stormkitty | hxxps://github[.]com/d00mt3l/XWorm-5[.]6

Analysis

max time kernel
755s
max time network
758s
platform
windows10-2004_x64
resource
win10v2004-20241007-fr
resource tags

arch:x64arch:x86image:win10v2004-20241007-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
27-10-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/d00mt3l/XWorm-5.6

Score

10^/10

stormkitty xworm discovery evasion ransomware rat spyware stealer trojan

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

gJf8tdwBaFufg4pc

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

127.0.0.1:7000

Attributes

install_file
USB.exe

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource	yara_rule
behavioral1/memory/3500-1913-0x000000001C210000-0x000000001C21E000-memory.dmp	disable_win_def

Detect Xworm Payload 10 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\n3xokobg\n3xokobg.0.vb	family_xworm
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\cqcq.exe	family_xworm
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\cqcq.exe	family_xworm
C:\Users\Admin\AppData\Local\Temp\0yxhy4vy\0yxhy4vy.0.vb	family_xworm
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\XClient.exe	family_xworm
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\XClient.exe	family_xworm
C:\Users\Admin\AppData\Local\Temp\jixvwez1\jixvwez1.0.vb	family_xworm
C:\Users\Admin\Downloads\XClient.exe	family_xworm
C:\Users\Admin\Downloads\XClient.exe	family_xworm
behavioral1/memory/3500-372-0x0000000000F50000-0x0000000000F66000-memory.dmp	family_xworm

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3500-2266-0x000000001DD50000-0x000000001DE70000-memory.dmp	family_stormkitty

Stormkitty family
stormkitty
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
Disables Task Manager via registry modification
evasion
Executes dropped EXE 1 IoCs

Processes:

XClient.exe

pid process

3500 XClient.exe
Loads dropped DLL 1 IoCs

Processes:

XClient.exe

pid process

3500 XClient.exe
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

pid	process
3500	XClient.exe

pid	process
3500	XClient.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

Processes:

flow	ioc
25	camo.githubusercontent.com
26	camo.githubusercontent.com
27	camo.githubusercontent.com
22	camo.githubusercontent.com
23	camo.githubusercontent.com
24	camo.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

XClient.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XBackground.bmp"	XClient.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

XClient.exe

description	pid	process	target process
PID 3500 set thread context of 4116	3500	XClient.exe	cvtres.exe
PID 3500 set thread context of 1136	3500	XClient.exe	cvtres.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\INF\display.PNF chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cvtres.execvtres.exepowershell.exeexplorer.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exemsedge.exechrome.exeXworm V5.6.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 4 IoCs

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745221402303676"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

Xworm V5.6.exeexplorer.exechrome.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "4"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 50003100000000005b595688100049636f6e73003c0009000400efbe5b5956885b5956882e000000af3c020000000700000000000000000000000000000046907d00490063006f006e007300000014000000	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "5"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Xworm V5.6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 6a003100000000005b595788100058574f524d2d7e312e362d4d00004e0009000400efbe5b5956885b5957882e0000009b3c02000000070000000000000000000000000000007850df00580057006f0072006d002d0035002e0036002d006d00610069006e0000001c000000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Pictures"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "6"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{120AA82A-21AD-49F6-A95D-7C93AC012885}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d3162b92-9365-467a-956b-92703aca08af}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Xworm V5.6.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

explorer.exeXClient.exe

pid process

3544 explorer.exe
3500 XClient.exe

pid	process
3544	explorer.exe
3500	XClient.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

Processes:

chrome.exeXworm V5.6.exechrome.exepowershell.exechrome.exechrome.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
1144	chrome.exe
1144	chrome.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4652	powershell.exe
4652	powershell.exe
4652	powershell.exe
3108	chrome.exe
3108	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5984	msedge.exe
5984	msedge.exe
6920	msedge.exe
6920	msedge.exe
1360	identity_helper.exe
1360	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

Xworm V5.6.exeXClient.exe

pid process

3520 Xworm V5.6.exe
3500 XClient.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

Processes:

chrome.exechrome.exechrome.exemsedge.exe

pid	process
1144	chrome.exe
1144	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
3108	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
1144	chrome.exe
1144	chrome.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe
Token: SeShutdownPrivilege	1144	chrome.exe
Token: SeCreatePagefilePrivilege	1144	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeXworm V5.6.exe

pid	process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe

Suspicious use of SendNotifyMessage 61 IoCs

Processes:

chrome.exeXworm V5.6.exemsedge.exe

pid	process
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
3520	Xworm V5.6.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe
6920	msedge.exe

Suspicious use of SetWindowsHookEx 15 IoCs

Processes:

Xworm V5.6.exeexplorer.exeXClient.exe

pid	process
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3520	Xworm V5.6.exe
3544	explorer.exe
3544	explorer.exe
3500	XClient.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1144 wrote to memory of 4216	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4216	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4744	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 212	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 212	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe
PID 1144 wrote to memory of 4908	1144	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdbd5bcc40,0x7ffdbd5bcc4c,0x7ffdbd5bcc58
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2060,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5012,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5024,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3748 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5068,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5344,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1448 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5372,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5620,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5748,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5648,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5680,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5448,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5468,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5300,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5612,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6148,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5440,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5660,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1440 /prefetch:1
  2⤵
  PID:6852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6588,i,12642168141778223528,4507312188514597558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:4580

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1096

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1028

C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
"C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3520
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\n3xokobg\n3xokobg.cmdline"
  2⤵
  PID:1088
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3BD6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBF8F5560FAE24908A882E6732A3B4C42.TMP"
    3⤵
    PID:1488
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\0yxhy4vy\0yxhy4vy.cmdline"
  2⤵
  PID:3800
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES80FE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA00965E6C1457786ADF31DA841C618.TMP"
    3⤵
    PID:3036
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jixvwez1\jixvwez1.cmdline"
  2⤵
  PID:3844
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA1F3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4D9409551014B6DB93226C0D69D13B6.TMP"
    3⤵
    PID:3676

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x31c 0x2ec
1⤵
PID:1928

C:\Users\Admin\Downloads\XClient.exe
"C:\Users\Admin\Downloads\XClient.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Sets desktop wallpaper using registry
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3500
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 127.0.0.1 7000 <123456789> FBB2DBF07DEA74533A82
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4116
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4652
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\system32\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text
      4⤵
      System Location Discovery: System Language Discovery
      PID:4068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:3108
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdbd5bcc40,0x7ffdbd5bcc4c,0x7ffdbd5bcc58
      4⤵
      PID:3564
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2060,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2056 /prefetch:2
      4⤵
      PID:852
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=1860,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
      4⤵
      PID:4588
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=2268,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2284 /prefetch:8
      4⤵
      PID:4400
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
      4⤵
      PID:924
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2828 /prefetch:1
      4⤵
      PID:1540
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
      4⤵
      PID:3000
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4152,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:8
      4⤵
      PID:4552
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4708,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
      4⤵
      PID:1052
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4720,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3860 /prefetch:8
      4⤵
      PID:5684
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4884,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
      4⤵
      PID:5720
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4684,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
      4⤵
      PID:4712
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4868,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
      4⤵
      PID:5504
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4908,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:1
      4⤵
      PID:5848
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3148,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:1
      4⤵
      PID:5852
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3240,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      PID:1980
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5220,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:1
      4⤵
      PID:3600
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3080,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:644
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4416,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5276 /prefetch:8
      4⤵
      PID:5108
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5600,i,17627790703296265305,6922460322941225244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:8
      4⤵
      PID:1068
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 127.0.0.1 7000 <123456789> FBB2DBF07DEA74533A82
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:5688
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffdbd5bcc40,0x7ffdbd5bcc4c,0x7ffdbd5bcc58
      4⤵
      PID:5568
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2336,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=2332 /prefetch:2
      4⤵
      PID:5796
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=1764,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=2400 /prefetch:3
      4⤵
      PID:560
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=1980,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=2520 /prefetch:8
      4⤵
      PID:6104
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=3128 /prefetch:1
      4⤵
      PID:3620
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3060,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:3380
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4328,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=4464 /prefetch:1
      4⤵
      PID:6136
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4468,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=4148 /prefetch:8
      4⤵
      PID:3604
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4624,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=4708 /prefetch:8
      4⤵
      PID:5208
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4864,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=4716 /prefetch:8
      4⤵
      PID:2868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4920,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=4888 /prefetch:8
      4⤵
      PID:5944
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5088,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=5100 /prefetch:1
      4⤵
      PID:1080
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5144,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=4976 /prefetch:1
      4⤵
      PID:4048
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5296,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=5196 /prefetch:1
      4⤵
      PID:5732
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5472,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=5452 /prefetch:8
      4⤵
      PID:5756
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5588,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=5600 /prefetch:8
      4⤵
      PID:5820
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5760,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=3080 /prefetch:8
      4⤵
      PID:1096
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5640,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=5704 /prefetch:8
      4⤵
      PID:5916
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --extension-process --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5292,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=5652 /prefetch:2
      4⤵
      PID:5472
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5740,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=5752 /prefetch:1
      4⤵
      PID:776
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5984,i,2350556410912952509,16272610081852185171,262144 --variations-seed-version=20241025-130107.645000 --mojo-platform-channel-handle=6004 /prefetch:1
      4⤵
      PID:6184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:6920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdb96e46f8,0x7ffdb96e4708,0x7ffdb96e4718
    3⤵
    PID:6092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
    3⤵
    PID:4820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
    3⤵
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:7036
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
    3⤵
    PID:416
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:1880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
    3⤵
    PID:6668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
    3⤵
    PID:5540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,1068657933318568750,4516927304092383291,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
    3⤵
    PID:456

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3544

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:228

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\ClientsFolder\FBB2DBF07DEA74533A82\Recovery\Chromium_10-27-2024 17;11;13;024.txt
1⤵
PID:7148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3f1e1dfbe4543921b08fa285d00e06ac

SHA1
7a70a5edc3ebe75246d26f21cb8a3e2c304d1857

SHA256
4e25c5c9313633d5f74f28830e9117a880c783232a9bbf3ac2b659068a86d1f9

SHA512
2e28af05f8ff4964383c95d745d5ee236ffb888fd634632baa26da1ed9f3cb59c2bd47fc96c1e5712dbd4899dff5f2ee2a689e3405163a36bed9d8314142af7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2da03c0ec76560780865d6cf89a99ca6

SHA1
8daf80a0b9631d0c9685ab3c86c203abf3bf71b1

SHA256
d4fe38378e4788df731d51101dc69806d6799e038d34d02369e1fa15218e2414

SHA512
5a32cc003f9815a8337840ebfb0e418e6547bd0b94059da8be51283516b0e8785604cee1b3ecc972038653d92c972e2c3193bcdf80f556900c2c1376103ed326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index~RFe5b9353.TMP

Filesize
2KB

MD5
7c577dbd563ec3560c68749d36e5658a

SHA1
74396772a552e28ac44dec109d489b8f45967ea7

SHA256
be50bfee173f50477c78928449c8beeb3c1f8927bde87a0afaa36ac550de0053

SHA512
f662fc320fbf703d22a7803ccad642ea7f2d822a3a241cc5d8d61d6cdd13c5bd08a011cc7ec21f8edf6a59248cf4e16b4e4bc101e9c65d121dfa9ef8e1405356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
053627f23b6d8d1106e16b158fa4247e

SHA1
0ee942f1b70d7f21923628b074dff3fa86228823

SHA256
7983bd92d320cd87469e9c69bec4f0679f9b7a07f15969d1e1a31d84f650d439

SHA512
2a6cc2afa47842723d0566e9ce1c52572fd4ce5c9e7046b1f59378a53f4cc71dc8f5e987f8834dbb567bf044c3ea8d6e8a31904909b136422aff5a67d994804d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
c50782f2414f8506bb3975b01a2002fe

SHA1
30a25e095069241f443240984639c768ea5ecb64

SHA256
2b9d83350377df12380561bcacea89cb54ec24adbffaf99df37a5b92fd8b59ed

SHA512
0239907e7c84fb5b109dc91a98679e5ac0f533da480317ba83625c71cc96718336e005c58b8cfbde8898eda37fa492f78bc2e0edb052ae3f721b52a79551d611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
35da60bf976578aaf3b587947b75413c

