xworm | 7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27

Analysis

max time kernel
1047s
max time network
1037s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-5.6-main/Xworm V5.6.exe
Size

14.9MB
MD5

56ccb739926a725e78a7acf9af52c4bb
SHA1

5b01b90137871c3c8f0d04f510c4d56b23932cbc
SHA256

90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405
SHA512

2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1
SSDEEP

196608:P4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:PuyIhhkRka4i

Score

10^/10

xworm discovery ransomware rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

BZpR8NF2ZxpmpIS2

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/H3wFXmEi

aes.plain

Signatures

Detect Xworm Payload 3 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\bqdovdih\bqdovdih.0.vb	family_xworm
C:\Users\Admin\Downloads\TestApp.exe	family_xworm
behavioral2/memory/184-617-0x0000000000E60000-0x0000000000E6E000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
Executes dropped EXE 1 IoCs

Processes:

TestApp.exe

pid process

184 TestApp.exe
Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

77 pastebin.com
78 pastebin.com
79 pastebin.com
121 pastebin.com
122 pastebin.com

pid	process
184	TestApp.exe

flow	ioc
77	pastebin.com
78	pastebin.com
79	pastebin.com
121	pastebin.com
122	pastebin.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

TestApp.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XBackground.bmp"	TestApp.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exeXworm V5.6.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

Xworm V5.6.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\TypedURLs	Xworm V5.6.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765128422862287"	chrome.exe

Modifies registry class 64 IoCs

Processes:

Xworm V5.6.exechrome.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Xworm V5.6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000017f175529918db016e9fd7aca118db010aabef6aad3adb0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

Processes:

Xworm V5.6.exechrome.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
1816	chrome.exe
1816	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
1864	msedge.exe
1864	msedge.exe
644	msedge.exe
644	msedge.exe
2772	identity_helper.exe
2772	identity_helper.exe
2336	msedge.exe
2336	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Xworm V5.6.exe

pid process

4284 Xworm V5.6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEchrome.exe

description	pid	process
Token: 33	5020	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5020	AUDIODG.EXE
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Xworm V5.6.exechrome.exeTestApp.exe

pid	process
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
4284	Xworm V5.6.exe
1816	chrome.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe
184	TestApp.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

Xworm V5.6.exechrome.exemsedge.exemsedge.exe

pid	process
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
4284	Xworm V5.6.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
4284	Xworm V5.6.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
4284	Xworm V5.6.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

Xworm V5.6.exechrome.exe

pid process

4284 Xworm V5.6.exe
4284 Xworm V5.6.exe
1484 chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1816 wrote to memory of 316	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 316	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 720	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1768	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 1768	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe
PID 1816 wrote to memory of 5076	1816	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe"
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4284
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bqdovdih\bqdovdih.cmdline"
  2⤵
  PID:4776
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6C91.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF899593A1F1943A1B1F780EE7BD83965.TMP"
    3⤵
    PID:1172

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x314 0x30c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc7344cc40,0x7ffc7344cc4c,0x7ffc7344cc58
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4900,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5196,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5260,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4072,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5128,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5016,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5056,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3704,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1252 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5412,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5224,i,5834094876158696564,2856613669140820740,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4732

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4300

C:\Users\Admin\Downloads\TestApp.exe
"C:\Users\Admin\Downloads\TestApp.exe"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of FindShellTrayWindow
PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffc8b1746f8,0x7ffc8b174708,0x7ffc8b174718
    3⤵
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
    3⤵
    PID:3740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
    3⤵
    PID:3156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:1116
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
    3⤵
    PID:1328
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:1544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:1016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
    3⤵
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10465360110908923892,11376262502102073047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
    3⤵
    PID:3944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x314 0x30c
1⤵
PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8b1746f8,0x7ffc8b174708,0x7ffc8b174718
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4658595407465558549,14876374056550685471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,4658595407465558549,14876374056550685471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,4658595407465558549,14876374056550685471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4658595407465558549,14876374056550685471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4658595407465558549,14876374056550685471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3c5820fc52026acd26a00d181322ed2c

SHA1
8acf29d10092000bc7e1083e63ff0b7140cd297d

SHA256
a0e49d486f581dd2131f1581ec5fd1d0bd8359adb60c45a1e7d3fee3d73f83fe

SHA512
7d71c98f9ed6308c3c31179fe86671fcc33bacab8d44151e899aebad9c9ae43cdf036a51c7b6f17f2b395c6398ba521d18cea91cde16aba89faec87e3f822a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
9cbfd8f06030f2a5525b643b66ced95d

SHA1
a43c8a08087c3d7319bb08068086442899959990

SHA256
9e39fac50820c487252ea74e6946ac438ca5058d2757e629c5ea905b928570fd

SHA512
34767935be5014cc25785fec3922db9e82029538ad71b36ff2932b7aa0fac74144506e4c933511601bd3c2a5c46b09be11a4789522f0a9e2f481429faff00e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
7cfabb6ce7d837c4b05a4d496c7b2b9a

SHA1
fabb717f5764a24a0735cec8429003344cc112bc

SHA256
9744513cc76570abeb734fbf95382a3f27c9b2acaae604b45cbb6f5854d88198

SHA512
e3359127c37491b126b288f28293c6343480ad637375524a974f5d196d9baf8acd55b579f91a25bb2a9b35e744b11d6bf544621397ff2fc226bcdba776eadae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b09bd476e7c15f4e4d553eb0aa0e7236

SHA1
f2704515f085b092cb28c72a1b0a87ddd2dc01f2

SHA256
8896c947128b63114a738586225daa5f5c6894fa10683d9c306983e309821b3a

SHA512
be68415936cba05501411e23d00d5198b062b6430830929009134e8ec780a40e0dc152054e74e89ccee0876a54fe0a6bd5f268ac3098527809ffe40b12e09455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb3a8a57a6810fc79c288d279c16e4b4

SHA1
0332a16c6ba5a74d186ac434593e1685d0b332c1

SHA256
ed6abd75e18ed319d0a163ca1097a72159cf2732a7a7b4e6d1da7de1667c7401

SHA512
281f415840de8f7851803287c5cb29093cdfc9502ef7125e41c541b14ae45a0c2ff1b1f39e876c1d30166d1d690fb2f64924f61ecb0dc5a2b485615d87a30dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2c7b9f09ff3dcca0951ceea86d6a2f8f

SHA1
d7381050bfb9e2ec1289a699dadae0f8d87c61a9

SHA256
c294009cf9aa0b93cc7362afdff5952b63ee368881d499db6045ed700decde75

SHA512
b27f78ca199ff07250b4f2a5eb40f7d4059d864e1e8ad61acfab8da98881a759240fb54fbdacb993b1e510f41654bdbee0afdafcbc822096849f83c7c63625f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f87fc41f1495a44e0e9cab6fd0a57177

