stormkitty | 573b2ca9df39dc24d7e769786b7fd1bcafda80c2b7404b919e92cbbc65db9baf

Analysis

max time kernel
96s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31/12/2024, 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

quest mod installer.exe
Size

165KB
MD5

6b223bcb2346baac936dc94b8fbc0e80
SHA1

672fb1856a64c9d71d438e9beaf8094aeb65e4cb
SHA256

573b2ca9df39dc24d7e769786b7fd1bcafda80c2b7404b919e92cbbc65db9baf
SHA512

2c22c62be5490383f29ea1b9023dbffce9f0d9a36431bbbc494d29e041896758878f729539abc793e2ae5e3ef4b27666e50064b11a284a7ef9d27c2c57a77443
SSDEEP

3072:UvRZfiACBoHbT0/h5dOMpkMZ0Bz65/M6If+3Js+3JFkKeTnC:UvRZfiIbwhFHZ0xBt25

Score

10^/10

stormkitty xworm discovery rat spyware stealer trojan

Malware Config

Extracted

Family

xworm

127.0.0.1:53655

147.185.221.24::53655

147.185.221.24:53655

topics-properties.gl.at.ply.gg:53655

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/memory/3028-10-0x0000000000990000-0x000000000099E000-memory.dmp	disable_win_def

Detect Xworm Payload 4 IoCs

resource	yara_rule
behavioral1/memory/3028-1-0x0000000000AA0000-0x0000000000AD0000-memory.dmp	family_xworm
behavioral1/files/0x0003000000012000-21.dat	family_xworm
behavioral1/memory/3060-23-0x0000000000310000-0x0000000000340000-memory.dmp	family_xworm
behavioral1/memory/3060-342-0x0000000001240000-0x0000000001270000-memory.dmp	family_xworm

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
behavioral1/memory/3028-291-0x000000001B5A0000-0x000000001B6C0000-memory.dmp	family_stormkitty

Stormkitty family
stormkitty
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	quest mod installer.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	quest mod installer.exe

Executes dropped EXE 1 IoCs

pid	Process
3060	XClient.exe

Loads dropped DLL 1 IoCs

pid	Process
3028	quest mod installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2560	schtasks.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3028	quest mod installer.exe
3020	powershell.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeDebugPrivilege	3028	quest mod installer.exe
Token: SeDebugPrivilege	3028	quest mod installer.exe
Token: SeDebugPrivilege	3060	XClient.exe
Token: SeDebugPrivilege	3020	powershell.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3028	quest mod installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2560	3028	quest mod installer.exe	31
PID 3028 wrote to memory of 2560	3028	quest mod installer.exe	31
PID 3028 wrote to memory of 2560	3028	quest mod installer.exe	31
PID 532 wrote to memory of 3060	532	taskeng.exe	34
PID 532 wrote to memory of 3060	532	taskeng.exe	34
PID 532 wrote to memory of 3060	532	taskeng.exe	34
PID 3028 wrote to memory of 3020	3028	quest mod installer.exe	35
PID 3028 wrote to memory of 3020	3028	quest mod installer.exe	35
PID 3028 wrote to memory of 3020	3028	quest mod installer.exe	35
PID 3028 wrote to memory of 2592	3028	quest mod installer.exe	38
PID 3028 wrote to memory of 2592	3028	quest mod installer.exe	38
PID 3028 wrote to memory of 2592	3028	quest mod installer.exe	38
PID 2592 wrote to memory of 2160	2592	chrome.exe	39
PID 2592 wrote to memory of 2160	2592	chrome.exe	39
PID 2592 wrote to memory of 2160	2592	chrome.exe	39
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 1584	2592	chrome.exe	40
PID 2592 wrote to memory of 2052	2592	chrome.exe	41
PID 2592 wrote to memory of 2052	2592	chrome.exe	41
PID 2592 wrote to memory of 2052	2592	chrome.exe	41
PID 2592 wrote to memory of 2036	2592	chrome.exe	42
PID 2592 wrote to memory of 2036	2592	chrome.exe	42
PID 2592 wrote to memory of 2036	2592	chrome.exe	42
PID 2592 wrote to memory of 2036	2592	chrome.exe	42
PID 2592 wrote to memory of 2036	2592	chrome.exe	42
PID 2592 wrote to memory of 2036	2592	chrome.exe	42
PID 2592 wrote to memory of 2036	2592	chrome.exe	42