SHA1
a9d99df679d1b0de7e965faba63feafad0518bbc

SHA256
9a544f807bf0d7d4e1162876b9b69328496c2a22ae348972112985ceee3da6d3

SHA512
3ac0c083041214f8fe2088e4b957bebb4e90e8eb2d6ac8a44a1961b189ffbb2d06d8933b897f40597594a88f5c8f7a420cb2cec94fe79cd7bc17ff8de979689d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da815df546ca8860cc8802d0cfcfd4da

SHA1
bdda1624e4a2025e88c978f907840f019c6afeb7

SHA256
7d8be764cdcb6874f7b422f1e77da53321fd36bf002f6fad626ccc5a744ffc81

SHA512
63a26611e8379c8aa332f8486c061d7b9ddd653e8996cecd0eb766891cfd38a0fae234709fd61826590a008384860a7a5f6567de0e3b73ed757d78f410371799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa872c3930ac15c8bde9147071d6038f

SHA1
f818819f553c414428d4ed94e71df3cc60a1c7bc

SHA256
3cc7a1f907a7dd8fe344de0a46ed19b8fbbc8ec9e191b202753910449d270e51

SHA512
612e8a4e28b8f183c9a69960c87795f086dd36de4a1ebcd465903486cc311bdfacab24aeca7265310d8382abc96c83975545108fbe97a2a7444571afea33a839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80db562fb8fd18b1242d27af6785c422

SHA1
3c6dfaf7710352e894c3a645829e3133e326e2f4

SHA256
4f9ee82f3218b66686ffdb11c87bf931eb38a8cdf1c03131602ab5f1128838fa

SHA512
e7768c87632a4cdcbcf645084683021345e2bdf469163e2f3bfff46e004dd6238a7889a6323f92b97d288071de5c5c1babc0b81cccf0f4abb120031886077b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c04d20bee46553b200fb35421c7071ef

SHA1
0b8abfbd04614d60aa176ee0510bdf164920b356

SHA256
1badfecf97412d025d532b1a463a6551fe72d70fb5aa208fc1bcaa614149b361

SHA512
29cf06e979cc0c61c0f3d133591dba6aa4d42d2d2c9bf4a65ad1bdd6a71d1aa0b928dbb7ada66ca5e25a12fb64ef88547ec004fe0f047ae9eb13eaef1719ed94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
85db2538651b979a1d7f01f363e7c449

SHA1
86d5345f97ff67c335ac25b11d57589c723611c8

SHA256
8f9c5feb1971fa06fe55342b2c041dee99dcc13ef3b9bfe2528ea17200351457

SHA512
000476ae14508d12e02c8ea3c891d80314bf19c28d0e368a364034d3150129d43113c5800f62bc96a37ad3919175a3ecd11dfd8c631550676854dfc16097b186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e6dc728234d7af639c46d12bb7791db9

SHA1
a861f02c7adb58de4e740d7d8f864b91eecd4936

SHA256
9c2dc279ce9a6c0ccf8d38275c73d442714d560eb44745a7239784a5727d9b06

SHA512
5ca3ec701923eb2e788583b64e41bd72c49e210f1ca0d00731815443468081c1635c190646e04366e1dc31d9904558ce65cdfbf28bfd3050bc16892bdb58753c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
11KB

MD5
5647e551b188b976cbea9d237c171091

SHA1
8bc9dafd4301011597d48eb3e459eda63b8f711e

SHA256
24cc1d2407861cac07bc9a18059d1a7cf7b3d42bcd823af31b7173a60e691aa7

SHA512
7cb3ae3b7bd729dffc6e0ff9ef777717cabfab3ca1a4b0dcc6eb87a192dff95c638df844ac029062de59d587b545836f09766bf598f2174334a99ccf832e6add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
9dcedac74ea5a3f0e17eb098538642db

SHA1
55d78c9b50949be15eef2363b892844f8d4b2efc

SHA256
d7049aac900e024c5b3b17c01ecf9b2ab9cad64a13bf5fef9a69fd03bb6d006d

SHA512
d48daa8fea5f42ec227834c83a40b65913aaf39d0e263e070a2382bf04308665511c670cb52fd6f0c039cba0016e52704e6647801b0438bcf64eae1e0feec14d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
0b68ca4bfd5851783f50c91ffa8318a7

SHA1
4b208e8dd77b268a6ba2ded5404982eb9fe453a5

SHA256
4eae5010943da5ffead3ca38d8d3a0b7c5b3e313999411d236b9db0999a2d440

SHA512
1e62184c3f9f21592f676e0701b5c1854647850e92b0161a09b91304c0a199eeb370e9fd0fd8a53771d00d307b5066e0514c4533737baaec6eed2bb383ef848b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
67ad3a57c939f1d7ee9ad71e7b1348a5

SHA1
a3cd3d33f1e2a9b745722b43f0239125ff1fc568

SHA256
f335edd830375f0d093bb929ec4a5dcb483b89d74c3bc4a88f7633dd06059f77

SHA512
488205f1ba8459b715c3e4d26c2984cdfcedbd0efdf668bd01785ed299942eb79c5daad44c683a92cf4e98061fa9378795271275bba14fdb4df61ec1156f2236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
b4fccf00fbe247d6c7151c2b702df37a

SHA1
2e9ee33d874e03e493ed09696e4e0b6e7a78effe

SHA256
2e00554a60a3f2b1f6cf0b7b7071bbd967ac3504f76b838f4e30ceb42485fc92

SHA512
61cf2226edd2ca43ed8a72c81ffa47714a32c94fb430790002bba62a4f5735ee945e622a7926d9504747d6ace9fa006c2f254ee0798fe8210073072360ffda9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
10KB

MD5
fa3c92c33fb9732ffd6f2622353c5527

SHA1
ed53e006ec2c56c0a6b26c75542509d4d5fd2fb5

SHA256
86687b88e2b53f851f72cdf73aa311f5b0e065fcc6985085ff592ed1619a0ade

SHA512
a1a13723bc2b4696636d5a7bcf424d837654bdad0fdfd78ead50ad39e1d2903aff0e8812db06600ec38f867edffe8c9f3f69bde1021001480175e58b0428307f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
f4f6ae23bc02aa427228045c71edf68f

SHA1
21b0ce3fd5cbc3ba92e02c1454ec69bf1d18966e

SHA256
f026350c74612d0520df713243f2e8817650557b6c9799dbe8e0c559aecaa8b2

SHA512
21e47807f5b865b8cecee02eff36575c0812e7dc6a4bb8a7e092fdb11292b9dbe65b1e76263b9fb39d93adbe4981e15cf8f7a4026590cefc9ffde514e6f0a0e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
b2c905943161c023fbbc277e0c242574

SHA1
54b409ff6c8aeeaabb8ff6df8ad32c4c45c19917

SHA256
5afc7f7790ac64720b1332c03921b30d583afa546e023f37af9051f7379c10f4

SHA512
1cba371b4f078321546304b6845ca9df2cc687bd3d43fa85a010f58ab0c9d07d36ce893e2751494b354a85b80c9d251325961edd070c663bf791d029954d6e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
8fa37f71a1097509ad4c12d335dfb396

SHA1
6cf2fc625afae5332d9531eaa33bf161b6dee852

SHA256
dbaf49b03226c6a5bacbb310c6769ad1f4a3af691d09ea04b2b3f551794bd40a

SHA512
b94cef46baf22708f1fb00a7ae3c66f42f75f81bd6e2aa238d2daa91263a146ce94d768961e38b5ff5089a643c3248db10c92c4da5b67625274ef196919a9084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
11KB

MD5
708f944499fc38d58170470d6bf07233

SHA1
567babf591799ed963a6ae58f60a8c9fa3572d59

SHA256
480bd209140aa3c565f9c7b05084eb0a7575d9c48e139053efc3907eb6bf11be

SHA512
f32110b97b1bdc77bc5557f01be67bb54c677ee43996b8f3a9514ace72ea68a22e869e2c135e926a278adf0c1cde51c9aa8e606c1277f5cd4f45307e9d896c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
58fd492bd195d0835d0fbc2b17e22ab8

SHA1
3d737aa99bdd15b4fecfbd0fda9c19f90120d229

SHA256
bfa249f01a5f6026c820d14bd8825781506e07430695cdb64b7670ac0810daec

SHA512
a66977dfbae3216f8400609ba5f39c3f3be59068db32817bcb25723da06925276029d706dbdb18d9cef251613ef3cc3fb675b2d5b09335130424a878281899f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
11KB

MD5
f4ff80801fb2e27c378ef91dee39857e

SHA1
6288aa34ac43938f0a69828e9e7d69d8e5a4f9ad

SHA256
2e6b84cac340a40dcd8a52d9700e8ba81a19d48354e9f0b13bb80dd218cadba8

SHA512
5c6055c90343aed20ce6bfdfa737dc8c447ebda43a7850ef3fa726ca843374ce3103e55d4db20fe9c0640e024241895e12321b1445f7601c2aabb0c68200c792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
12KB

MD5
695af52a426ac65de0216f32b22c2c10

SHA1
b41491911983d63bda5b9bee33e097db1b696325

SHA256
f174e8b06b7d0ec666ac65a93f8ab2674f5c862459b701ea30b7eaa0782043b2

SHA512
2363fee49efe5c20be243af216df92db17d0ed50dd7f7643bece56ac33a703e55db106c7082b87575eec6849469e17e60842be837be3505285d4dd6875fbed75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
0e0723393a11fcc0f10d9e4c596d8317

SHA1
d0c5eaa68352e1f8ba30e88df1c31c63ef79fb1a

SHA256
b7f0af9fb35369e0a29dd75f9d1a6b1ea01690482797acca7c3627d31c0ee8f3

SHA512
82d45c38a9b857899a8bc4d60f586a058568787e4600ec8bb402c073f7023a0ea647341e37d14bc873bfc090b4afb9cb054f225db7fac78009d05ee68e931d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
5cc81dbf5cb3b7ab3eea67c301fe3a10

SHA1
0e799b3ca9fafacfbc489d4c55162b052903bfb3

SHA256
75c0e9e2581f764f93f8c411e1304bd93470fd456c2b417960cfbc398ce0cd8b

SHA512
b81ea610dbbca6cddf661f6dc9530cbfe0ea0fe5c36eedcd20198e6b8bf3eee7e122d62eb1125cb5e52f95f95944dfd5a77809e7853fc47bfb4e80f8e48dc0e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
63469388d3f359dcf5f409f1410e5fdf

SHA1
9280c9fe9dc3b3f13ba23bbd49f75a5764c4517e

SHA256
4aa64009ae728af2396d064fb5b76f13c5d052b619222fda5102b9fd52e590a6

SHA512
9f446f0a72a4a416b6af2bae62bcb0bcd8ec819434229b3a858828deddb32fbfaf5949c69fd8868a3cdeb38f1cb483ae4c861644154d2023dd06c4f60e8481b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
dda3cda46d44d337aff46e5c3699ab7c

SHA1
d5f31e4fba07e0d275f443c79d9b3ca793c39c58

SHA256
1203386cef0c49590bdf16b98f0c7a95b2dd507733bc67f3ede01bb3e752fb2b

SHA512
8c179d6ef860b0debc42aa876eb52abe16e61643368ab72eb2c195166e67e38bb084dbc5288f3983c7e08f191d3296a50d4076cc7c9c0ab8b53ad91782df57dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
1d105937363fb95d7f616061696823be

SHA1
1e54c8dc92af3c5fdd6f086c5f7001607a4effb2

SHA256
64ae5c58aac54cdbebe285956e00139234c65c33ea78ebc4d652e73ac5211dc0

SHA512
0c647bb3dbd569877b4e5511ad0d4d10e5b336b252f379064b3d8322c06cbc0dded02166182df4b83ef1e6bd7f062e4858d36584e63235080a5257574a22b2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
e5b3f9b3c506674493768025901b89e8

SHA1
f6ad42b88f8177ed09be45a565b9c2098f28df59

SHA256
412231c452bf43413293ae52976ec95ad638cf4e6b72ff4ba2cbd666dfde3ec7

SHA512
6446ec5be37a3f16f478f1f2450696f721141309c1f6104a9ab29cedfc5de9d0cc0bf295c63a99a5eeb5d0edccbce51e9b6223f371e931f5f01f4b3d8707986b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
3cc1362dc456280e21de2dde79192c13

SHA1
572d71ed9989126a907815a1de92a06b46cfbb82

SHA256
9b60e2cf5fdf7f9543a669ef0e3dd0bb7b22c6db62c9d1d151d9c99410fff45a

SHA512
4f3adbc8709dc1187b7ef37107e64eaf221f2ae826a4429ab9115b855b8f30344c288ef9b6f7c4f79b0e7992e8c22c58e108a77aa292ca4942faafd8e99ef413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
12KB