SHA1
0ccb910adff7ea9b5398880c1e50269d031331c5

SHA256
c34d883d15dcb2fff6af55c428233014972c9cfcb66b5b7af749cb17f1af98c7

SHA512
7188709bc4641a6c7c90f08e9cdd6c1cb6e38d32a66d59f05945ef86ad4dc993f173706dea2289fc68f7784db92f938e5f8930a9147fea9fef57ce15f35288d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
767e63526f2dc6a9384bf5a72a7ea24f

SHA1
62b2c0a6e4bc09c6fa6c5c35c8569d32882badf1

SHA256
feb651b402c89003b39d76eaf02824b6e84354eba8d1ad2e106d3ed8a8fda60b

SHA512
a6cb46e9681159b5e1ff498cea6f074872825b7a1b355e4faa0add58b49e126370152bf5145cd7833e04128b221af83684004ee6d427bcb3576ee783bdb536fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
07b026d530353fd174abf3912eccd565

SHA1
d01d242c5f03593683916f1770a9915d7792b019

SHA256
2eea79cd615c3a177de79f3b5b9be10e130bdb1d678cfcf3e38b38a6bfc3178a

SHA512
2f9e5a54cb84a726df3a3775c8d1939d93244ac6f3b4bb684da57dd58ae8a2a23e04aebbc104d9349e0e8db41f117ee2e85e334fc9e6a1a8e17b64291ab309ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2a1f29a1b5bebbf39f7b27981341881e

SHA1
4a145df9128eae4916616fe16187d7c0bed0772b

SHA256
3df973d067ebce54bfbd78b55b08c09fc0bc5b2eb1d8658a4a75ac20f50edd57

SHA512
2262251b464aa83d36a050724ce762978a6baceaf15b9b543567a2b59f130583737fc8040123426d17c69a501646c921fe05a75ada002cef8a88a7e7b8e0251c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ac863650d1c945864455f9083711167d

SHA1
f4289593d742c90be23d5eefee5df082c06c4e39

SHA256
20814092303a0a613b9ba73a535db34c812fb5473eee2ed3e76ae3473334d549

SHA512
18380885339ef18702ec2477a33c7098c855709175d9a8e47a48f8f9e7ca579807b703453ba2f1ed9a6242addd023423de64697513c56d63267118959d8ac9bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
fb87ca48d53804fcbe3f39a9929cf9c2

SHA1
631802291e04e553f6f91e56d4c0da21e3a3c498

SHA256
fd5fe0c7aaf4d4b8e6610aa832ea979606c2badb78ad28c220cc1f40e3173f7f

SHA512
e254b779e8ce1f360e017c89b4c60073069b49fa10178ee533c0e41e63895916df1a247640f5e3d8c7ed064068a0e29ac481021316cb0f59f2b00546f0e8c77b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
bae81732aabcc78bc9d13e20e0f8db67

SHA1
c2325de2e8f7792e6af9dc6e3f85eebc26bdc32d

SHA256
e96787213fd0749e5426725dda28f3039facd533774dbbb27145107218cf2034

SHA512
42991021aa20ece42f0d98b3ec274c52db3cf0d0c5bd10276a400fd95980c025da4b813458356517e8ed64a36cf02672be724f481e9f9fb2c7bb9baf3ceac0cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d241c98c99e5aa8dac2a4adb854b9b8

SHA1
0489584ea52b0152b5fadd2fd2cafdc8777ead64

SHA256
e90a38daae411f26125a1f6d92c6bf56322d7741fa33f396401220c96ee2a433

SHA512
c5bb4ca83790ab76f122b6d997f9b278402562b236811265c7546c30568401bb11fa0cd1bc95d2cbbc5fda2e68be21268d68631591576e715d0d7d4d3484dd64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6d48d3a9cd0b9131ade955aa290eec8b

SHA1
60977a62dddf8823115a55ec7309578e457bd4c4

SHA256
13b8539bd19bf9057fd054f6a34d779b85b1dde5fc935e969db43c5f947aec0a

SHA512
9d8dd20c62d781d6505e2a0420eccae45fc1bc46c4adb284fafa2b992d5d6363487ebc007fab9304d99c1ebb98fbf05d669ea63b9a65a41185c5a88605c11c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
89b2b4231d98a53a5227fbf4f14d3ec3

SHA1
d35482f20af4e2bacf185b0add0c0cd2eceb1153

SHA256
1a84f96c7325b98e0d7c7aa22edff9be08db25a9b066e34768acc5976d1a04f9

SHA512
067538bd5f1b531060562e5a142cd66956faad7d971f195541505b0ab583ec205a009720a7973ccfa97c35589559141b8b64c58c10ca016c3ebe548f61fef4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b79a116ac4b478be6b673c6c09d62d51

SHA1
03c87bf21ecc3fb98281be53463bdb8cb9c9c390

SHA256
09d72c6d170f63e47a6c32ca07ead86b02f21376ccb730c6c59873c7a9758223

SHA512
510182b6e8027b2c18b769aa70b08afb9c5d82de5d276c55a93c2502a70b0dc48946ebee4fc6d22f5fe13d70fefe2e67341484ffc7ccd116ffb82e944ddd971c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e598df24b37e4ef3b8a71f71a13abcf

SHA1
e8b5062c88042930ddaee7205973f4c4ce73dd9f

SHA256
46f817443ff87631c12d35a7df9fa55fa0d0f013afbc33a380128aec98ba7e80

SHA512
6dba55662bf3caa9ea7dd36b0e5cd7c661e8b70f7fd647e8eabec39a11bff311a94e2a64f419571825683286da5fee35226ec877237271691ef31199ee997958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e61ca473eba35892caa63c908e60294

SHA1
2910dfe3aeb432cd6964228712e57abec211cd1b

SHA256
c90c4b4da35dcd77638cc790b2ef19073149ad73e294180227d94f03ff45e2f5

SHA512
f6a35adbf3f665f60ae3a6b57ed6af37c5af1371fdc6ab1636e13e4c2d7b161825926b24f89ecc4640639e974a43e82a9c644136b223e80e70086b573cb5ade1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
74011e5a28ac518315f412a6dca6da6b

SHA1
1909896f8f374459649909ab08cbc48cab31e1f1

SHA256
89c1628db8c5dff6a07eae931ad0f4143c57d46bc1f3f8a32c70931abe76ea43

SHA512
8ef92d9e97884fed1b7e5ac27c42ac515efc1311c6b234516735189f80ed46a5be3ed1ce68769044503ae20190838c3611e640cc9a27ea4be446be50b21bad7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80be0a1be0633f170717286d764ecc5d

