf5205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
fec463dbf0bd78df754e8af63af2d01c

SHA1
c2f5b6a13e70ebc7823c6330ea1ecc03b332b7ac

SHA256
1b1e9144a5cd56d201f7f182ba10e3570a61b30a067e9d666044f8757438e397

SHA512
36f432df35cfd9cc026eab53cc692524cfc15d83f16f6a1fe58af9afbeaaa6af982d1c6bafae5ca1c515fb0fca086cd98f42876e7054b49f66b58aecf68639e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f3fd54f6-93c9-45f9-8a43-c08d3da52297.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7bac652ec7b6570a40e33f9bff869e1

SHA1
f2bab9e645cb77a635bcb143c9280d672c09910f

SHA256
3dc45df745535c04c381ca7521ac87135880c4564f4a4c7033a11755d8c96c0e

SHA512
1209525f5c8fbc2b6d6c90419f89a8ed2340835f9b9671cb903e394cebb906eaf2891822b154ea1624bfd7ced4357fa8c51468281d708c703f67b346b1ec1d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2c209ed76b16c4023c68bf68312d1433

SHA1
51e9dc18dc13b290ac02f1e770db2f144e2c1041

SHA256
83a4757c601e2292b578d1358c5a23fe05660491a47833882a0f6fa7a1dc621a

SHA512
cb942c2371d883d1aa64328136003d00c8ebcf0ebae98064d36bb9624e2d9fd9535055535d3c2ae4a125e0711f98ded09bc1dc633bb915fe91e18b33ea38e608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb023828f691daf784fb252b3b8ca84b

SHA1
cee4458beee99d3a8333a1884d6a787fbc23d507

SHA256
ae6cf514bc2dc9476290d6db1779b565944e9e940129814e61f3cbdca6caeb7f

SHA512
edf7babdd0702a60e33dbab90740832dd11d58225428281d26a29135ea82cd9c7b20d09a9c0f803e8798522aee5d80a150c5a7114c103a9572feb4f034781be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c11e6877c46ea738f3cba3963914643a

SHA1
eac2242da74ee1f0c50d7b2e253d87e88af78dba

SHA256
2aeda4105a86acc640b8febdb506dd5873d33960873991e1b1c9687bd433040a

SHA512
b1aa7c685ca7d9a6955d0561ff73a26116133cdca9b2970e793561c7e9a4e585219d0c10169732c1ff9d44e12fb1596a421a7a368be96a85acfaabb0b489ac24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
892de5f833fa46896fab147fd06d3ce4

SHA1
0d1f2ab206d9b363d2cf9bfb83d1cc94ca50055d

SHA256
e215e58f9715b36c3c317fd8b44594198090b7eaa5c134db25a4882839f16724

SHA512
6b1222aae2607eba2e132aff592299746f06d33507dc05e912ae9ceca3554f42e700b8d4c2a142230e64474d4220222c21f20bc79fbe12226dfbf3c3a57a791f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
3f1029d35a4ce52ae17efded849ab936

SHA1
2e21cd1d78eaf6f96e4e8dba7abe8bc958a73033

SHA256
9a77f9ca3d697b6b97184c28427480302e9653bf964519dbeabd9743070b9553

SHA512
ee82711613c12370eb58f1e519e2dcb4703599b1b177e88da5b2e4c03d9bd882be03478dc7133ad8c108c2e729460539d3a9daaedacbdfe48a667ca9ef799dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
3d57182e5f09d9a1292b80f7997ca545

SHA1
1e791de6bf9a4c76793d7aeb53956ea8a57136b8

SHA256
84b31f2ab4da16a5efed79b11878d14e36215190f4ce61f041c78da5f4abda8b

SHA512
de4d48282ee1e3b80c03c81a201920fd394bb805dcfd80f2d53f69047d813f711ca63b9bf3be1d1a2bfe28490b30e6e35a0f8b10daa47cf1b488f5ef85f2e0f9

Download Submit
memory/4344-0-0x00007FFC0F873000-0x00007FFC0F875000-memory.dmp

Filesize
8KB

Download
memory/4344-4-0x00007FFC0F870000-0x00007FFC10331000-memory.dmp

Filesize
10.8MB

Download
memory/4344-3-0x00007FFC0F873000-0x00007FFC0F875000-memory.dmp

Filesize
8KB

Download
memory/4344-2-0x00007FFC0F870000-0x00007FFC10331000-memory.dmp

Filesize
10.8MB

Download
memory/4344-1-0x00000000007A0000-0x00000000007B6000-memory.dmp

Filesize
88KB

Download