MD5
00b720aab19e0a0a98c85ccabd527aff

SHA1
191a59b13d73b4be2dc411df7a092e8f46b5f035

SHA256
5f8e242ab374571ba21cc694e2e0c02e4f4b4817be39fdca0f039719c78d85ce

SHA512
dfae0e8b604ef01d3f312bb0ffdcc380b41ee32cab9835fd35a81e076f9015ae08aa2ec9a102dde99ffe9196cf3a17217a226f92493e78ee4326f80c67c37349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
f981749616aa7a732e8ea9ddb9e5f3c1

SHA1
dc0d23506ac9613dec75743feea8d03eb8228ffd

SHA256
4b1afbcf262f8a34d7d23f51341043c93576c8cfbf6f51f2630b44da33e17d3e

SHA512
f11f6a9ce81a943f848a80a38b140dd96c857baddc4bba2ad28fc2d895798039ee3e9885d91ab496939bdb44d0a99a2c2cd5e2dee31902d8302aec407fa261d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
5783841868f57c11765b0dea7c00c756

SHA1
52c52dbd2d783f02b156376e888937ea232a9827

SHA256
45e9348071abd1c6c5b44b8ac028d0cba1a21b63deea1708df30f0f68492f5ce

SHA512
68fda845920fb15d1d57101ce53990347e29c0ad9165124d6a9aa6b7dc34802018df9c6c40e3672d6aef2bcea72aed42c18b258dc57fc7affb3927d49a6d7f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
11KB

MD5
afde8837cb1c0f6ac0c249fd75842cc9

SHA1
09de3feb2a9160806afee562eb18e85f6a05df01

SHA256
1fe816ad00980bf41ac49e4ffa66d3db5a8cb14850e2e24c73b96ed2d383219d

SHA512
bc24c8ee5e291805c737e482b2401e8499a5d4d04933b131be7afb98851e3443738392126999c17e8f077fc725c6e915c183e1078a0a4812bd085c7bf9caef9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
13KB

MD5
60c0f285124d39fae42272526d15e676

SHA1
1b04650c84ee3cfef0c9efdc2b06177e93b42ef2

SHA256
8f0a329a237b6a718e8f056285b4970dcbe0943dae06d00e9ecbe6fee3cabec5

SHA512
cca5abb6a445f6150a1163018d3a4236e549ef6ab3c4ef37de01a209f93196129dec8dd279ee37dca4d28027635e9fc1b415838365ab6ece92b229d55cf7a4a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Secure Preferences

Filesize
15KB

MD5
8c56ad5ec458c872216ecc91a99b648c

SHA1
e498e3ca9a0bfeb21a210435e147e2b2aef46436

SHA256
5ae8154c7a8b6cbec3cf0c79331150a4cdebaa18687e88b8f82ba1db8afcfb13

SHA512
b83f35de8f8a70640416e9e3eaf805211b361961eaed7022aff35ae998fd339fd2f1da731cd6df88d984ade2db923a4fe62f1a39d04b41a3c630796e43297f82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
eaf69f670f1c21bbfd73937e70b553c5

SHA1
63b68049eaf193dea4512ba2cb2c6bed69f0fc38

SHA256
a752c0f98eacf590a59da4bfcce76f21c0fce19a7a2adb7023bc3384edc1f6ae

SHA512
bacfe5386bfd35efc40399fe040ae36cdd523ec247b9a5a55e8c58bdf3cf43c45018e7c5b06dd97cd775058239db818a54f38c59a94f774d1e9dc3a5263674c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b9353.TMP

Filesize
72B

MD5
1b7bf866dbe69f10433c8ef1056fc84d

SHA1
00b6daaf8c3429d14b4b815f69571ea5fc9bae19

SHA256
61df877fa563abd4c300f6ff9b7b99121d94138a5ef0b4fdabbae71a51c558c5

SHA512
d05850187616962e8d7aa500029b0c6600dea6b975b2be36c1e7ff892da7f327d711af4bf1231ab486d9bf9a89c1a73f962ef8268b6138d48a20bac6a585cc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\eff4f6c3-fe2f-40b5-85a5-1036405c7a76.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
232KB

MD5
250e3bebb45e281a7d5288b1b8c01610

SHA1
99a244c9a58e5ed1dccca9b10fdaf27cac46ed7f

SHA256
49c1ff354072a06c8a44f9024365e2cbd09add0e8c4f6a3c373a8db68ae05be2

SHA512
f5f195c2d37ebb716f6df92a148b0a495078aea2ba3318ae0a3041ff2a953ed250d5721be9da51c06bec45bf291f325c65584dc353dfe7d38262d7b3ef087fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
120KB

MD5
c335efb446dc4e1fd5b99c638f5a8a9b

SHA1
64cccf2138e10110b1ef6c20423c40e370c34a1f

SHA256
118993c413234e60bd5001ecbd0ea9f9b743e063cdbf17361d8d8f0b258fc6dd

SHA512
1d0d207f2aef8bdacd96c30a486a9ea69e6c1c2dfc29b79f1211f775311f69b6b14156b0081864dd8ac967f081c192d56e53bfc23ec52af32bff1697fc67a80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
232KB

MD5
aff497b0efe52e8a524e6db436077a59

SHA1
0066b3e0dec8b0f13c8b3f8c5102b767f0ee3836

SHA256
c574a532382b51b3ad5b87ebdf8f6753456ba33be5a64bca6df7b8e345c2c16f

SHA512
e5ffb90f758adae86c698d9999e12ac177608111d379a4d0e5217636d179c0ab6237f0ef355e64c4a303755ceb528763acdc5d9621825af051388a71f72a515a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
120KB

MD5
0b4e2cc7631e9a13e3624f17b3ca4a5b

SHA1
c034828d3e87d94ef5e7941593ab967c92d8124d

SHA256
2b4c4b60cebb0d2d68a510027bb41c3436829e27732e85fdf638806d9c4662dd

SHA512
44f7a25d56eaa1440bccc91465662dda19d0390f25b4b109316056c979f8702121c42688bddce3603de408ffd0de980b64832b56ea7d3335cb7eaf3140e00750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
120KB

MD5
0410cd17b3e84c18465d772a0da45d43

SHA1
489cdff07f1894a2e66af5ff101b8d0d871574ff

SHA256
1b4275513a9d727646c233eb6114192c3da8ed56364d2ed2266e8301a43d7a13

SHA512
918d87483a23374f75f8432b1da3b96d808079a9d5cb20f2b87f072bc4ecf9c92b4eec4b8c849d25299b0e4ab4381c2b88d9573f5c9a605e8cf37626b3f4ed7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
232KB

MD5
c95095d8c1496d1e7e2d373c80e4a8db

SHA1
1788ecc0161089ca4f4a6ea20c249cb3e2df9375

SHA256
c919828d892ed99877ecad067a55953c5a645a5fc33fbcc45ceaf2db8434afae

SHA512
00e19f58964286d0db03e4b6326c337cab15d7917194c5c9e356b8579098ba98e2bd5936332b2fbca3b0658380af9627c15b2d42f43090ecc4034b075100374e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e930267525529064c3cccf82f7f630d

SHA1
9cdf349a8e5e2759aeeb73063a414730c40a5341

SHA256
1cf7df0f74ee0baaaaa32e44c197edec1ae04c2191e86bf52373f2a5a559f1ac

SHA512
dbc7db60f6d140f08058ba07249cc1d55127896b14663f6a4593f88829867063952d1f0e0dd47533e7e8532aa45e3acc90c117b8dd9497e11212ac1daa703055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
90f3de017310a00bb1275c0f8430d981

SHA1
7294fc12a55ff2afce1a18b01102c2295df22df6

SHA256
74927e8a3f9f4cd7a5a59b312f6ed5e40023d323a94c7d37e0bcb29d2ec8a740

SHA512
0f81debec69fc69432f621d92b7647d8db79ccb8bae66f8ff651b61738f7fb8ddeab6a5216540322673a00c08786a7de74dc3c926ddcc4bb7b7884f4e56d4091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
0410c9827a8be6765f6e9f9a89c7407f

SHA1
1904772860efbee99fa17b54552534252506643c

SHA256
b586d1eb01bfe7f87754e2114e00bf2aed2b761f98f8f252327e4edf201a41ca

SHA512
ab191e4c948405374dcdc41cfa9818407f4a088852548821d324f10592e33bf3b68fbbfafb0c22dc2364672fccb91f1fc57fd80af9dcf65e03151cb988ae13d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
63dc91941f66b2fe46ee7a715ee0dcbd

SHA1
103991943937f717f288d87a82f8ee8ffbedfd93

SHA256
c3cac78bc09ae4e920fad92df920bab9a9c75f70e0e4f027b502d92d328f1c7e

SHA512
3eabd2ea2c9197e752944e716d8b60a8ba1a3f3f778d7e0fdcbfb2ac9e9158b6b5c72488af286da47e94e51ac10daf95998daab6b0210e2e082b63eea22d83ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
5ccbafc727b91b87dff40d599ac3619e

SHA1
3efc809d93090c463d02fee17597026812e508e0

SHA256
04623b7b3697d86f594f5efc660ceb72db292265ef8469516d0fc9d715c9b327

SHA512
2683a3127b1d0b7449574e4804bc6b219796654ab1557457580e8aedd67bc0de9190b6666864f203cfca274d9fe6e7ccedfafc10ecf4e61a436977444755b676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
1113500af04bc5fc7117f1ad2cc94519

SHA1
181b116f9acc7718a309c9f7c5804bcf19053330

SHA256
9c801c7dda2ee24d8b00892a6df0f0c41c6668824c6234ed3fdd150b8f3e34fe

SHA512
981981c5f9948bf7ce7ca743e984ad1ca3ce24357d99f2c2b57c59756e10256ac115b8eb3d09b0ac350be5030e944d9f4e3bde52d1e7989c2aa6608007cee468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
52KB

MD5
98ebce30659e21df5aceffc074f6bfc4

SHA1
91e058f469f389e09de31e345a6d6618b3bd2d4a

SHA256
8ee1611804a2a1cbc6903954dc29216b6f6e99e7641896fc48518707fd1caad8

SHA512
ef15bba910a4ee0b0e9b89ac435c6f4526cc867ad50d0c2a1ecfd3acdfdcbefc4ac84a8b30cce9093b6e563386a7975c43908cb3e595f98d776e85414ae0deb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
20KB

MD5
2766b860b167839e5722e40659620a47

SHA1
47766dc72bcace431ee8debed7efcf066dcd2b59

SHA256
725a5e52a501bcd107624aafa44a857c00d02286fde07be774afeac2efed68c3

SHA512
a97f77977518ca755e9460cac34e0b5358ba98b3624c53f0e1ef7b947e62a6f3f99caf2852fb3132c822525d88b67b9c1ed778b3e40083d9df36028c85f73ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
36KB

MD5
d206eb96c7f4cbdeb46aad262828ecdb

SHA1
c616e8ed1335058810aa97cca5bfd33d6ae70d10

SHA256
c267c4051bff7370f13b431c83945c195154cc0a6e15ca8135d1b9b671253ad8

SHA512
9bba694f8ac1ededd4e9aaebaaa07c8bc48ab23a069c444e53c7fdbdc4346049601c7fd8ab27ece21b11d18244f75401227cfe9ec13eed900d59dd3cd8bdb0ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
19KB

MD5
5114be136b2c3ee5d2974a4700afbec1

SHA1
20a9f13858368f7d0391ef25a592aad13010731d

SHA256
d58dbb6b31fe57e6c6a88e083d9ae2621ebe3676891948a98dbd929dcc22d343

SHA512
1715698e9ba1a19609b4d97ff2a49ad0d280832b0ab2f3c04066e656801d9cecf900889cfb85fde86300e92108c6a688f2664b21513bb5598316c20b3a8ee933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
19KB

MD5
a65f7f00889531aa44dda3b0bd4f4da2

SHA1
c8be192464c7e60d4d5699f6b3dabf01b3a9d1d3

SHA256
0dcf11ca854f5c350637f7f53cccdaf95492dbbf779b905138e26b1ec1dc91e3

SHA512
6f48f0f7cc1a35a9068c1284579db065e0fd4b2651355d68a8ff5ae9df86090be3f6e5ac4589585166829087c8bd3c37431a7066358eaced0cdb6c5a0d544fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
37KB