SHA1
8c7510c14d1b43a27535109a52ce3dc08eeefc86

SHA256
f32bff5eb0ce3ba0168550c54490351a5450d1066e4a2cf58f8a2e61fcb38962

SHA512
ec5c816a0cfacec95427f5f3e5cb3cdda66985498c736b9201a854c5d9d9fb6354ab2f41daa4eb7264a47e230e656fd30854fb881f5f163dd98d7cb01bc3afca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82d5988faf25f9570247b5e60fa4d963

SHA1
f910a215074776b3be4ad5dea75d1348507083a3

SHA256
0ac9ee3f3fde08a5d954bcf55319054b9974da5c0a039536c195b889ca5459cb

SHA512
2b61b247d258ca83343940288c60d44444e8b201c72649cd6597470f928db6eb5ce81686c4e3f572613691aed0706df8874bf8ff57f5bb01c79aba85b31a7826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f2e04abd450fd5bfa9df2fc03f79818

SHA1
e0393457060910688174cc9c213b831c481430a8

SHA256
a3822cedecb91783a05eea176d66c94bc279ab4d636130cd3533ecc29d741d0a

SHA512
c317f2be0fc000fca846b65b9d6fa53a811e8361ff7f2bc70d94f05e791c56b51ba764824b1093127790b5545eee68f8f21367c931509266a435db1c7b19d46a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2e6851c00093b30e4af26e17a73d1d7

SHA1
09c545e3f970bac36fbdf935d986935cbdf744f6

SHA256
a90408239ee57d0c7773469f091eb15e39941ea9b70b1905ba32b88860ed16a7

SHA512
e23102a88fec9b8eeacffb0a5e9917105f0f81b8e8e0e85fd283757352eb34a0b1f848277886292eb2fb8bb24300e03178d730e4a24e4f5f414914c8dbb46312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3b30277110b7bd2a67a46c3baaf5ae09

SHA1
02489fa88d905d204e1520653578af01efc8cf8a

SHA256
9d73675eaab5beb6c9e27dab351412ad921ec47b8a5a9c527c738f84c3c3f50a

SHA512
e8990aeda4f726e885db4f193f149334af1040b178c6c99abff4ea6712fed15b18e1a995bf081b3ea4bbaded18f648be78656ae4b7580fb8652cf6d7ef93a994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05eda929376920b5b3ca4fb90cf7b30b

SHA1
8f32ebc1ee656e09f7d7c53d04303a2344fd72e1

SHA256
5fd1eb2d20a23e7d6e8f1d8f43cd5b541a5dc0c7c8e77a18bda712f7c12111a9

SHA512
663b2ba43c631393a9e0215cd333880db2c56fcf24c076b17b0cfccd6c5b25583fdf9fdc60eb3a94dff11fc112911152aa62ef3d8150fd9926e20df6a47ed810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4342cedc9853c177466fc2476624e0be

SHA1
7ad3b1cbf6d05a8ce460e16e4008578a2f4d4869

SHA256
8e854c7eaa95e33c6f8abcf43c3b2ddbc2d190b876c30ca52a24750ecd4972fd

SHA512
97edc85148c5d3742659e4ffa06c6a4e380486cd13f01a6a160cb6556def271763d56cc9be30338319bd0d273e3f774cf1a44bd48a662fcf26ea0e2b7beab107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7978e90baf77e09a09dd4eed9b2ba805

SHA1
121f90528e55b21da00595c09689d6e95d6a2fe3

SHA256
3b6cac32ff822388e59121684b7990cc47467ca9e9b7ad1d8c001d39af810593

SHA512
f4d778bedb3b40fedfb7b269163174a63984ee2b753b6c11403f28f442a8fdec94eff9c8b1f7d0f850927867d5bce12b171fc8cab76a9769828a209d88e75f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d1f495474b0ccf1b740994d0bb1f9e2

SHA1
127ed91382e22024f3da420b931cfbe2d340cf24

SHA256
095a0aaf9033cfa3ff2781aa51b6766167c41b52156d2ce5d8ef4947db644db9

SHA512
4d60565417e0e2df54f50676d86325a7d7f4ec8e9d7d352513f2eec4ab3aadd5319d939c6ebb087978b92dcbcfc40c40ed99712ead63ad5b660fe2bb29dac8ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
001754f1842f557cfbe07d3a4322c7c0

SHA1
57c2da0a8b7567d157d2cf921b5eb88895a83826

SHA256
939afa8459982a606f732aed4231c761cfff1ec158bdd111aefc35281d185df8

SHA512
f168f5839c75325455e628aa939c96d6f390f2e3c25e42d8ef272f917427ae6ba8377fe6a84eb9648a6b13f4426368e88ce7f692820cf96502189f5338a61f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
058d31d8c2682d9cfd1748ff57a1e5dc

SHA1
d1df50276b7661b9f3719ab317d53804e20947c5

SHA256
b84a3f419d702e400081397d9de5fcde0c7fb4b0bd57b184a7bc94ba002f5887

SHA512
1a167151474c903b0483cb3a5e25aec1370ce5f598dd3e29ade7f0a338b75a0be7424826045d8b1162a80464786307d3a4f383d085021345e927eb3860d7fd12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61ed3c1e0b49fd5a7eedc8e99e261af4

SHA1
c9ed622df087b2080a34b4641905c6695b1a6b96

SHA256
567a9bdc5e6ba5091b834d19c52c546839ccd54a7787e135d17473f4a4c8e2ea

SHA512
0276104ac0f6340268f329c891f2b414e4a6052c993e869d2e547cc845e9ef0b0dcd96b9c8b6b2285d6c5c95e8d6d1692af728924cad7d68efc6d442b90d0d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e30997076591ced913dfe7bc5d54e30a

SHA1
695bc03f1cfd8f84af259a6f55e6125477a3ff75

SHA256
1cbef76a81c218dd04269c149fe99adc61019d2c4cd4d53b9e82dfa6497dd4ab

SHA512
c11e571167462cef68a36ad6cd66368f80a934f51054d39f772361716234a4e013df04950e4224b7e93ee2b742e32310bf74d98b8662c724a5642edb6b01e442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
49c3693f02cb2bb7a9700316b5267900

SHA1
6061bec18d831a8f79282ef44441a6644e7fbbee

SHA256
8cb4f8318f67d642a555b7eeec3024c312ac55d4777705abdc4d3459ce43def4

SHA512
ee987e5cff730abe753d31f7c38302c4c3b616820532122d1cc671e3f9e20d585d34e2c3cbe6727bd421dd7fb155723be924ade40ac054d157431841764e68cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be50f298200339cea1faf19492fb0eb0

