xworm | 1f71e1ca766bc3bf384c46febf186452e7dbd67f70ffd1655a772e90992d8bc0

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2024, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XClient.exe
Size

37KB
MD5

c7bebb3ccd58d2b86014e00c5bb98abd
SHA1

f426af95c3c264af6cb98848cf526baa78d66395
SHA256

1f71e1ca766bc3bf384c46febf186452e7dbd67f70ffd1655a772e90992d8bc0
SHA512

7550d6f48749def93edaaa23976d25b6e82230e412f57246845810506f33107ea906a1edff624e1f89aa31255285f7771b7cbcae085f532113d3aff3a40a7765
SSDEEP

768:qOWpEICrHUolRGl6HzhzZARNF39SgOMhmLkrV:RWqICovwlz6/F39SgOM4yV

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

myRdtRNaBtvykIxn

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/3412-1-0x0000000000190000-0x00000000001A0000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
15	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754578053409516"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
744	chrome.exe
744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3412	XClient.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe
Token: SeCreatePagefilePrivilege	744	chrome.exe
Token: SeShutdownPrivilege	744	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe
744	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 1780	744	chrome.exe	114
PID 744 wrote to memory of 1780	744	chrome.exe	114
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 3344	744	chrome.exe	115
PID 744 wrote to memory of 4728	744	chrome.exe	116
PID 744 wrote to memory of 4728	744	chrome.exe	116
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117
PID 744 wrote to memory of 5036	744	chrome.exe	117

C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff90989cc40,0x7ff90989cc4c,0x7ff90989cc58
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3312,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4044,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5204,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5196,i,566820815238083478,13135223813814542049,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:2
  2⤵
  PID:1808

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
604a9dae8ed0aabc38ccf75ba28696ce

SHA1
b6a6465280d0b2aaf30b5d86adfc1adf4d373fc3

SHA256
9a79349c3b600d904bac67a834f1de97d15a754a54ed20d80ece326eb77a603c

SHA512
d3cc4feeae59920da48aa797e709dda55e613d65c4eb9ea21041f2fb984d311cc7c45a7fec772a38f841a5b43d48b7cc5b1651e2c7d4cdd0f5fe8a0b8786cce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
27608026cab2d7f1784b724c71409630

SHA1
bca36311053737687bf1a5315a4ed6230390d3d7

SHA256
2d898b34bb5538c998491075392dba8f8de471ebab9868cd3c6f7453a702973a

SHA512
3c6a664479f2b33daf532973d224fe1899d77f95ce19cf63a49dfc429664ddf7380d23533a1f7e03f428ed386cd18deb78e1fdb5526a2d4ed60d6eb4279393ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1f09aa442bd6d2f496e3f3ffd78b65f9

SHA1
dfdfdf049f8153652b61092d4be97366b4740f8f

SHA256
73b60a21f03d269a826c6db3bea05fb93775566f94266dd74c21e24b74085cae

SHA512
8a1203c7ec782806a1e920784fc0c29185f2f56e6b23ca108060f2dbf9f50f70e927d1c72282855c6e3dd37d2e30e6cf345f3f02716c6fe281448269d79387c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
acaacf806dfeec4828b50f4cbf607e07

SHA1
9579f547960d7be725ba51f9bf998f55f6cc3508

SHA256
f99e2d08344d27c939eb857e570071551cbdbd3ff4f23d5296f545f7bc9af592

SHA512
f9f8ae52101652523eed4606f1601c5b885e8c415f9fc2849430592e02ea772408f8e2046788178369e90c231aa09d19313e08b07c583f41bba69cfcf5ac1673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55038b82e47d4342b5c0cb60f1ecdd8a

SHA1
4402181dc35eb3eff7808227c888e832678c8af8

SHA256
d292c3a50f3a62293d69a9d5839c72588f331ae99ca8be5ff0fa442501fa0e87

SHA512
387bd2141f411a91c808f47134ebf5ffd921bcaac63a72fb66d8f01636e71732f510d89de5df30e724499ed8d654255413eb1bf6abaffef5aa861bd3137ffff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c24a560535c8effd1ff9b710538058f

SHA1
5e43009ba7f502d531f9a8eadfdf6a39662a8cb0

SHA256
551760f73c1bd49fb2e6e997873fe24b56bfcd3738fe0f73700df79f43ba4be5

SHA512
c580ef9c7195c21b23bf51b9f20c3b303c5e8daa3f32a1eedca6a3915d233c79e71bb200ef04546f1451a85afc6590c11b1002b4554557ae4d871060ae7ec08c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4e97a2d061d3bcd2dccfeb1520ced3a3

SHA1
664890dda65e0b4acca02617218b114690df46b0

SHA256
6fcbf95409b918deb9c738f4ea5e65915093bf74a5e8dddb8ea70fe396b2fd72

SHA512
cda3209a091c7d71dfe7937fc3fa0962eeeb26862891a2608bb95b0816313ad784c57bd562f78d9b809f3a96c12d91ea2f844aa5189765ee93a479198a2484ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
0bc0d0310e70f775d1682bfeec2115c2

SHA1
d8d567923571078f3b0ff159330542cc85889745

SHA256
f1d1606c5ec36a0464e4d63dc69b3e29f58e741f9b7b66db41c09aa1efcca724

SHA512
7bef91dd2311a13a3d78589ff4f62db4d50bd294b3ec482221125b9c65335b844d3e1f61bb8ec2910bca0186889245fa31b3689cbd0021ca54a8c1cbf1eefb8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d73bfa00-9863-4b6f-90c5-d8585cdc5c56.tmp

Filesize
9KB

MD5
bdea3fe3f38ffaa976b9a47c0a59464b

SHA1
5047b5c788e50e7b86b82c39edca8ed80dab647e

SHA256
bd651c9ef8f0800a45e371bcbd86c8f739e9e6314937442a1276e2f7c563e8ce

SHA512
532353b230b81823577c27f8e4700bdb549906de17361000e18bcd881c4d7889bb2e0435272c60f7d29a3c85007c2405babb6f35d60b7433ba4176d636dfdb57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
d299f0993f11925444511a346d28e53b

SHA1
7a9a985e13e970661298f2e5c9501a26c5abe0f5

SHA256
c7d69a344236c728909ec82208900b818405d67284316a9f869c83fcb6ee4d45

SHA512
72fe9596b6ed5035b062912e7785f833ebd0af5a59314980e2231c18ce64fb2686baae4ef36c2da7a7338670894c8b6879ed588033bb808b256e524fab980e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
3089b24e5adb6ff41f60e97ecb519836

SHA1
a365a4d8c97dd6e455b07725243400c76d7b0511

SHA256
7dd6e79ec0ae6bf44d8cc7b0dc918f87481be849721771e4d75957c1a45a5f32

SHA512
8fc1be6a643f1dd382f4d326ada1b6ac1ab74e751d8487f7a67b2c8268714bb287a276a45321c45cb4b6a79b3314a6524b27b0a17b199a63814c4af78c0141a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir744_1421280273\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir744_1421280273\ba2cc68f-7bd4-46a1-884f-c83f1992a5bd.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
memory/3412-2-0x00007FF909AE0000-0x00007FF90A5A1000-memory.dmp

Filesize
10.8MB

Download
memory/3412-3-0x00007FF909AE0000-0x00007FF90A5A1000-memory.dmp

Filesize
10.8MB

Download
memory/3412-0-0x00007FF909AE3000-0x00007FF909AE5000-memory.dmp

Filesize
8KB

Download
memory/3412-1-0x0000000000190000-0x00000000001A0000-memory.dmp

Filesize
64KB

Download