MD5
c130e937317e64edd4335e53b17d55a2

SHA1
51bfff9dee11ab5a8c43198c0d6178799ed9433b

SHA256
46025a134ebdd6c6464ff422818e60938fc41af735f7951f4febe29f57612a49

SHA512
68e5fa69101a7347028ad30d7c004dafabcbd8f8009df90d0471b19a36741075d72da56a2b1693c2067902630584bda5536f0702302db5d69f407424d4a964de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
37KB

MD5
c67ee59476ed03e32d0aeb3abd3b1d95

SHA1
8b66a81cd4c7100c925e2b70d29b3fdbd50f8d9b

SHA256
2d35ec95c10e30f0bddbfb37173697d6f23cd343398c85a9442c8d946d0660e3

SHA512
421d50524bd743d746071aaad698616e727271fdf21ee28517763a429dcb6839a7ad77f7575b13c6294dc64d255df9b0a64eb09c9d3b2349fef49b883899d931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
58KB

MD5
2389054bc92fc6a9b9d21997feabb1cd

SHA1
d46b4bece5021bbb060dceef4273475b879c75de

SHA256
5c38b4d4f6b902a99e4eb9cd922a2a2a37b549388bb4dda0b756bf6d5887d6da

SHA512
5525a4228fe65d25f0084fcde29dce0b97b80126e36875d226549f379e56ae52c0b2ae12752b188fb9715812d14d740f1ebf35f3ebb5c1b4e3b564836ed30b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
17KB

MD5
568f867ac41d3e2fb0a39b4e5aa2b335

SHA1
3ce36e229e8642cef02fe9decc84ee23f409b413

SHA256
86a625287dee58fec499322a390a33e33bd65f99bae9479b9c4a1f3279acebd7

SHA512
badb4a434ed850834a7b188703366d68f3fc5683e8f09e7930e1c714059378e1018b596f17e452bf514ed237970d02d6d93d2305990975031e5de568619801c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
38KB

MD5
b376c55a7ba31e51dd8e8255789fe89a

SHA1
439c757d3520f276a8d313f8c337aa90ddbab16b

SHA256
97eab72e32402a938305438fa0682cbaf45b75af692793bd35bf9134782e3bef

SHA512
99b31f6378611df26a3dc827aa24709e0854f2a1595097482530087cc26761db5efd6be323005e49b89563de1169d44d86888c98eed8e9ffe880f516281a9c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
19KB

MD5
ca73096d241a63e659343bb1175f6c3f

SHA1
0b95ffa70bbc837a9a9fe1ba7f331aedae1e8902

SHA256
a9e19c42f1330c343b458f807cd1490248adb5cd795407f58289a8e6c4f5e66e

SHA512
bf7d5d7d2916b6f10b71acb08fdac75cd659b2115c419eba4d3ce5d8cd056e387cb4917fa83f0f470202a3d21a23ea9ab707f9a388419571b803df79eb7f3d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
99KB

MD5
2940076ef5b451648e126653123622ea

SHA1
46adb402ebad36dc277bc281d15b4b9643c4cb6e

SHA256
2766045315b53c22ce78b0c83624a7f52000765c55061a9deae19ca67897d664

SHA512
f695bdf186be90f1df6d303bf5beb5bec9c71a069978fb6adb23b68c893ef7ca0c5da2cdc32d39cdc9a8f0bbcf0050abeb3cc02c75a2861d9434591ac8680922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
19KB

MD5
9f35ba270e9ea92ab439941460109ef9

SHA1
699dd11d06d2d5925cc91c2df7e4fca4acab56b2

SHA256
344f84869c6a5fea3a0ba409a9716b2d5e83b27bd295603d72bdfd6f8af98f24

SHA512
8660fcca9cf7ca63ccedd93e9606b5362babb0d2b7525248d2530a1656043aaddfbd71d4e21cefbc1669f97efc2e54f6f5e60a2da51084997dcc56f02ef4e750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
62KB

MD5
fcd0bf66ba9c46bce566d74c0cd81e8e

SHA1
8722e3f744cb9a04b3ab45d64ad2ca1d1e86d2cc

SHA256
bd82c3cf3086da8be3e1888da5066b2c9b4f836c23ab48695160c24346707757

SHA512
7c040692556ebed927010888335f450f51a82a67d6c88fe52ac1e0ccce1f2be54c5826c2d62adc5a493a132f74a97e7370109cbdc304671dd62c176e767be555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
72KB

MD5
c2aff226dc0e429be7c1ea0f1747f05d

SHA1
6fc3b888a8974e9b9e948cad2be5eb2327a17f80

SHA256
c5afcd065785a602eafed3149f17ec551800e76c6aa29695f17b250834f76229

SHA512
b79086d14fc2efef42c932ffd54bc05bc071945c2f172152bbef0ba1264763d19547ad7d88e767ceffc133037a0c27c402a8bbeb089f899e61e10c40e694ecb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\013c30e87d4d8da4_0

Filesize
360B

MD5
1bb7a892b5fe6fb354d34b9b07700faa

SHA1
111c949ef77e599934ffd5958955b5e764490356

SHA256
1c367f30d5ee2b19a678a09c685f4b516c3e94a00dcaeb58c90e561e483ae4d7

SHA512
099e9fa9a771d531e1fa7f0b429e4ab33f5b7cdb8edbff2b9e42ea76e8a85b359d0dc9d068044f772521e20ad71f0ba14d00397df58fe0a235232222683ebe53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\045a2624aa7d1df5_0

Filesize
232B

MD5
22dff97793ff337ca598ca5e96765e1e

SHA1
d607dd95da0c285956190f0d935fc08d1f5add5f

SHA256
095f2a195ff6f4f321b6bfece4219378f2839b9bd01b89910b3a074313858942

SHA512
467898548d88e3a238421b3beb4fc10a6c2eb12618ec10de13747432b5452417b1d172f57a55dadaeeb1bd2e4d6512e02734d5f4c74d416adc9e60503696a555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b4ba623e7fce2e56948e25de68391f77

SHA1
a8af924665e6351e29bac627f2d8768c680e520d

SHA256
9f76deff5fceb6578e298fa2c4e078b1a03238c917bcd1cc4dda22768fab957a

SHA512
57f852b4c0b9863a4137025e853e0e56acc2bae85e848a5c07af67c36c615667367ee0936d044ee3f3bb9b4c25ca9ad68bbe6b11f17d3aa54474a6c88b1e7000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4fd0d8171d68815e3810d86b2451b2a8

SHA1
47de951b2f83fb3e88092d04fedc17df5fae9352

SHA256
7ab390bcb7a78764d931917c0bfd5d25efbd55cffa7d02d1b9364d04aec6d341

SHA512
26a643e43c75d74e55eebe48902062beb5c5fb7ec091f755426a47795d79e73b9420b93769f37fa18a9005639c1f72d0eafef6f3813e6c6751efe8af7cb55b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cec41c90f317aff6d06c0e157db6b545

SHA1
ef909e711e9d0c3633545f24f70f1952289ff26c

SHA256
feff6380aebb4583fc417b87d836d37f18fed9346991607907db0ea4a754a914

SHA512
4ec2efedf7692ec7dfb9abab33dc2756698f0d521535e93306e2c4aa0d7a03c86af90c5b4d851e503f668cc58a8343bcbacb3351934c009671b38f0881b3c688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
48ead857ec309bf6d932e42b314d31fb

SHA1
d727811f8cb20947b7b5f2c7d253d1f3955d9b83

SHA256
294296c965a522322fca502d0389b4e84051ab6948cd9112cf68a8e50f9b3bd9

SHA512
f18fb6a537e7f9d38cc1988d4573f6155229fc2d72561afe5daa05c46f0f0f689e8ec49aacc522ca374985634430131d66ba41303a61995c74afc0dd5ce71f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DIPS

Filesize
28KB

MD5
6c16131b4712f564027424f0977d67e0

SHA1
d92fff67fefbf8f61225b1d6bb7a190f51523888

SHA256
d8a25127146e7a92e6e901b52a82d0eedab5e9df5bcce81b278ea18e0959d630

SHA512
0b4068fba49da2be9f2681a51c3b79e4f2d9d753d919ba7e38b22567d6b5a6c9597d9c5ad7e11103b6909d0237c0ed6352ea115f47b56ba4f524b24609bf91dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
b9fce5b21527fdea19eccae0e4afd55c

SHA1
7ddc5fdffecb46d5baa11ba1c5c00066611b2c8d

SHA256
63ecf89160867f4c132c0e54858d181ccd2843a04af4a0f4058f4d4c08643bf1

SHA512
54be5bfd42e7845ab78e52ff0e8b9be9d8c921dfcbd607098bebbdce88af65c0136081136b4aeabc8f0174bdf7e87e027d8ba1551176ccd4fe66e3e35916dfd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
240e3bb27b08799c5c35a1b3a1641440

SHA1
7c7b6482c15a382d469e632432ab1ea12b47514c

SHA256
bb1486d3586c7970020b3c30ffbbc5b4988bf93aac49defd8b34b4a756249aaa

SHA512
a4300301135c074628c172163b2653739a07added54b87ba1c0963a46939f09f766342992760db1eb6a2b33e3b475b08b52584707bb193a068cb500423f6bb46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

Filesize
8KB

MD5
3ffd182c7219efaff4266d31668299b7

SHA1
afdfcd19128fae3b62d4bf6b6349793fda7697c6

SHA256
491ce9a3ba1519b3e67e7e77fe03500743aa47227a41506bdb318696441b758f

SHA512
9239e67abf7ff7a9c7b24b53977a94512d8303a6a3b73c891ac95b056043558c240d846355ba598950ec04a977048833bcd26bfec41a00bc6a59cf40a596cc1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
eefac1ae5fccabd85ccb2aff682fc52b

SHA1
8132a0a4cbdeffacc9e0b82fa780a759b3ada97a

SHA256
651a6a2ae161ce5a8a08b7d6fd0a358ff33c823bc5b8812d7c9194f4bccf443a

SHA512
5fd506bf3bd0248b2c81345f1e5c6099177e37078d9278f14535987405737df747d0cc350051ac4f4d6fb43f7545cb8103b666bc47e69870f16825c1bfa7afde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
026ba0969be827e2c0c9d12a413bf558

SHA1
45b2ca159781ad26dcb5c4b6c0d69880d8c4ae1a

SHA256
f6fea2cb46c192d1aca9aeed274c6359e342773a201581008230bbb853509281

SHA512
68a8782d190e511643d5716c881663529f78ad3c7c1b8e0ad78e30dd520fa3d58e23a4e4791708f67eb7ab9b3c296e28b4ab9d4d84c8f2215e74cf6a954dfb9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
11c1cb2fd86c305ac3b0867751d3d0f1

SHA1
a90338687bcd611648fded7732a4e89ff34f2449

SHA256
9aaaa0e1fcbb5fd1f5dd4b792ff8a9fb38820f4ac6cf186e098f732ee4c08de9

SHA512
dbf7dca53d3e37a86c092d91880ea785e07aca85ed2f90b10765418f4e306faf0439678df386227aefe491118c4b0da21c5e0a68db1fd05216274287b1f75702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b88a728088858ae1c8997cb4eefd10f5

SHA1
cd2946443c1d951aeddc8d841c36b5de9f0efbc6

SHA256
45d78b7593988d1782e551fb80f0c4a53c7b97098aaa11bceae3d4a798684362

SHA512
41e2e7eb47c04a5c6331987a99746247218ffce383014f8a7bb222f82532ff4623c59433f6a56890176495a3e593d16426fde0b2a7b142a4d162f64c77cf3351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
02771a27df1059afcce8ac585d5a8cb0

SHA1
1e4278f5c680eb034a724a9fa5f471a3c803adc4

SHA256
f6262289f1222f0228eb2e62a3ff032ac7da4a08bdfbc311de64671d12692e4a

SHA512
e6c2efc1960b716af21abd07f35e9f87cd0ad3d031ba80a4cda42545efe912e5046d620c2cb86632fac9f1c22ddd931537ebb848406bcd40af5655b5c43d8a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
32b87b21553c79623824706f15964379

SHA1
1c732e826f8e5285590529f8c56b1980e734cad2

SHA256
4e970a5f01102f26ba11a291a063f7eea84cf58134aeda50839ee441f95f2d57

SHA512
017589dde41189a709603a41ec89f5bf88ae2737bc383442f2aab3dcb8e2d5afee160fb8cd8bf1f37b7b8bd8d7fd01a1c89202a5a5b777315286f06d9f0bfc15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c460ef3dde0b3af0adce50f8a9177d4e