SHA1
1e76d6d929fc4ff06ee2a7fd6d18092e82585ef9

SHA256
6441ed8e5efc04c553c46fcfb803485b49a8c45f1fc301c5cc5e382612466893

SHA512
8cd8837102b4c26a72dbaa7771bcb4282f5aa76a814882e776dfc6207803120cdafcb92fe8d0c448a590a46a9c00d06d19fd8429603f4c1d6f5c48aa38ef8d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5a9ee3b63e1b33637c24cde7a1cda2b

SHA1
5544b2bfcc00c3196496db2818fabe4aff86be52

SHA256
382e3da1980557baf5b4804877c0be166402856fa8ead084e24f63b77701bd63

SHA512
02c8ddd6bc56a9c65b01c2bf86c4c69dc4a0214fa16816ff2aab7d7620a735e7cc4eead962ef7adc77e853818abc3d471f0f31416e05682750ba6f24d6774496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d79ab70a5be6cab1b1ebfd72688605aa

SHA1
e8ffc7700e2b62975f82be2a5b552e2b5947fe1b

SHA256
572382de443b3382f45902139184b54bccd2faf12c616f93a36bd473c503318f

SHA512
6e285bb89e1608650c021f5646c1066851e6eed47c39844969a45321263b1d42a608ebb84acf095d62e3e747aa830a236ceb35a11e19d0a79c6f980bbcad22ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe0407f1ef9e028ec46137fad1fd2b89

SHA1
1ec5a6fa88e328acceb797437e6af680973c51f4

SHA256
433927967acb5b83f6350b69f0d58190a33849124e21a7a31cc99ef09c65384d

SHA512
7de8d90355fa5c0fd77b4818ec9b132439079a37cfc8fb3ef6ad974ac141a54a4d22f9408b9b2fee08d79302fe7468fccb584092f83f747a4c307160a09b3c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec29824641545e32902a8f4aec1e9261

SHA1
071c059b2b85359660d4852054cec2e78f84e843

SHA256
0e41dcd3f7a7cd36fbcde9f2ee653febcb1eb0d549a349e34cf8306159c3cb1f

SHA512
58b24277f56614a2d1d8acb35a5bbf16af429870a5f77d65660f94a89f52d22ba43c8b2d050066129a15a64961473ad7a44e02838736bd331d61839874d2c8c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92565f865a1d1001919ce17bb71da7c5

SHA1
d5a118f81ac540134bf61a0c35fda3a8c654b087

SHA256
74613cce132cca33d9cd2544888a0809758f7c3ec1e943995238df228eff384a

SHA512
1f98988023c3faf278e28beb8ea4d37177013681e73bea812fd3747575f0d47d48ae15e6a67b965d4bc112d42e889f28e5508a6977472e7eecd6599c797a13d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e574bbf2e2b0bab0f3fe443e692a1a7

SHA1
1e2e576de9567b06ca6b71a1844835601ad14344

SHA256
59cdd325ca73b0a6bfbd29360a7da8d5ef31e16256f884a016464099290cdda0

SHA512
a8d8e41563ca9a63a06fca7518eedd0f2885d40ab565af0af83f61cae9624f157572c2d38e8fc323a4f0a44a33f2ad044866e501b0444e8108ad90f17575a40d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a5e7865d85f9a203e41630fbe002083

SHA1
a4f348d79c5cd89c4aab845d377783a135503a6d

SHA256
f7611e93cc3d84e9a244212196dc13f178185d457af79c5e1f77ca01b549d3ba

SHA512
eadff1e0be1bd67325bac3fe47a0543a151d9c16b99e3ade31171a418e52e5b635bab6881772ffa3b250edf74bc7dcbdc92a064a78be2b3fb6eb71c1b2cf6e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ff7efb690a09c8e20a513041ff0baf29

SHA1
1968b5805aaf4d3269ca63b270274cb0ed574891

SHA256
2961627a39a9059246714e19862912396e74d6124b7a27630a01934d3bec03b6

SHA512
7613c7c8f124909a61e47d1b390f60a8bcfe27523f35b8ffd3f3fca98c9288671c635bd44e1fe58cd8dadc70176eef7c7ee4bb4d9a9c1a62a780e21f628e525b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3e4c94157654c1412de02f31724719d

SHA1
d2afa4f937a99812405fcf6ad621fe648df7cc8a

SHA256
f4030fdc7cb5e20f42b0d1c2fc87d93274d16f99a79be0fddac270e8fe3687a9

SHA512
468f7cbeefdc0a1bde9a54a421af11fa4c8c12268d0933d16af032e5836993fc27c58048a0b15ea59d04f444b3623bf76afde4c2504accd1d5959cd864fd962a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd6d313b7c0edfb699287f7db37d9d3d

SHA1
9635dae27eacebe1735c2071e6d07f27a9ff7e52

SHA256
6af1d658683e08abb84eb17f3aaff3ac3b6fcf7019f896a4bf07943a6f3fd49f

SHA512
b54a30fdc7826270bfe9a6c4d5b7c466c45e458f68118a956022c3725586961b936c801bf9691e62a82d43258e14c750a806db4fb3980f56fe5eb50dbd16ceda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8fe9fbd2bfd2ad9103f9e674c8e1dfb9

SHA1
3317351ce6eebd4825853b415b64bc73ed9afb7c

SHA256
a868b74fa6f3e85c888ad76c01fcfcd1778ffdaa6b9df38b33e52640e27a0f2f

SHA512
be8ede1b1fc757fbd7df3755d7c7e22bf7e2dd831ed7f559ceb6f2be13af3170cf9b3948e72363250f4b54cab7ebe715004eb097914eb76fc8d1c5ac2c8ee7d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6235b6e72ace3b16d9576df5c5f022ba

SHA1
e531b00389a8262cd2440fb71c68c50775be9783

SHA256
deb590e8c1adef7716ea7f0851ecba281a1bb301ccd6abe0ecf00bed68eef046

SHA512
6da9f9ca31571b711a3deefa6c54465c63fc153c6ac4481fec0270811e5b84894479681cd6bb3615103ea21d86b9c34ac69595462006c9bb3863ce70958eb73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
076bdf40df07e4915502a7982bbf20e6

SHA1
143b50b811c6694c7f07c848312e50c18405ef29

SHA256
f2a6491310bd67d7407f938fc0794c3c851519665ce89a3ec05e001135e79724

SHA512
7ea7f05fad86e7e01cf8522603449a775bc8685e4f7e5d141dc68fd7c65376145fcf219cc169e5e929090610b5d1a2c72c5ae24093db04162b09b7ebb6db6208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e51a55330d9cdb6db762d04b242be68e

SHA1
c32efe800cc53fc21fff48296d30e6f9a342d019

SHA256
469286183b495a4e7344a58993d06d663af8141e74f881d06c2f82fcc8d26c82

SHA512
2bcaa21a80d7c16b21f20fdfca0b9fb9de5e906d2fb810248d635193958815f7f1f7f853c000bfdcbc20478a4beb251a238d835db715a81f6c918d0af2c48741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c95da851f87b6ee0cebef50278341b92

SHA1
13d756e933beb3290793db244e723cb4d21ff6a7

SHA256
e1920b25fe897db4f6a439bb03796ce4bb95a0387072ea1555da82e5fe84623a

SHA512
4cd7b5a15af0ea7b312aed1490d865280c02c69a73933bb9da6f74525b7056e58f9c13380c209fe59e3b6ba408db9365eabf2b2889fc8d5218351a12b511cd98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7b08ae9b3cb528bd5bc11027f0adfb33

SHA1
50dc03d41cf5cb496fbf9e345c2f32697d2e9a73

SHA256
c993cad68b993708d5cebe23862baca21dae982bf189285be6f6967a7fcf1d46

SHA512
6527501d1e9b84f9b2b948ff030779c90a51ffeb5e21120e53c4a104f0f0c0547bbc997ad9fc8d9f6b73bf75f6d4fd795303a1ec90e89337a3bf986ef1578949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e309626a56eee7e046758604bc8543dc

SHA1
161aae36d8747a35ae775924d0a55165afad2f48

SHA256
22c8647a282cb52acf6aa72e2d446fa9ae3de306620e67f53aabcfc348fe0331

SHA512
c252665929b38ff3de512450183009644b0980a04995fdd1dc365db13ce6992cc124a60d67b5619eff8f7fb49ebaf89c14c53ba68d9585ec881dd410c010737d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d867149821247d58be9baac67fc14ca9

SHA1
0a58f36c45bc644907f64393247e1dcc9dd474f1

SHA256
a067521e91e78a2911ea814bcb336777f8e409f04a7d1d456a7e6d2045f350e1

SHA512
b660a2649601075d8e2d34fd20bdc8e00b297cb51e88de9e8d42e4dc67ff9f8a374ba1c603ec00f226893933d05fecadf15f081a270a1926e071782371e46d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9238de8b6b54aa3aaab6395e8cd6275

SHA1
c9194e17436e8285b1b6d5f0ce30e044c8a959c8

SHA256
56fe196440b50e27770c25462dae338f09305cfc1030570796ed3b0861665795

SHA512
4f6d4597fbdd396822f964c34579ae118a6d806934e742030f4100c99cb5f67682efdf1e541d6eeda776ee147adaf691796c772a50645a8172d0db92c27c02ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e16ccda5db721745cf172d494fd3190b

SHA1
7800358ab06f02e5c1f86d0f9bc0ae692aa2f8f8

SHA256
1b5a2f46a740df686705a4c0459c388a5a81ac0bca520a0ec523a7289add0e2c

SHA512
4c6519f72e0bc676bf3d1fc7351e6db0e066e8555c2baa6e16cbe52a6864aaebe14fbb060201acf05614ac3d2958934eeb38db421aca7e5e185771046971717a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
99cbcfe45ea215b67a803daa8b5f9ab6

SHA1
fa124a9db1dce421b738a164eba02f9bf789039a

SHA256
7fdf353a5db80877994fc2936e0ad5754c5d5250c99b3339132d6fa1ce53bef7

SHA512
caf6e9d0e4e6d1164a30ece44ebb169dbc3fc603baf74da0112a89383ac48e2cb070c8eacbcafa2e13243a4eefac3e8b06dbad78fd34f1e913de3ba218002d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
4ec44d41a8d851290c72cc3bc010aa24

SHA1
f3a2a6e18e7a58c91660005950b85d16185841fc

SHA256
1b13fdb7dff502d42498e13fc01d412fb1bac42c197cc04de258d748770f089b

SHA512
dd96c68c7cc2e18aacb2695508f130084581c0f0b9f22cc0a4e354d599db1beb190ef10c2bd1c061589771fdebea4ac1a49b4be5ee26bb097daeeeef7327778a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
09dfdcf22d321dcddff47302af8262a3

SHA1
55b7c8670b386f4202cbbc48ff5000802364d9a3

SHA256
b1ac665c41dd0005ce853d68ab509e762f7e75fb7b235dd5dbf2c09f670df4d6

SHA512
bdd6d634fc6715e859526d5872d364a316d4791f952080e9a77f208a71af0fd2ac6fa6a76347653d0c8c493b3b6c98bc55888e85ff943656c94d229948dbfae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
58ada40bb1cf213748f9898da6066c69

SHA1
bc9ece6c5bcfa121bc477e11511b1b8dda3b6b64

SHA256
48329920d3474004e6a4702745a170390b6766083c62caed59d4764152370f89

SHA512
9b6fb220fd777cfa8ddcf171ae2a04a66dc9a98bd27870fe9bcbde24c662b7d909565a245006b25fce1fab37f87a89f9a948b41599568374357d801dc5e6e283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
728bf2decb2bba65a7e63b603242f9dc

SHA1
339c0b625cb898c0e63a4de0e654d19b8924b5f2

SHA256
5f515db105e93001e10b4f6a8bba3aee08ee4787a701e9d49e8a95529e8ad0bb

SHA512
0932c2c0d382e6357b7fe62f8cfa5cf089883c53d051a30d8795234e40e11933e497e5732bbfbee7d45c73e20937d6b8724ecb728b655808d3e45750116d5ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\dc4559d0-8451-4867-9402-c681e44d905e.tmp

Filesize
232KB

MD5
6fd0ec324b84c61b4e711429bd99677f

SHA1
060255de0d0b4ac45ee8c408dc28220255ec4242

SHA256
b24439b9bdec1d73aba9ab9e463a89116da2e5eebe5390be07605f5564cfed60

SHA512
863e57d36ac5cae686c6b1eaeadca374533c5c73d501a40eec245e905733dc2412d1016ed75ca0e6d1dbb78a6a9611760e99eda8c243babbb98a14ec9de0d5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5d3b6cd4-358c-4f78-bf77-d4a1ff9878a3.tmp