SHA1
d3c43dc660fa183891717a4f29e908c79a2c3c5a

SHA256
5a4a102b216367d48ef97f372e271984e4e40683d93a2cab189a2ea98ab80067

SHA512
a012e8a08eca1a07749b514b89bd9811193bb04e9a75022af5b899d793582dc9a6de85a8a2dd1b61c7af30b27d7ec2ea982d17d3be603e2d28ac0ade38bedb27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f8449206113abf28dd031a8ca840955c

SHA1
b47d76aa16c1134da024053de21a5361bcefd3b1

SHA256
48ce4e60eda21e9401d70c3daf4f49f3800d127025b6ce80896377631a77cc7f

SHA512
03dfc1bac35c511885db24b6435e433daf7ab2b6584d6421447eefe0d35de6187e8ad4a575bb6779d910a9f52a676a409b9e249b07d238ac8bb052d960c5a3ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c184303751c3e362c7e2debefc0b6ff5

SHA1
acfc0f5d776b1aeeb5a14912934dc50428fdc5c4

SHA256
2441c6b911330387b6717c4ce6dfd1c9401958da80fdd8c1973523e45fe5f814

SHA512
f1aa5ccf0a3bb57224a2327a2ff5d066b875cb071c1f906cdf7c8a2facc9042d1f53bf6b9c5f7a658ad86d76c354983cd608912269ef2e6143c46e2e4e29b1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3e8d263d14fd8943ece41f41ffe5e11f

SHA1
7b8e28a5a4b6ed18d5b28b0ee5beed07e1100d5b

SHA256
998e508a9adf1faefb8645960e7d74ab80e45d91cc4c8fec8704207d73080675

SHA512
e55fe556ef93468169570fcd2a08f88a474206b0cef945137ec814a510f83fd9d609848b11808cdf59fa8aa812bec3f3a848a6feb69305fb16d9642f91b67b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
25e4114c12e588a72b3f4f8eb4bb10c9

SHA1
c47b1bce8cdd3bced2d3f7618ba6dcdd84b1a269

SHA256
8ac9a67beb9dc6cca1766c3f71ace28e059075bf16498805c394f83d28c7aed0

SHA512
f4a39fff52baee890aed973c4c13ab033d19a6bf0b9bc82397a3e7af0e06ff18eba7fd87f48c0ae49f2667fe538f8c8514fce19aa644a877d44c3f3eac0b4f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b3027001402c05e8868d6e4ea5af8ec7

SHA1
90586594dd284b146ec9683c24a9eaf3dedd5117

SHA256
5e270039a436fdf52286bb2fdd2ae1ca0a9ff84004124b4f419055aa127e5bb5

SHA512
d86a752501257bb40cbcd73993d4f817bb883df800bd9ba5d2fc483b3d885e9d95554b2de22904f0e1346f06f7ffaaaa827183bba0d095593c06370c14180a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1008f3bf6267afe04c0e3d177023156a

SHA1
21aacc3b76535006559c79500d0be1594325096f

SHA256
e9d27d830e1734b364dad53cf6f14390984e9656ba3e0bc4c2cb725b55493832

SHA512
71690d25c2372864d8633b068e145a0597bb90fa8e34d249df0bf3eb02fdc0885bc990b6ef9f4e52ec5cc3407403c292ff76e198b3f43b62e157e814ce43f736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
baffbfe34a701c546e5556f13bea0191

SHA1
1c6157e804877ff4e4ccf4bb1c7c892328b97d61

SHA256
eba4592e2b8160431875fa5cac0b9dda822f7d709af87564e9137b89fbf2f1bc

SHA512
f64bf2663bb51fbcbd5d5faaff67722122c661671911e3340f327abc93a3e8e70cab582cbb128f5163a6b7e56a038d142d9be4b629163f5bdfd7963d97f89639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
38d58f67dc007db951245cb0ba8541ee

SHA1
1de39443697ae08acfa2224472b083cf2e191e35

SHA256
d9ee17d9bceb2479e564d99a10ab7da4a23b27b951c7d763bca3be8cf4c33244

SHA512
25f8be62e1d3063f2d4d381aafd2d493055c3639f25f7ccaa37139feaca1d2ffbe11923df2d7083524edf79bf27021826e6f57041b107709a7b95c765cdaac6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f7b1cb480d12004105570ad80d722fe4

SHA1
7d24abe587bc01cd883cfd534cf0a1f7f47222e2

SHA256
6106bdaccad12d9a2c3648e1c55fd7916182a5df7e0f92aec8c78041625b9a91

SHA512
5398e81536c6aaba909c54d3f73b9cc4a9d4d31b9ecc22c2bd5e2f714c56573cf4118e35c868fff708dd720d4543d0e3590e7fa715414659a73383e53f28b548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
67cca6b950212e17da430923db9b5690

SHA1
25477512ec413ef9fe4091e3fac34c27642cc2bf

SHA256
3474ead1e4545b49d44344cbb4ed60620c108783a9f09550c5e47856734b9399

SHA512
708e3d21473ac0ff71e7b6a49d4f9dece7bfe19274c404a5ee7c7a95d2d515c1e508b05268d2171ff77611330cd600f33ffeca9be2cc29ce896b6a19507e9e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e834cff6135493ef6fb9b3eac472fe9

SHA1
28ef7ec06e6a4851279fee8a38794112efc53a0c

SHA256
1b8ac15fc5cee2f65732e7c5d100df3317b9d477affd77b827fe5144a2f13d58

SHA512
2d9eff4d6912b1bd18b543b83d547ef4f99e822dff43adcaf179728d12630d73397dbcb4b1c85a7bfc0d256eabd892160e7f78f5b10bdbd91f7c808753e16388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
674daf2373a7a8c4649809183f7c3170

SHA1
685da2f11ae19e86ba648377ed148eed9c9f16b1

SHA256
6cad9d9e97165c5e0ec14161ea84f8070de90c286acdb0c3d8076e34b1d96cd4

SHA512
b136a3628e3c4a9990b80fcb82ffcc4c90cd898ae06c3f5d46d6c2f7705c35c23463fa5d18721c8ea88d37348cebb91ee11a429ce51b302e37c3380a539d33f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81cd8056857b8862d9e3985e626f3ab6

SHA1
a990232af9e85ff3373e54ca1c40fb6fa9d14b6e

SHA256
579a4ea4da71c3ccb2dd69ba5820bf5ee02eef3e59a818ada486fb102b7f85a7

SHA512
37f4ea469a8e39d396926b7c25bbcf85c2f6888559ca9cd092e44038c0961fdcd79dd4ae34daddffc2398689b564b800daccd0b0a5f1ba744e9e562b28f6f41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
522d012e18c55ce1b4efef4af0c3abda

SHA1
108bac08a7959bee628992e823446bf3488b23ad

SHA256
dd2035d1218b346e45a3e14bbc9bf6d433130b6f7f8772505bdb90435ffc76b4

SHA512
658aee1e680f1327bf95ea55bc2e91aa3e564ee2b98bec1bd0d4f199b487087749496049e963f622f260424abb3efac023f1a0ea1459f010aa3a621527eb6cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
acbe800191c674f2251ed5290aba47f7

SHA1
8f4b2e668016703e862c80b2fae0084dbf030855

SHA256
c709ad258be171b957de1879fb05d7131a5a01f470ad828b1adb7d8744c3087b

SHA512
e9785a81fa362fcdffd8a98af47a3b613c4cdf929365432b053cc1e5ce9714f41cf047db043d796734e0a23cfc581fe8386ac6eaf39b8b32fb42c96ace01e508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
acf0dece224b21f3f8b06fc74e7ac4c8

SHA1
e0dfa36c3e6613bb5db862b77810d707c729384d

SHA256
eaa69f3790a56db8740c286e9763882462fe444ea8b2280be537a71d791e6ac1

SHA512
f2b9b7c48b49358e4c3bc032fae87a1ded8869b11121b46d4f618bcee7ed7980aaed230c2119de9ee91b3f2c8c72958f9bdd5ab5a64e329e72963fdacbc51459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
706e98bb4d958f4f5edd4376d8db78ee

SHA1
aeb2d59983f37c8ffcd16be129732da43b040cd3

SHA256
87ed80c1f521d09e374827e5a64f511e7922913862a042ab4c542c6e1dccff10

SHA512
890224d715df70581102af4acfbd880e92087bc95240f2a20c9858bae8865730d51c8520c2282277b5ae4af19f2847352434dd11f4dcde95d8483800a8972958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf51e6de3ed2827289bd66ca02886fab

SHA1
c5c96601ca797b2c10b2fbde42e93355af55e582

SHA256
ff0969be3b64b703bc370d1ce02a370150f688f8a599190b393d6ec366891bc0

SHA512
56a3ce3281efb83bb6a25241641a53efc32592aadccdad78bb830559b67484a5179d867744a0b347371090990c553c198d1c248429f201b834f718790b8f3642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
631dfcb45436e03b6f15bbe98378074c

SHA1
b82927998246029d9cf134f59fc869c9acd56ee7

SHA256
fcdb3b8c971446b071a23e8316164eb5a3b69dd890a4e346f1c2a07670ae2608

SHA512
821307cd8f9ad464c2b8c7a6c978981d14d89797ce5f74de07eeb86670cc6f4251ff8d16e070b4cf6b2e1e4cbcc2b59cfab2db23ecb1850245d379216440befe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6ee64a5c1520954dc731ede3c42a1f5

SHA1
911b4eb6b0410492b2f2d736aedddb7a07120694

SHA256
2ce2b2b5295815c938a18254642d1ae3c3aaf5898260911136ad92db5d973f5e

SHA512
46016d2ccfa4d09a1819b113dc969d2e10a71800d0f83405cb3ef5271f1fe8459b9ac3eac0aa2707ece1ae8e9aaa1d0cbd678b36c2b49a6a0c46e71c4fb679a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b7456ff49b172642b1c54cedc1832563

SHA1
d427334585a4f9626ef9a1d9702931e08f2778dd

SHA256
853486fee3b2076318aff778a6275ee81238881f56a4bd79126b6cd02adc360b

SHA512
3e580a8901f5de6e862a27ccf9e87ffe91d284aadf5fb3c6c8754a765c2344ec6d99f8bd524e175fb17d68b836a1c57afa6e30f516f7428545809896f27a2ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3ec8f9a748e365af1ae0ce76ff4fd6fa

SHA1
9fb2ce48854d0a6a79480b05e25a04fee5d72efe

SHA256
ace372a98568c4924b0b846ca78d4a85746a2cda487abb3668a710c530388520

SHA512
622bbc0bcb1588117085d0bcd2da6683099d0433d2fdd19e16a7b0eb9a75755655be66742d18bca9d25a3a6a49605505b74547b57debd174d3485275b406e1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d6e4c89280f20e5d59502ee97c243fd3

SHA1
aae1d0fcf6c0f4168fc2bc27029bc0908cf32525

SHA256
c6aabe29f1d95b99b3ae5660dc59faac0d92d62c35cf46b49c53a0242293eb84

SHA512
651a63ad21c8d4413c55031b07cd2c0079fde3e9148268722aa2218ed617dadfc5c10304dd454f150bdc9b539a406a0c6ab5b5c87cd5264d75e33a2fbae7976f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c06754f99e2156078f3328e8e99ee6bf

SHA1
3e55c57ec1858e172e7dc3a7192c5ccca5abab43

SHA256
3314404f2cc8b281db9fe59ea142d7240c878bb3e7f6d32928c1c4abb54f175b

SHA512
927c3d938dd07a01efb2892805403d56a16467eba38c64f6198d79396a740304f9e8449fd2f22727ac3b17c547e8751b4b07fb304c37ed47e35a9f02bbf8ec27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
349c67535a6da2ee53afc1956cac6e8b

SHA1
3631904217d301dd6b632de37f3259999a873a1a

SHA256
c0f9d844b61cd110c981a18a7fc98f50f0e25f33add1f1fcf5487b54f0551fe9

SHA512
a825ab70dcde6c06bc7491f87367580993cba1cc835a6ecdf4b34c9520f2a75bb53c4b3aee28b18f9e6dcf4c66520199bc62c2a8e463388e7c5b5d92435dc1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
187aac2f360daf55bc1927e080c949fc

SHA1
601130da0a083ed20fb0fb22c18ea5649541743f

SHA256
ac718be5abcf9c9e9d64e7aef9a846c61c4fe09822e2f3f90a64728693325c37

SHA512
a006608c44f3f0540226df96f802173ecf99647f59adad79ee107fd65760e27e4beb941c3be25f00f1e97bffdb9d311d58c28ce33ceb101b60776d8b8b8f9d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e7927b8156248458718f1a2a869e2140