Filesize
10KB

MD5
a651524d83c6fc7a9b9dd0ad94d504a9

SHA1
fcbfc68ff62cfd9e3efc6dfd816cde215279e722

SHA256
af95b9db40bba3caaaceb0742f629b78e63c73c5c3d8a43369ed81edaa94fa4f

SHA512
04bd3ad6e238bf25d6dfe98389a9f536a3d758afe51f7a9bb2c3041b62a533e4e17d074cc7d2f845a4e33a656588e48710da900659e20b6a1fd1f07e0065cdfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ed5bf74863b97a89926d9c9eeaebab99

SHA1
457d675bca6ea873e0d0530eb35cf2ec870d943d

SHA256
75d39907498b1c9b720811b15c717be96964a2e69c6c19dcd3303f2b221f741b

SHA512
a932c20703f2769a427b9d75f803e1aa932d92755d6b5709ab0870f3d52de36869345da49870f2dbeaa1289a91f96443216ebe2e1acb2713c3e5701e74d3b147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27fd880b462c0db528c3fa935998e092

SHA1
3a3fa7d6779810c4fbc233fa24617fc17b5e05cd

SHA256
103ae0ecddfda19a9ec0982f28bbd2ee111140ada3ab7bfa5a0049df4a5e19ca

SHA512
bdff522714046c759919be644948ea7ceda09f14d14fdd1b4dde97d82b5064a60bed8c7a53440471ce74b9a748972b42f95ff7c798ac60e5784edc96cce8bdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b933e6e-04fc-436d-af39-50e94d0fb81c.tmp

Filesize
6KB

MD5
c9e96dad319dc45bb12efaa0a18a97ab

SHA1
fd639b99846469b4f4a1245295e77900055bda53

SHA256
792a7b27c17ff42a7568990ace484a8d456c0b140d8ec91d3532c7b744ffc11a

SHA512
05ab968d7da1538daa8727cdc489f2af18f7c634cf9b0e1457be1c1edbbfdb48abd6239b6415764740168c7e053738263860178a808a31b4d467dac4192e3829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
e8b71b8a01eb671c77df94fb6bf416a7

SHA1
2e92fef72d164741462eaaf2bfc9ced391ae34c4

SHA256
da90cc5a902ba1786fe1bc513be2cf7bef8ebb422a3286ba69bb4f4ce2f78cf3

SHA512
6ca22c054a94c2353ce9c636810271f64c2d90cbfd5de04bf0ba916b2236a41e97754a54788a45f74891b673a350d5efc8a6191f6f46ca6ea58023b055599a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
3a0200a678cd336da244165964960346

SHA1
a36fb6bf0cd1f2b7e36af47dc9685979b35e7653

SHA256
d4a44bb6b2b97367c11be524d91c41b73bd4eb5065f55a47df0d28d3a07d8f39

SHA512
c4bcb1da8430d09c9e888b9953dea729ae3aa8ce25c6ad6563499d8fc9a2eab5e93b1d4e2faafa05e66e26341a0820c4ce74c5f90521312f017ae55591ba2cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
626B

MD5
f0fc35d42eaa0eab5931ee3ce94a3bc9

SHA1
3650d052fd542b49bcd111ff933c76d652d40d0d

SHA256
9800b1c3cd9674d49793711f5514dd34028d5cec6f5276e9b11482a4ae942aa8

SHA512
f7ddc267775948c9deb0bf40bf77dd3f80173b2ba9a2cbde1d77ae152b1263e470aaebd0606ef0bb48bbd602af26c39c350880dce352bb50b727c0a3c85f7d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
f4646ba6b05f0c3c9aca3100d094c81e

SHA1
1f524b90e0bde35ebb77aa61e9c1d26e65a3d509

SHA256
b7c597fae680f670c1651e53ee13a0cb5059e6c413353ff5183c931cab905745

SHA512
eae54eb47e42e7b916cc9bb43c2e226a36df225074c8e9534e8afe3bc9ed40ff69d2a884cf396e397e08321d6766e6ce85053a242f29d330f7804788c814cb29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
71969d7eb2d8ce55a6aacb00862141bd

SHA1
7ff8ca259c306d06649a2e6778c87d35dd97d607

SHA256
227e0c3a440613810a9f5f5084cabd40db22eebaf86b6ec32ce43b01fc9b9de2

SHA512
7f31a8539ea9927c6fd884e947d77c089bfba174cca34c16a4c77c1cc22832c91d209580d0a142f4fef43ca7ec6fab04a79e4b5a4bb3eab02c4a75bcc35d3f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3ff19011a63c8ddd3828d220125ef53

SHA1
9f6d549a4805786fd22659deeddf0a3650e81ee8

SHA256
9dbefd1fe47de5f8554b99d1a834cf76d37612534218cb12163ad88e323150c1

SHA512
38ee024f7abdfcd8796ab1406c54ca23e31caf032fe53117ad223a7f63bf703563f4cafbd2596299d2be633afaaa5373392693fd72ecda78f18132aba6ac6677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b91050f85f6d1544fc0ee744ba498f5a

SHA1
acb207c04d5871fc3c3b49cf1247f852eef90321

SHA256
79c8b892335c28a7b3a0c29b015a780a479ca0a639e08deaeea5be7a4e9c21db

SHA512
982aec1c47122ad42caa15e263ecc5ce5c0d30012642d13e4335dcb5eb27636f313a5b65c086760ee1c40e061910b6cba28f421f86d308d259642dfe6d97e140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c3e420c6dc71cb4b23f50d42b4f82b7

SHA1
2740e763237b5ff432843e034892fe3c9ebb0325

SHA256
d9d44965a947b69a767edc0f2ef21b4f418f9f6ab3d7bbb3dc89de40cd657cd4

SHA512
1b94a501f5d047caacd19754f8e5c77b04ca491b4e70a1e4834c5cb76f4fd0a3078e4c15ec26336523dc4ab74955d0d474fcecd20af8296da4b9b201976ff998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa6b3fcdcaee235726ceefb794678295

SHA1
9f51c87bd4d8b4886eb09fef962c68b1169983eb

SHA256
eab3166fe105daa14b021e94474819b487a3f0d9eaaac27fc9cea185ce01cb8c

SHA512
3fe7c89054c2fa054ddd4a6849f594bf1ad447bb473f72e0c3973bc954a17139462fdcdfae32254799f8802f7a530b8dfa22a2e278cb0ac9dfa69906222f5d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
5c0f543f1ed1d6d27df0c0b44d2596e2

SHA1
d4c6f45d8480612f6e225ca07babdf3de7febf33

SHA256
b286b8b0a7aab09403a9dbb18d2b5bbed916f0d15b38af3fa63c1f2b8f5f304f

SHA512
df73cfc5c466728c7cd464dcaf92713e1fd901012863a3cb1c6bbdc9c8e0afc905bb6296878cddbedae97408ec72e50d88454cc4f3b1e0c3fee1a76a4be128d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376513714923414

Filesize
1KB

MD5
4c7b392e38e63ec0ecf208b38a62915f

SHA1
93280993b671ec10925181bec388bcfce18fbe79

SHA256
8e05e6e57f5ab1c3d1c314e3dddf68d75691bc3fe7b1add0e913e17b457f506e

SHA512
778c32dc230ffdb0ed5eb5a80f363d05f4191300559d718f3a0b0ed739ccc18593166e14b4940dc0c6d9e82af9cd4a56d3efc4e81b03cdc40767dc424273f674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
17022a1b259c87e407c01aed8b866abf

SHA1
74bc30ffb3489ff09b826113510b52d446da331e

SHA256
546b3be8518e824d23493423205136f0a42d810df5827d648d366abceb0edfed

SHA512
9a91fbc9c3541178ee0d74aea4b64fe69c24dfcab6803bc641943b8b7411fbd584db8ce0ad67395d015d86b175c36757a20783e14591b9fd90e3bc244f223a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
56f0ad496bf05318c7a7e68d095c753e

SHA1
ae19797a97778da2e15465c2bc765b172e9a194b

SHA256
b7109021d6c9812dddd5d8a6c5b31cb41fb6491525ce0f188f89c67f1a0feddf

SHA512
e3c6a1c50fc8b00c90712ade1c8fed48968bc4d490b5e72a5df92f1f6a7ca9c316830f03ad5890079e67e0918d7cfd19b7f6cf60b41b1594a4a7e15a7c76f706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
52c0e02b1e27e2c1a1b5f2469482c09a

SHA1
7cbfc92d0e853a8f345fe9e84308e5e817b31a81

SHA256
b04b6779b23cad441e05a687f31df43b18bc3f8b7ad4e9f77c5fbe7e01eaf5c8

SHA512
07d925876a2d70788ff0a17e4f3da1f67ce867b1f57543950110421ab671895137205e8b1db01b9235f2aacf98e0412e88249fb094a5f08d4ebcec0aee5d4280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e675feb9-36b6-4940-b25d-41f2587c66b7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
9d4499f0412ee5f8ad6dc20eee4154ca

SHA1
32365d4a10732af6eb9e66679ad80e485af54c30

SHA256
32acc6f9276d5f30d7d4c1eb3511e262d1288808be59f9a038e051f6dee356af

SHA512
04a8930a7829266f93c2e67b6bef8bba8c6177443914bb053c46996cf4cdff91daa281cd37fba7572d14c05f2e1d1c11b0eb6fbbca92f4e73e09bd2bfcec3197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
88b55da2a79a17eba99c92bdafb79f80

SHA1
bca40420ff5ecefceb21c608818b2ae54b56b49b

SHA256
f65e2bb9fc7bfddbb45b92bfadd0b306685bca8ae71f89cb5d01fff175b1b3ee

SHA512
09e7b2016d77290de2661c58db60a871ec2dd23c4db9a7649211370cc2799404ef56c47447d46b83b4b441fe159a7ba73dd6fa3a8e3a95b1d001265e6c9234cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
a7e5c5cf5af0a299f33f338aadf5379e

SHA1
cbc8f903d2ad3894820953220d34a28800eaf805

SHA256
10e622e81d0683ed298033b55e0295ac6a49c64a12aaf35c71c071b43dc4d48f

SHA512
142560f913226b62ac1d10d056c99d0692ee80c0386738d5b1c5fd9fafa752217aef485b6faa3defb9f9601f4928afdeb94f78c3c820f1e532a416230bb4d469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
8b9012e9ea22b6d537edc0ae94a4c29e

SHA1
5f33c7c4e3f2167139d7f828f9be81e3839ad5b5

SHA256
39eb7cd59641209757a57fa0cddd9dd30c2d9742d05897fec2d452d5fa7ecaa4

SHA512
942474207ed62cd1fae63ae158d4fc7dee9b3cdc858e4de667838cb53ee67246e4057e73218a24558d873825aafd77087f5afd542f7258066e5889af9c63ff90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e01a8d317901fcc2a142f485262869e3

SHA1
b9e23e86db7c66c2d00f2e24e7e25db8b0de8bee

SHA256
2bcd1578a32f11879801eb6f7a98a939a66c5893c22a8e200a1fb47d068c55e9

SHA512
971a86c6c47c06bf676f481d0af124559b90ae7aa8446599b5b272f5e8887ae17c3735c9fa7f6c5ac445951fa54f8a9a1026da72edf0e1a776e7c8af38a970ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4d6f384db9d1dfbeeb5815bb71044954

SHA1
fd1fea086e840a9668468095469ce02df9455c08

SHA256
71f1047a5848c200cdfb0babdce8d3b704b0840c8c2c6e355d52bdebbc1e581d

SHA512
1667603038a25e1778510c2ab4622a86275fab5d7d21f0c833cd84abba91d90e706f2d508aae84ced76c5f82746efd4747a36868356d2fed078cff27381fdef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df52b071f27980672ac1fa6e5f100e23

SHA1
a8e6334b2a4f01083d923655d78cb2266801e591

SHA256
92583039b5845dbc9c1e04a0ce3c426a1e04896dd5d10be010619dd3fec0e19c

SHA512
71b2af1de2f7c1072078c5fc3baf3c2cb81d02921b899db0c28aa0b1c9cea1137be995fa44309afa620deac1453edcd44bc200659d5a895d380e54ce9660b508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
956a2d67a418f91f2ee20dc146a6944b

SHA1
52884365db8f45aaf7474dcb13d2842f0b747136

SHA256
28c5a4dfcaa970139294373eb7e7703917d700319b85abbe59b7d0595b9e6b5f

SHA512
0dfa41f36b544cd86163b8b9119280916ff9760fb008a576772dc70b0609a8253831b0d2ae1ab06cc8ce613d57dab7aa8297cc39c2fe3918dd1bb3be85e1c60b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES6C91.tmp

Filesize
1KB

MD5
4fe482653c1b2a85a1e094ff3412e9d9

SHA1
f324f9b1f78d593b66cfecb958287af5a8c022a2

SHA256
f76684b63f5419dd608d4bcb9543bfd99ee3e71390ad133f73533e35a5c664b0

SHA512
071d5f02d4b4695e49f5c15d6e78729f38d66e31f908607688b5e42a49d1dd23b23930b0adb456165d071aaaca9cfae2fa7c0924c13218dd06c7414267cafb1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\bqdovdih\bqdovdih.0.vb