SHA1
44b7529836cd55a2a8e53690853d71ce199d1ab3

SHA256
9e06ea7db6bbcd302cbbeaadb4fa778a413ef9445cdc701bf4ffadb6e5e4b7e0

SHA512
e4637d25f7413eb97778b5569d249cd1413b4156cb71db0ed219b65333c4651c7ecf10b3a1c63be1eba575cc61fa30eee54a6f39cf95136c9cf19cc31b133454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
901822c04214982cb6f6638052b8b251

SHA1
22b1a10e6fc7874e5212f5a369d33c6c813e8c32

SHA256
66ba997723a64374c0dc7ccac2910010aa9c77b53d9654d13f1010711e16bfbe

SHA512
2408a7eefb0e43957c04a5cb12ea6e0d7b94057bbf30bf0330a179e0e51ba9241bce6e7918423352bb2dcf89a9fa10aa9d4e11d97f351ff0efde3819f88839f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5419afc69ea327889bb42b66a611941

SHA1
9192e4858a7d93f2b3cbe8c2902e4095b10a68d3

SHA256
7609db9f00cf0139ddf30c0cc65accdeddf6c78cbac5d670b6bcd47e3efa84dd

SHA512
794d2974c76cd1f956453c40f6b0c13854df30b63c3544d7b8d74f00b02517ba14966c702a163186a7f12d3a5a7bec4b73d77fe1425263911495e927b1515971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aceb5e0c7d81d435ade96898ac9dd080

SHA1
9c6523b5242b4c361866c85f677385d7c841f2a1

SHA256
6c2e7314553df0b375c5f73b7877a6bda276d64dc55163f824742e078a2e4ec3

SHA512
0fa8584badfaa228ce9831ee3a02f04c683bc1112108793d451685aba213d387e748ce954cf1f1eed29132dd8ec594f27914dc38009e5bffa6471cea7f5821ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a113e1658a1b8b8737db73d169cd7e5e

SHA1
ef864014ef67adaf9f0a5688cef77a96c32381da

SHA256
85726970c43585a4bdb4356ed8f7fa619cfaf8855a602b6ae5d5e321fd18b408

SHA512
a8ac6d02ee357cf2bdb28e793d58c44a8b26b46e91474c03bedfc014bc403dce2d839ad9c6a320ab6c970d818ea2214a97c2f1c92b296d987e6e74329767279e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
edb23ac82edc0c8f9e9cc2c3697d2ebd

SHA1
ada75571cf644d45fdf3fdd85818c7d5258d2dc7

SHA256
545aa9ec7f28dff82ecd3fdd9897e7ff0d8f7dc0aef38352b3422498ad35d524

SHA512
696e28cca66847bc836fcc0b9411fe28136d207e7c9af838a2ef7d7fbe567f908e284bed9c7be7cd0d467b18f6f5be91887da297a9dc368f248b72c228181ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
06cd36d731d029ee5ed67d23d5e3711b

SHA1
36eae91c305bcc92df52c6aa4cc3d475f8eb2089

SHA256
d9b95c268607f72408fe09a85636ec47544b74e253572ce00b44483ed8de3ead

SHA512
6e3586f45a9a49d9199fb1a9b0f8889eba5fabbe59b8b329b05b0cdf8476d1eb87e5503d2f33f199130d88bab56a10eabc60e12810fdb265bf0f56eda4768e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
740e0cd6fa36622cdc3b0bbdee6da596

SHA1
a2786db3dc8960ea2281c03d6d72fa161ab24916

SHA256
c4ff2bd4cb2988a280c407df39a248c190a29e00a6082a7ccec98cf9f749a87f

SHA512
cac001c7757f103ed04112e2e0e850c74c17ce3a4b36d70b90dc734272e57b20bf65f448ddafad8aca00de5fc882db5bbc6b41a670716a6b026ccedd0c07884b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
339c27bf5f530856d1adc3907eb776b6

SHA1
a980212f3419cf305c8f3c77894f714d11a92b9b

SHA256
8c5515e3bea35febcb426ef160ab0a82325756ff010b8ac3abc9dec7017cbe6b

SHA512
6ba957863697705e3e39187400c0a97b439600cf89add22a5dd60d0a953b35ba864db41fb2967a0fe94fe93c50d5c1ef7b5a6a151c0a6c01b992fbdf055fda44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
038401a52103423f10e628747291c497

SHA1
ff181293d24d61ca3a93cf455554e8116726cdbc

SHA256
a1fbf76225bfbe4a0f429f000e6c95361bb3907c4e157980dea77cb95be5356d

SHA512
0cef5a8c0c9bb7182f5540a571cf1c59b54dbbfd2938cf4ba4ca6c9a112246cfdec1cece78cd28968f931d910c74be758b62bb205e27822c35c8aa9b87380226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78cd2f0fbb1fb11ca553f9fa34815f2c

SHA1
e6dd298b1abd1791e873e7f55e514916c17e63f7

SHA256
05a48d4d09ebc37e20273f03efb0a045fc136f468b496c545f03c0b1bb82a82d

SHA512
bc18530950ca0929e0c4c2b23e84fcbcd793ae4ca46bbe451f2d8266c875c8727b03b38e4d0f877d99f4e3b5b05ec6f547bd65fb4191302d9ef85a657c3c4aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
20a6d3bf7cd595f7f7bbb36229c10476

SHA1
f9dc14a5d7faa75429e397f283ea0df8add78929

SHA256
057d08a360608ed4b90e69abfb342d65ebfbed393d624ece4ee99c88d4a8570e

SHA512
483dc3e3e6775a153d3c4873953ba77b68d1af6852eb7cc0443406973d248fab98581818e32f45953c1d4e3edc063c7990367dc61baf90d2ff5ba4a89ade06d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7248b6db2bd1e147c1d74a00b06f3433

SHA1
9c33a061b6808a975ec48010a648d2b18f8dec85

SHA256
466a01e39621e0fddf720d59789f58f43c92f84ff33208d2082674314eea334d

SHA512
8a5126a5d541d8a03b70877f838875ce7f9777ccdb604a80360a6cc3382039422a217a114cda48f27d4bba7e983f29e183ae10b7d1349197f5cf5d2b0d0434f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
528120c6ab5a8343a1a3b80b3ac012cb

SHA1
92b99682ed1ac67e5e5cc17e535c21b5e6d7082c

SHA256
b928a12ec44cba9f92ab8bcaf9b6d6a89feeac9f786b5ed6f373fd91b027e307

SHA512
6b1cc98ee6dcdaed9f356fc6310049bf37881c68d7b379c6d2d6377e19d41e438aafa28d62f7d8c255d13054f268f3c22d558a7acec7f70c69f9c797b2fe808b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
930d65b72fb06dc86c4ac43c7896c5b4

SHA1
af7aeeb502b89be8bf6c1bc372148538134556d6

SHA256
16aeb07011f5db4b4c392fc4b54a88177fec3ae0dc8489fb1d308ad0b186d5da

SHA512
f6f8f5321af0ae1b5f15aed23723f3fab0258bb4812efb4ab2d2bbbceb3a3622f3111cf9ba4c39b4054c3a0a33b6db5feb9d3d1124fa3803f64e8132ba37c923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d062b63b1dec32a7de3475a51a1b54d5

SHA1
2dafbe79e651a2c4e3b17cb113a1eeb607cf5401

SHA256
1c5bb56be6ec46d976b778b5ebb5e2103f0a8d479d2c37ef4469d66bed9c0250

SHA512
f16411fccc6c7f56025918474f5303c95faee99d8533974181349c2cf331ce74b1921793e5c79431bec3e1a7d3502e55d4865d9aa707f81e5803e59b077ac00f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ad05f26af8961ea1c3aff0efd06431e

SHA1
21628189c0dd07dce7ec0cde9afbf0ce4a58622d

SHA256
8f30f809e34984d822ff54d7500a7a2cc415cfb13993d47c4fd179b4c1ed0ab9

SHA512
4a629dcb89a1a3991425d68c3217d5ed18de86525be32f1e3002f0d55cdf513178627da4b3fc80abc711d3d9124ed2ce448e5571acd5f17ae0c328103b5bdbc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c8f1022d143643d7a04cb6b0ba16795

SHA1
7d44945a92d868f7f3857bf87277d297270a902b

SHA256
8fa2cff214dd97e7dd9e0599b2c90382c1f6d0dce8dfe64c905a59597ed04740

SHA512
34a0f4c2a4b02eec8fe2c41b7ff33863af7d405d5c9f2f112e76a394d347f1bd99b09e76293025b21dfe9032757d81a304491ae019145896215106bc1c93bb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
78f735adc59c5d0e2da4ba4ee4009c11

SHA1
cc50ae8d24304ae4d416c39c08d16593d7cc0992

SHA256
38934498d5726af1599ca5651b2ccfaa91a2d7ae2f16f14fd007b6b1b9459658

SHA512
daf7f5be47270d222a018750d47761922c6a1a8bc5afd13bec3acbf94f02fde0912774b8d4e2ba119c24ed7c0383deb7f7a72457f774ed168e9053cf79703552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18a3c6d467ead8c99d56f7bc5d7ac221

SHA1
cc10c788ac9a07871dab7b1ea211ba34afa0e03a

SHA256
3a8531bd68e23fc987e2bb6ffa984dd965556ffa91a3fc43416a1757850f26b3

SHA512
7b27656b966cceda73a139b29519c114ee7c41622b8a91b051814ead795c7a36fc906dd20e3c964bce24c6f1fe250f6821f778268bb45c965b6ed2c0098ea7b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e3eecfbde5406fce761ffd5f5f5fb55

SHA1
60c331f9a0ff7493ca35a2a71605da5018553756

SHA256
6f308c7bedb2705dba3f75d4b5dd182881ecf2b3c0db3c3214cb69ffcb746335

SHA512
10f130d3dfd6e14164160a0ff3adc164a5481aba86923c50f004c4c79d3f00881c1a1075ea4568bda73d97e750f96232ea0537b293fa54950639e20b484faa0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
31aa34489d7e0c64d4cdfda16707e03a

SHA1
9172d4fb6382b2e47dccc3bd2ef117e35b748ff6

SHA256
a430b0a99da71ef257d8fa493509bc47a4acaa350a2bf6e7e86291854c3aab61

SHA512
15097c6c36cb46fabf65b8047962f076442be80d2fbfa4611d93f99f368c71388738f9b1c8f78ded925ef825e5fd57c9cdc0d942cf8a01b0463b1cb34caef981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dac0379125e5668390b1fab8d9d35327

SHA1
3003b18754a57ade0a30cefce76903257715e2f5

SHA256
4166fb775ef8399cf98363ebe8652d116a7eb4f793775b9875add289429b5651

SHA512
adf25087d8b96313224367379c2ebaebfdc0b601ac0e29e31989e66b357c2e6e01171d1d1aefe6618c977069d648d0b0faaf35f6b428025082a5180503cc41eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ab528d97db0b578b8d3badd006ece57a

SHA1
946f2e7435cc3267790b2779f9d69dbbe2625774

SHA256
822c0418631cb0dd7a5957f6f692c9ba818a7adc0f34f86c81e673f6ef52b629

SHA512
3aee35619c07bca4100134b75345e17da97b292a2a8dc6e5e232a8e4c0595a2a79dcf0c194d96da3048a18a3d8c58440200c0e2fcb87d7956fef46bbb95450a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6e2e9e0cde50e740e57cc553451c422b

SHA1
f8d2e6b232d152b3ca3ebf05fbf498ac14cfc6ec

SHA256
f207549f815c989cd2704b5840b8301aaf2c6343e8da745fd702358344fb0fad

SHA512
1d504abbd2e9c5cd6e3a16f1aa994593a52b402dbaf7f2888f7dbce3da7ecc624b92e75b3d97190c81418ff44955eef9ce5a835c6426f70e7cb0eb80d1dd0e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6b4e256d5188aae53108ac68c43dcf79

SHA1
44788b8fdfc08cabca4c4d652d558919907a71ca

SHA256
94e43d8875adfaca1564c7fd1fe2fa63f3eba80769ad99992662d3caa1017064

SHA512
c365fdfdf551dceea7e14ef1d0d4713383135a6ecc7c454f4519c4f6795c3fdbf5f760860a6071e6581464fbf95ee96dddd2dbcb971a21aad6cf94eba70c0656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6daa165ada9a402bd67da7fb9ad2ac56