Filesize
78KB

MD5
19522baace2a90baf275a133fafa7928

SHA1
b004aa3d4e6a1c693a6fb2dbf4ac06e6932f1559

SHA256
66d479d71267033fe61c99fbe12d7e708e9bc572f38abb412fe319d7ea673f3a

SHA512
076a6e1818754c958e31a92d004e6e43f6ed0132a46989732c9c58edfc0961af3c116854e57c4c5fb24c7e5915b3ec9728ae81c6a712aba9f92c6e6cadcfb8ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\bqdovdih\bqdovdih.cmdline

Filesize
292B

MD5
02af816eb3fdb5cfbfc7fea0b1cfee17

SHA1
f52fd86e4cd4e2147d2f2592f7e2a49ec53fe908

SHA256
8fd59234b7595d81b97b0528aa52f170212f585add8cb2760fc5101690754fb0

SHA512
c3ac1cf5b0c4d1125e4624d308b9dcb852bfc63d3eb12dcb67b9aaabb5f063d7be17d9062723de1a340a676eb897e929a1ab4a9c7c36024f8b74dd444060f135

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcF899593A1F1943A1B1F780EE7BD83965.TMP

Filesize
1KB

MD5
55bd622a4fc7d26cf216ee9b398c945a

SHA1
ba58aaddbb1d241e1f7ec19c40c021d4da6afe66

SHA256
240c4e9b01ba7eb8a0a662442f6228b7d74ef1b8ead41145ecc353e1355612e7

SHA512
697abaa6541a7403c90ddb4452d0bfdb47af38e179f77c4d56e16e2a48fef483c124f083768c0041f5f0d6977e218c515f129eca329996a64807c69cd6c9c9c2

Download Submit
C:\Users\Admin\Desktop\How To Decrypt My Files.html

Filesize
639B

MD5
d2dbbc3383add4cbd9ba8e1e35872552

SHA1
020abbc821b2fe22c4b2a89d413d382e48770b6f

SHA256
5ca82cbc4d582a4a425ae328ad12fd198095e2854f4f87b27a4b09e91173a3be

SHA512
bb5e1bbf28c10c077644136b98d8d02bfec3b3e49c0829b4d4570b30e0aea0276eb748f749a491587a5e70141a7653be1d03c463a22e44efecde2e5a6c6e5e66

Download Submit
C:\Users\Admin\Downloads\TestApp.exe

Filesize
32KB

MD5
2e5192505d88b5da77260577d8e4f837

SHA1
daad27a47281e6be91d63f6a66849638ca393ef7

SHA256
b26e9f8714f8c9b9b9fcc41adbf8fca6e2ac5f012bd284ed988a1da669e63d9e

SHA512
279fdc3ff533fbe764a9a64cad934a99bb3251ae469dc936a2c3cfa5f0dd4ca56ee8e6e620d9d57fe2ed9570ca42b37ab995e7b31fbaa619de5bcc7cbf6f12b0

Download Submit
C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC

Filesize
16B

MD5
3df3721021dea8f5f826e23a43a8601b

SHA1
09eabe196e4d7c376b444d4f50bdd751fbd898ce

SHA256
a189d413dddaa0a36e42ae92dbd82d8ae39351466b3749eef23c31a0c167cc03

SHA512
80f5fa2f54014a7cb59e9b74153073403d13a03dacdd95e8ffde622ce9ddc34ca87301d3311b9ec9b5022e38801c601e0d192b737352e0e8a2454d6845ad202e

Download Submit
\??\pipe\crashpad_1816_GSNHOVHFZIHPTJRE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/184-828-0x000000001BBB0000-0x000000001BBBC000-memory.dmp

Filesize
48KB

Download
memory/184-617-0x0000000000E60000-0x0000000000E6E000-memory.dmp

Filesize
56KB

Download
memory/184-833-0x000000001CA60000-0x000000001CA6C000-memory.dmp

Filesize
48KB

Download
memory/184-822-0x000000001BA00000-0x000000001BA0A000-memory.dmp

Filesize
40KB

Download
memory/184-820-0x000000001B9E0000-0x000000001B9EA000-memory.dmp

Filesize
40KB

Download
memory/184-818-0x000000001B9D0000-0x000000001B9DA000-memory.dmp

Filesize
40KB

Download
memory/4284-4-0x00007FFC7B890000-0x00007FFC7C351000-memory.dmp

Filesize
10.8MB

Download
memory/4284-8-0x00007FFC7B890000-0x00007FFC7C351000-memory.dmp

Filesize
10.8MB

Download
memory/4284-7-0x00007FFC7B890000-0x00007FFC7C351000-memory.dmp

Filesize
10.8MB

Download
memory/4284-9-0x000001A718EF0000-0x000001A718F0E000-memory.dmp

Filesize
120KB

Download
memory/4284-10-0x00007FFC7B890000-0x00007FFC7C351000-memory.dmp

Filesize
10.8MB

Download
memory/4284-6-0x00007FFC7B890000-0x00007FFC7C351000-memory.dmp

Filesize
10.8MB

Download
memory/4284-36-0x00007FFC7B890000-0x00007FFC7C351000-memory.dmp

Filesize
10.8MB

Download
memory/4284-5-0x00007FFC7B893000-0x00007FFC7B895000-memory.dmp

Filesize
8KB

Download
memory/4284-632-0x000001A77FA30000-0x000001A77FAE2000-memory.dmp

Filesize
712KB

Download
memory/4284-3-0x000001A7800F0000-0x000001A7802E4000-memory.dmp

Filesize
2.0MB

Download
memory/4284-0-0x00007FFC7B893000-0x00007FFC7B895000-memory.dmp

Filesize
8KB

Download
memory/4284-274-0x000001A77F800000-0x000001A77F968000-memory.dmp

Filesize
1.4MB

Download
memory/4284-2-0x00007FFC7B890000-0x00007FFC7C351000-memory.dmp

Filesize
10.8MB

Download
memory/4284-1038-0x00007FFC7B890000-0x00007FFC7C351000-memory.dmp

Filesize
10.8MB

Download
memory/4284-629-0x000001A77F6C0000-0x000001A77F742000-memory.dmp

Filesize
520KB

Download
memory/4284-630-0x000001A77F4A0000-0x000001A77F4CC000-memory.dmp

Filesize
176KB

Download
memory/4284-631-0x000001A7802F0000-0x000001A7805D2000-memory.dmp

Filesize
2.9MB

Download
memory/4284-1-0x000001A77C050000-0x000001A77CF38000-memory.dmp

Filesize
14.9MB

Download