SHA1
a28a5bb521b820eae9eba7e4bffeccfc4871c975

SHA256
32e7c71a8a83644210f4b13f5ffe17d20ae45f13c9aeacdfbb6579f783edb7f7

SHA512
9a0bf03be4d8e060d6fe851e9a866740c6c127afd401e7d9152b66b6a77e5e87e743389aac3b389e0f57842afdadd2a8e55846294b04fe0b38d6bc261a9ba921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4dbbe3f712268de471c38a6b9731a5ef

SHA1
cbe0f74565f38c98cae438d105df7ae2ef4153c6

SHA256
eefe4814e1f90f3b3ce80c87ee5b132494aafd6db4123032daa97f93028eaab4

SHA512
844165b1408bd801472791ac6139a21e7723f88215f835a545df9b9e4c4153b2525df2e277e09deaa1f25b303603d3a2125c63a2413ce2ebc1e1cc28bc7aa6bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
25e1d90ef63f8a820eecf4df72cc627f

SHA1
21cae786d27d55648a63cba1ee0d18b0f7649b51

SHA256
cd7dbd48434fbe7554c3f833a42d2bae6b502f6b8f08f15cae03a67c0b7df5b8

SHA512
a9289809e12b13e4c2b3a496c4ef956d84e8a86ad612e134a330c6414c3aceb290ded38d78c5baf0bdcbc9809c9fcfa75fae0dff01a62ef3d518ec9118ff6b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d480c4b2-98f5-4171-bd2e-871b3b2f1dba.tmp

Filesize
9KB

MD5
a885ef7278651ee6c142896fbe397415

SHA1
0445bb54143dc5ffd3dc3e3f95241317d2b3603e

SHA256
6f49e7a361b0cabf047eae3be74d4ba19f2c75776ac7540803b3e9fe0280f0cd

SHA512
2ff996a331a76375a2f86058e92b047441586e5b5dd0c28e9268f38f08e8856e251ea101a875e9a59c073a29a18f0e0b754367796307040b3795ad67261e879a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8d88ba4dab4cb385cc9a4a3b33f41c98

SHA1
ac8fe08f0315db8f78378ffcc148354a9edac640

SHA256
5e72093e5eae19fc0e082c7a800ed3527d891268f2d638e720fb45f176fb2697

SHA512
33437931828469e48332313f618cf694f3afe65ef4466d7e9e1bf839619ce78bb207e3cdd4424b582ebcebdac8322efb6c1f92b7ac43821c7cebe5057fc3d7f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0be25e6715a1bc605ea317f120a2dc08

SHA1
64fb3f1e550b104e65a46a59f6262018bb31b8ca

SHA256
5eaec661eecb8ae54e9966b8c4a9434a20f59b5c5949933830acf59452bf770a

SHA512
450358ca1dbf316a85bd14e85a8748ee90fbd0ae72fae75e533755ac1bd11760bcfcd3fd3f19eb0713c1f740e304649323d141820747feb5670da539ca03abb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ed9d0bfa433b9f9ebe343d1e99b53a72

SHA1
001b76c5b2f9e553eb9b1ab77c88a11bb0b78621

SHA256
a6b5c345e48e91585fe669a6b3f5efa4756dd8cd755db04d2efa2f74e3446332

SHA512
f3f90e3f22ef6e6c3a0c405cdd5393d12f78f1073dc5288c7590ea95c51bc42a83ad6d1e06b9aee367a6743cdb9be467b3e3a6786f32628b7ed4480b0ee3b1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c2ab37a8374791622ab4bf738eac1aa5

SHA1
71b8792b28ef2ec8130254370b0d8fd5263d49b4

SHA256
6336ceb85462cd5454016b11fe4a18a2d9de20da044d1fa438f96efcaef77b56

SHA512
fdb2959cccdc0c9827ef26d274b0cb098b59076e194c9473ec95f532cfbaffb0204629704921c1cc87d6ef4fe27ec338e91c63960544c3516b748ee5c1f6c923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
39023d3f5aea279703ff633338f2a95a

SHA1
ad3db13824957ce05858006598b9157b42da11e2

SHA256
666128a6addd0e02e96d35c46e1e761f00a44d4474f878676832f66c3c12b4e1

SHA512
98998e8b9b17bf787902631ae1ac8c5af8676019994143bef49a1a656d565bf4b359d1b73fdd4ef2ecd231ac7fec6b0a9cdcb374c5f34bbd128d7677d327e4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
48c73aa5518ffb8aa0ace049a6d7e4cb

SHA1
a273850e7e9f8b5e4ccaf340d8b12e2ab5568906

SHA256
852e205e51ab108931053d22bf857da20a25023161cac80480e60db912c51f7f

SHA512
7090a222fc276cb7efd37d8b14d2ee9712825f2526b356ac72fe60b893c1e7fb7b2488e90920be84a302bccedc79a3a7fce20a462ec45680be69607f236ac98a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
09857e71a9452e1e34728e9ff1ff5c23

SHA1
41b4c60e316c9165f7d61d9145e59daf3be5964e

SHA256
f0ff65c3bac584f898563c5c495d994198eed8f677e355d328d91db00e0f0a1f

SHA512
6253a18cec1807b0da6b2c9ddd1935796bc741cf22e7c77accc233967012bebc8449665e3b21436fb3711360c8cf39ae745da6e71b2d6acb14a27ceeacdecbe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db

Filesize
48KB

MD5
5a1706ef2fb06594e5ec3a3f15fb89e2

SHA1
983042bba239018b3dced4b56491a90d38ba084a

SHA256
87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

SHA512
c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf2c5845df09988478f7cda01d372293

SHA1
68910cd34075e7865fa57a9b7beaf6545eca4838

SHA256
24620897da7f191916c0121b59bdd3fbceda6a73a7842a2b223bc071037e7aef

SHA512
cb49d1520d2400a5428e1b9ad064dfd3df97a56701165fff1040422a65eb2e188d90e9000075566d8fdc24b3f141f54549b79df1602b5134c1cadf984cbf1f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3cf2d511fedb564afe075a6a36eee6a7

SHA1
68d8eee4a69e51b1f7268e4ae4235fc84fafa410

SHA256
2445f500cdf98a2094958a7e8350ed7bc60df9d10e811137f2149d6bacdabc2a

SHA512
d219a1e82199389d75e8a6359835e89d357c54445cff7c29b73af3373ebb4c1f96438b4b18c58ae2caad4045c3e773fd34b6f0bce93fc9efe684d642a6d7ac81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccd6b66db821fa2ba3e39d84db52004c

SHA1
821fd7c57909aa786c6b8f0dcc71f407b4ab52b1

SHA256
f09877749902a7d1eb9ff20e977d56060e49e8138487ac1d0c295468503a7077

SHA512
d9cfab55a197874a0f4dece873fe47df2c182d9190a5e80ae0b766a708d07914de97d0c1ee9f7865317734206dd5921fe715432d5c3cd4dd6fe8b0d523a633d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
137524e81b78ce0fd4cdbcad9a7eb25c

SHA1
ea7199cdb82364769e53a529320e9c69e6b89f31

SHA256
84d8f79d6e194fc2c4c84ea384c9b697c3de9f962c89f73bb26c4d283be6ed3e

SHA512
36c9176ca62c94dd842014b60b6f3d7afc152b465bb0a8db2534b01c9439a62a033af8c6f87360b6b87c3c58c5ee5dc8da49a4a2a4c0a825cfefe8a2a2d2a05a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a169c95b1c82a110257abfd99788cbb2

SHA1
7e73bb75360298c674850db91790ab298d5e4951

SHA256
6a02a9c87fadbb7d82455f4efe39bd26d7b1d877d96da5d75f55f009cabe7a3e

SHA512
29597818cedfaa636fc06c902a0519de8b6b098037a2273542ca1f5c1c05270fc8bb6f5c410a8efcb2dc24cd8246f765fc4bac652eccf71fb36a89dc1112bdd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86860971d1d9874b4c31d0d9f6a9abaa

SHA1
d43ad2e3979bb951c0c1b6b3593c51ba766e938a

SHA256
6ab0c5998bd8bb2fc3974e5485ab0d25b86bf3acccf841f62da796e6c4f65e2c

SHA512
d9843760849fbabfd81d02c386d922c0c48f02da59580e37f18610db4057bd07e87a723845a5e6d44209da5fc34fdfce0d881bfd7c1b4e43c2a132caabc561cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\0yxhy4vy\0yxhy4vy.0.vb

Filesize
78KB

MD5
c5aa7aa730bab654a705a3754be42f91

SHA1
3e9ce53aac73ece1147636e2b095d0ebbb5f172d

SHA256
42743cae60f25be9c7f509d6b47379824b38e17d48da5f9a7b4f7fe55d152850

SHA512
704cecc7a2d25eb43d2e89156a44021eef9c5605ada7e6d33f64d78c0faf5beb5ac1251e324ce9454e6dee78deae6b523e24b8f54d3c67eef52770d06617c960

Download Submit
C:\Users\Admin\AppData\Local\Temp\0yxhy4vy\0yxhy4vy.cmdline

Filesize
328B

MD5
46fbbcac80d4adcd1cb3158bb47dc93e

SHA1
833fea81d018069d32e56878ba6f43d785383287

SHA256
100b4db338acc3f517aecd479af5e3652ef836210d33a7f13f39cf402e6f4f7f

SHA512
05c2c4364d6dffb31a18bd6a805ecf63265881f68e1e58e870a51283ed50aaaae0a88d07dfc7ec6efedf451fca6e63e37933aa7a9d298b3a3897c0f9e6fd3606

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES3BD6.tmp

Filesize
1KB

MD5
8fe8a7586b494d5a9cf80b5a32f8ac99

SHA1
2e8f4e68c4ba274cd68659d04fc1c9352340595e

SHA256
49edccd03b48e7ff0bcd36d6cb7c8dbc524e22085d6f89471c307cbcc16b3140

SHA512
2ca78b5966557c085cd19d72ee6661ee790dc8aad7d96fb29e5b1d622512c205bf60ebc7f7454f56859221b6502118620da7e5f54ddea79d80b27d00e2f5c0b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES80FE.tmp

Filesize
1KB

MD5
c61054af1ec68a64583c1ef12430fecd

SHA1
06ec248769dcc1293076abc3f66d48cc8bce41e7

SHA256
ccf4583c4bb840f38ec6065302b8a8739f659184194bd48502865acf75999a28

SHA512
84baf35ce9357d70980d838ca4f3dd67702d62862ff3c516de6b155eb678acdb2dedd32ab3fa7aa26da0bafafa28c25e18812843512356acfb794d8d2f1f9726

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESA1F3.tmp

Filesize
1KB

MD5
94461e42b3ae7220c2122ef00577b788

SHA1
f43f396f0b58315e259b1cac3361a7d75b8ef039

SHA256
7469613bed86497a70c972864c25c0950f3fd6fd4008aeeb4953374c6bd0752b

SHA512
20747070e3628726713bda0980074c9ea35db77cd682dd073338d5479f6059e3dabd73de53eeb90f757048e118af2d3bd60d0e234f2c6c9b394f7448571f4709

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sgdyls0b.t05.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\jixvwez1\jixvwez1.0.vb

Filesize
78KB

MD5
efaa2dda774428609443b7d9a7575d87

SHA1
4417016fca532b6d9f06d61ac9a995cd8955e81d

SHA256
a259a3d0fcaca4f20c74d6f2dca8620bc44b99ed6f558b823672ea8b0a1b795e

SHA512
c0a850a069bda3cf81cf9b5e38708b41cf8efbb3aaa6439ece042c1e896e9b7ee36154e2e6bd346726e663b3e7e424b8a66d8d94bfa7d61a311f9cbc1282cdc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\jixvwez1\jixvwez1.cmdline

Filesize
292B

MD5
a31e3b9663cef0f427ac09386a9d1718

SHA1
bffe358e287694941a05f28d8a8f7acbb9b121fa

SHA256
09ca40b4eab8137cd3f5eb3f9ae3f2c19cb5b8aa895bd1a04aa144c26e2175db

SHA512
d547a81368e04004e0c6fb724c5a6191e3339a4a9b8423e4c98f156195fa97d671caad7f0e21f3b9c53e4e92bd75f9e1b74ebb8d74240650b2e37ff631b1a217

Download Submit
C:\Users\Admin\AppData\Local\Temp\n3xokobg\n3xokobg.0.vb

Filesize
78KB

MD5
df7d694a24b600babd43c9ef90b60b74

SHA1
a169f79f11addd6744c0f97ba80d9547a261f405

SHA256
0ada41f44e15921c25c0606ca597d6b3e0979f642216b4519bd464c216490159

SHA512
296b6ca77ba84d66763662247cb8ebe2da5bb288ec73abbf0efd546a2a393edf110b8e2796a93519c4f96f8b38b5c8244a86efa464d9d535d9c4e17d6737764b

Download Submit
C:\Users\Admin\AppData\Local\Temp\n3xokobg\n3xokobg.cmdline

Filesize
325B

MD5
c00e697404bc83169f26d665fd24ebbb

SHA1
48cffeec84f558625ce30b5d1b01df5455ac96d2

SHA256
de1fdab4e0d50a2d6e6332690ba4615032eabecf1ead7df4f270a4d433a57e6a

SHA512
4c2fc2f094094d437b8bfab3d55a6f72b5fae794599695806ad330afe1d1494ab0311d33c3278432d770de05cbcb3a0c2e3b0f28a6c9ecc0d6309ec27726100d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp77B2.tmp

Filesize
100KB

MD5
1b942faa8e8b1008a8c3c1004ba57349

SHA1
cd99977f6c1819b12b33240b784ca816dfe2cb91

SHA256
555ccb7ecd9ae52a75135fdd81ab443a49d5785b0621ed6468d28c4234e46ccc

SHA512
5aee3d59478d41ddd5885c99b394c9c4983064e2b3528db1a3f7fc289662bced4f57d072517bbe7573c6d1789435e987ef1aa9cc91f372bcfd30bc016675fa43

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpFC50.tmp.dat

Filesize
114KB

MD5
d121697056b4bc0fd56915b9fd671f66

SHA1
2fe939d17a2a6f7cf38244b3dc51a7364e246772

SHA256
14dc84db575efbc168ee11dada19fff37fb84494538ead66a9b529075ca2cdb8

SHA512
2ccc488e9d0bb1971f3c3f907efeb0e40746907cc2948ce9a8578fdb913d761a83eba07b78bdfca672eb51d12fea3828cca319f66bf7c9a3cbd87bd0346085f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcA00965E6C1457786ADF31DA841C618.TMP

Filesize
1KB

MD5
d40c58bd46211e4ffcbfbdfac7c2bb69

SHA1
c5cf88224acc284a4e81bd612369f0e39f3ac604

SHA256
01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

SHA512
48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcBF8F5560FAE24908A882E6732A3B4C42.TMP

Filesize
1KB

MD5
a6d2a9d834a45033e7cb5e619d0f1ef5

SHA1
014518abe3e301f4b43a9fd1444f72a7dc1ad787

SHA256
51fe666a424818b4f1b53a39c5faf05541b150e528ef0bb8395d75bab89a79ac

SHA512
d1447cbfc9491af82d7a7e2d907f2cb60920aba0cdcb0fbb73f1a8e06a01ced71694982f75dbbb70b10361c747a756a885b29e078be6fc0496051fdb2f8f71ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Password Manager.lnk

Filesize
2KB

MD5
f64a0fa77b6a424ea69c11b5b1d88094

SHA1
76cf21471614e1fa69f7a53fe38ea7bd7686f4ca

SHA256
ba52a8b539a1e036d585c572d5702c0c0a660f0bda36356857a3999c4aaa9b0b

SHA512
9c94081c200eb92d6f355417b5f80293814599edb0d3dd011df1419ba8a423bbb9d1c548c51dfdd59faf18d5f177f0ad4c2f3ddf2dff67c120f7a70c4f31178d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\XClient.exe

Filesize
32KB

MD5
40be8ad03674098e51a588c1c1904553

SHA1
8fccc7064203a9c58db21f44c0f9f92582e39421

SHA256
f7dc491c3f0a1e5da02503795074e1bbefc34a1e04f612ed588a6ae11fbabdd9

SHA512
8187b7fb86bbf419c0d37e51b719459f310ff8e8285f02ad941ce43080e8195ea12beb541701a5272b6836ac50eedb0fdcc93f5bd17bcd58a54a24fe6a9a487b

Download Submit
C:\Users\Admin\Downloads\XClient.exe

Filesize
61KB

MD5
607a07afba5db63fd847515978162f01

SHA1
5677ba302d28bb787b6e70a5bea8524b16a068fc

SHA256
9de2abc026acc8fcb494657688d42c37b6a9662637441e1a44bff233eff3efed

SHA512
cd951345ccf2b9f3ba61c7cb08adc918adf43e2c74a43cdf2bbfab609b944b4e20ee3d26c498753b9451da8b891b788f371c39113e3f224416fe7cc97ac6525b

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main.zip.crdownload

Filesize
25.1MB

MD5
95c1c4a3673071e05814af8b2a138be4

SHA1
4c08b79195e0ff13b63cfb0e815a09dc426ac340

SHA256
7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27

SHA512
339a47ecfc6d403beb55d51128164a520c4bea63733be3cfd47aec47953fbf2792aa4e150f4122994a7620122b0e0fc20c1eeb2f9697cf5578df08426820fecd

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\XClient.exe

Filesize
32KB

MD5
f8af1aa6e26296506e2d2cf955663628

SHA1
7288f7b27b990873943182f12dcd94540ff37cb0

SHA256
2a0d984981a20c38505dcdceaf8a5ad1ad621eb75e1f30545f952eb0176f412a

SHA512
4ba2e1b11858006be2f4614352065e5c3b1105989c60aed0027c99b3a78c5cd29c14fd2bc4d9992a3c9418fc5ab5bdab344712169c995b290e511c02f67b0fd3

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\XClient.exe

Filesize
57KB

MD5
17bab32e358675660b95c49f5a925cb7

SHA1
72311e25dd213c8f8b6683a5a2d0cf4683b2c4f7

SHA256
9d333b67d2e51e67dbdc8821ad55c30a5f974cb05b16b052a0ed38e16a0b6569

SHA512
751e3264e6c62900ad188dc6ff419fbc8175fa65d968e5d2bbb5a2c5c1e41ce160cd9a4a9172318f63d5611ab4905dd35c0af4e158e2a5354d4ccec0b3e308b6

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\cqcq.exe

Filesize
32KB

MD5
532fe2537c905f2b5a320035e048df0a

SHA1
7110e5aa69387bfeebeb74590056436549da6f61

SHA256
db808957858c4224bad2077105b665448ed2b4d65662fbe57d509ca9f05baa22

SHA512
ddd570d707bacb60a7ed35f3315ef7ad13b589a66969c439eba193bb0ca9ddb53d73b92f08d6d0531d9127c4cdd9e9d4b4ebb793994e6c57698b393e6b80393d

Download Submit
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\cqcq.exe

Filesize
331KB

MD5
6523b4987501862157522296b0c59fdd

SHA1
658795be3dc1dd165a800a921fe6217746c1cb83

SHA256
69266563a6f601da80549bd7e1d0bebf81eb4e9f8c458f50343b57ccd9c5ca0c

SHA512
1a39f562c439665387648ac17101bbe5d950ead8c7d148444e817c4bb9ebe6a5c9401d67545ee53d1949e2dadc7de36d33e2379ddcfc8966b38ac1e46a358d04

Download Submit
C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC

Filesize
16B

MD5
3df3721021dea8f5f826e23a43a8601b

SHA1
09eabe196e4d7c376b444d4f50bdd751fbd898ce

SHA256
a189d413dddaa0a36e42ae92dbd82d8ae39351466b3749eef23c31a0c167cc03

SHA512
80f5fa2f54014a7cb59e9b74153073403d13a03dacdd95e8ffde622ce9ddc34ca87301d3311b9ec9b5022e38801c601e0d192b737352e0e8a2454d6845ad202e

Download Submit
\??\pipe\crashpad_1144_DTADOFCDDNPCPYVF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3500-414-0x000000001C140000-0x000000001C17A000-memory.dmp

Filesize
232KB

Download
memory/3500-2266-0x000000001DD50000-0x000000001DE70000-memory.dmp

Filesize
1.1MB

Download
memory/3500-2255-0x000000001D790000-0x000000001D7E0000-memory.dmp

Filesize
320KB

Download
memory/3500-2254-0x000000001C520000-0x000000001C52E000-memory.dmp

Filesize
56KB

Download
memory/3500-372-0x0000000000F50000-0x0000000000F66000-memory.dmp

Filesize
88KB

Download
memory/3500-2302-0x000000001D7E0000-0x000000001D802000-memory.dmp

Filesize
136KB

Download
memory/3500-1374-0x00000000030B0000-0x00000000030BA000-memory.dmp

Filesize
40KB

Download
memory/3500-2444-0x000000001C640000-0x000000001C64C000-memory.dmp

Filesize
48KB

Download
memory/3500-1913-0x000000001C210000-0x000000001C21E000-memory.dmp

Filesize
56KB

Download
memory/3500-429-0x00000000030A0000-0x00000000030B6000-memory.dmp

Filesize
88KB

Download
memory/3520-382-0x000002D3FF490000-0x000002D3FF512000-memory.dmp

Filesize
520KB

Download
memory/3520-383-0x000002D3E6950000-0x000002D3E697C000-memory.dmp

Filesize
176KB

Download
memory/3520-279-0x000002D3FF7B0000-0x000002D3FF918000-memory.dmp

Filesize
1.4MB

Download
memory/3520-385-0x000002D3FF520000-0x000002D3FF5D2000-memory.dmp

Filesize
712KB

Download
memory/3520-384-0x000002D4006F0000-0x000002D4009D2000-memory.dmp

Filesize
2.9MB

Download
memory/3520-227-0x00007FFDB69F3000-0x00007FFDB69F5000-memory.dmp

Filesize
8KB

Download
memory/3520-244-0x000002D3FF620000-0x000002D3FF7AC000-memory.dmp

Filesize
1.5MB

Download
memory/3520-228-0x000002D3E3CC0000-0x000002D3E4BA8000-memory.dmp

Filesize
14.9MB

Download
memory/3520-232-0x00007FFDB69F3000-0x00007FFDB69F5000-memory.dmp

Filesize
8KB

Download
memory/3520-229-0x00007FFDB69F0000-0x00007FFDB74B1000-memory.dmp

Filesize
10.8MB

Download
memory/3520-230-0x000002D3FFDF0000-0x000002D3FFEF2000-memory.dmp

Filesize
1.0MB

Download
memory/3520-233-0x00007FFDB69F0000-0x00007FFDB74B1000-memory.dmp

Filesize
10.8MB

Download
memory/3520-231-0x000002D400200000-0x000002D4003F4000-memory.dmp

Filesize
2.0MB

Download
memory/4116-433-0x0000000005D20000-0x00000000062C4000-memory.dmp

Filesize
5.6MB

Download
memory/4116-431-0x0000000005630000-0x00000000056C2000-memory.dmp

Filesize
584KB

Download
memory/4116-963-0x0000000007800000-0x0000000007812000-memory.dmp

Filesize
72KB

Download
memory/4116-430-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4116-432-0x00000000056D0000-0x000000000576C000-memory.dmp

Filesize
624KB

Download
memory/4116-434-0x0000000005900000-0x0000000005966000-memory.dmp

Filesize
408KB

Download
memory/4652-445-0x0000000006050000-0x00000000063A4000-memory.dmp

Filesize
3.3MB

Download
memory/4652-439-0x0000000005EB0000-0x0000000005F16000-memory.dmp

Filesize
408KB

Download
memory/4652-438-0x0000000005E10000-0x0000000005E32000-memory.dmp

Filesize
136KB

Download
memory/4652-450-0x0000000005E00000-0x0000000005E10000-memory.dmp

Filesize
64KB

Download
memory/4652-437-0x0000000005610000-0x000000000569A000-memory.dmp

Filesize
552KB

Download
memory/4652-435-0x0000000005010000-0x0000000005046000-memory.dmp

Filesize
216KB

Download
memory/4652-451-0x00000000066A0000-0x00000000067A2000-memory.dmp

Filesize
1.0MB

Download
memory/4652-452-0x0000000006800000-0x000000000681E000-memory.dmp

Filesize
120KB

Download
memory/4652-453-0x0000000006850000-0x000000000689C000-memory.dmp

Filesize
304KB

Download
memory/4652-436-0x00000000056B0000-0x0000000005CD8000-memory.dmp

Filesize
6.2MB

Download