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\quest mod installer.exe
"C:\Users\Admin\AppData\Local\Temp\quest mod installer.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2560
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef63c9758,0x7fef63c9768,0x7fef63c9778
    3⤵
    PID:2160
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1184 --field-trial-handle=1276,i,1932630158607544529,1337113163781309681,131072 /prefetch:2
    3⤵
    PID:1584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1312 --field-trial-handle=1276,i,1932630158607544529,1337113163781309681,131072 /prefetch:8
    3⤵
    PID:2052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1508 --field-trial-handle=1276,i,1932630158607544529,1337113163781309681,131072 /prefetch:8
    3⤵
    PID:2036
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --first-renderer-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1200 --field-trial-handle=1276,i,1932630158607544529,1337113163781309681,131072 /prefetch:1
    3⤵
    PID:320
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1276,i,1932630158607544529,1337113163781309681,131072 /prefetch:1
    3⤵
    PID:2996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2892 --field-trial-handle=1276,i,1932630158607544529,1337113163781309681,131072 /prefetch:1
    3⤵
    PID:552
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=3744 --field-trial-handle=1276,i,1932630158607544529,1337113163781309681,131072 /prefetch:8
    3⤵
    PID:2164

C:\Windows\system32\taskeng.exe
taskeng.exe {0CC75CE6-FFE7-4304-9159-C04008D25D01} S-1-5-21-2872745919-2748461613-2989606286-1000:CCJBVTGQ\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:532
- C:\Users\Admin\AppData\Roaming\XClient.exe
  C:\Users\Admin\AppData\Roaming\XClient.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3060
- C:\Users\Admin\AppData\Roaming\XClient.exe
  C:\Users\Admin\AppData\Roaming\XClient.exe
  2⤵
  PID:3060

C:\Windows\system32\ctfmon.exe
ctfmon.exe
1⤵
PID:1660

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad\settings.dat

Filesize
40B

MD5
29acc7d11d4391748f3d1253849a2e0b

SHA1
3ff5749dfe8a28085a4a40cb88a60e498cbd9175

SHA256
8e133e9d24921ee093ae9b9b18270faa284d0adb2d88ee326ec85cb0642ba8e5

SHA512
0a6eec4b96e4f9f9886f5607684d94a603f240d5a2964e9f5698bdb8c93eada7c7c6959d0a339c2ebc5c21069412074199b26ef82969222ae1700150134eeaac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Affiliation Database

Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
c16bea6f799f9a3b75aff205d6bf6b3f

SHA1
b4fad42b42454ea9b20d02f67cd1dcb6d39aa7da

SHA256
7399695cb043ff05d8321c7d66ace0e7dcf793c037977de06898520dbfcf422d

SHA512
52f5476a1ae04d5700f67cdcbe85b90069563ede4b3d7a2bb45d638520f1bedd35d5ada2834f441578bce2fbc37a8d5562ac216559c4e1860c0ab59d02e4acf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
ffb3c96b85ad378a5bb764932136b2d0

SHA1
4b25aec527439fca04af0cee30727369b7537b04

SHA256
202cef0ff477246857b5a5c748d3a0f9a60d7cbfb79b28c82d25b0ba5c1c082f

SHA512
0fb8d53c1ab0d29aa1d0fae716386f2629ade2b484025a34c6a2173243de9624d9417b53faabce2b0e54ff8c9e2d2c1514ad0461064d111c04b303d92de0daeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
3e7f159c54e26113f6cc751ba815d550

SHA1
12a7c88ce74e981efc4619165c1332840d33b349

SHA256
b9f8558344eb30172d30d23b45d1bcaac7dd97d723a043b0328787b4aabdb8a2

SHA512
4712979d9d0bcc6fb45c059504f51aba93f48ee1e8df86a1c1469e4038be5df9571137119c8937b78c5ef16a3a554947fa228564a3d44e82ff20f93137d6ad1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
b1921bfc257ab3c649f724f00eca2674

SHA1
1993bb77ebe3e5510e398d8e9e11375f4fd5ac9b

SHA256
0d413752e9aab24bc1f2f04268812355115d542e4fc78aa7f4f65fa3c1cabe9d

SHA512
90a1b4fd8612e4038695aa168268cf60c4a5612f80683766160b3e2b3f4f8126c945aa3a72d6a2256c6d7c0240e89bbcb22d1982047b14cde65c847db498aa9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\DawnCache\index

Filesize
256KB

MD5
37b995d190cf7ae9b403a5a33c40afb3

SHA1
7a609b5a7b95c1defdfc3d7d28a7f0dc3bdb3f61

SHA256
9b62497087139eebfd2e45cf5e6a00b7b58a515dc2a98c516c96aba6e12b0c70

SHA512
12fa10bc4983c4767218393891b376a74623651120ad9baed0a01c0219bb3e090d3d72dff238dee8bb50685ad4561122ac15ba0dccb1965dc1261c610fb5f919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Favicons

Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\GPUCache\index

Filesize
256KB

MD5
008cd53adce4f0d3c122e40e012c18a3

SHA1
b3340d762ee12ed2bc8547ba85c988ba602b121b

SHA256
8aa928af5b56f954f2262d566b65aa31972fe900c84b3f2217889c00ecfb82cf

SHA512
f7f3d24c1329588eeb063a84129eb6b3cbdddc1c43ec20bf1acba319eacd5a6ab8bad63af378a7390120b43bff6c8238d2431424b7d45cf4361abcfa8b34387a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\History

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
5KB

MD5
deb201d4c8802237d06c34ae43bebf53

SHA1
a8fbf338918141d17f8033c92ff2bd964d080e87

SHA256
38ed81e7146162e2f1e71aa9ad42159f483432aa31ee62b461ef5db1461afa5b

SHA512
00ef9db8fd08167950c5b32e364cdc96c277b7a6059c25130f2ced602efd46ae2895fe1e3b76073aa81543cb1d166218ed8cbd70cca79550f356a7cc7ed3f770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
5KB

MD5
278f33ef8d846df367412fbbdb8b5270

SHA1
c5abb919ef171471dda425e1ddc53692f4fd976e

SHA256
0a4c056fd7604fc5bc4737a1518349849e0a44565af596975f9f1ff919a1eacc

SHA512
2037071097373d850f95bed9923fc339656dbb7a25c43da6935d7c6d56e4d068845c3b75feb098276619d3b606cfdbf0ef8402b8cb23161c7b6c7a356dbfab4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
5KB

MD5
9d488e6332fb9823917720a844e025e7

SHA1
a7b5763c47a49328c1e0aa3eaaf556ddab1256fc

SHA256
345b131c1e5efaf3b096afd853d6115518cafbe50cd316e370b8cf6623056260

SHA512
c8f2dbd4ed87cd9263329d2cb49ef3d05f793d068e1e531751b02a05591edb66aed1693d04dd4fc5c7c1c54775ce086f989680bef1e807a218273a682fc0a708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Secure Preferences

Filesize
10KB

MD5
4de53fd1ecb25e50d1cd818780bd1a23

SHA1
e8c23580de1ffa9bf9771c26e408b99c872b3e76

SHA256
b2fc4d9dfb2130583cbd74c438a526223adad36c356941ff6bdf4d9bc127a78f

SHA512
b211436e40698f602bdb5bc0b445118efc8ebe8aa0546e03244c6c9d98a6f4132b88610f5fdc1f8a73ab81b534172e873d69c0ad8aebb2a15cacaad88b8cfc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Site Characteristics Database\LOG

Filesize
249B

MD5
e4332a2a5617e1b15a5bf4eeb1061d40

SHA1
059cebe14c0941d84c92a74297aec06d53a719c8

SHA256
1dd76db8df7b87d500fb878696361fe8e4606955b1d5ccc25322c109397860d2

SHA512
5825f9e5ea28e7bf84e285bda4f73b9ca06ef87412c107a84d6e870a9654d3d3e09ada3523afe9ae09025ec5a3843bfc8a5b6cacd6a79f465cbfadc933dab752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Site Characteristics Database\LOG.old

Filesize
198B

MD5
d2e189c0a928dda23c66124ff5a28925

SHA1
8e1e610741f8e913e26fa28325d6899491b23d54

SHA256
936a89fb2138c914033a0357a3e0d881af58d8d953a96ed3bba46d282f222db2

SHA512
478dd6675cd44e7fcab4d1d81917cf92310cdcec138ac2b14e1c8eb867ea97beb0a7efe6fc6a96c04b131b15fb430d4fd27cacfef7dfa05d87089dbb4f0c26f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Site Characteristics Database\MANIFEST-000004

Filesize
107B

MD5
f3a604cc1687a04eaabc91b49ed90eac

SHA1
507d0c1334e11f23da43bb9c8702652511893d03

SHA256
628a12f2ebfd6d19731a8a362956c95803f1d909293f6936542fb458d8be1a39

SHA512
a49c1632af45f2a938c2752aeb67e254e92a04bff91affe95952ba7960a60ec143639565790898d55a5ac4d5eb34c2dab1b93e295840d4e30cf3b16d913a7806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Sync Data\LevelDB\000006.log

Filesize
4KB

MD5
751a1d85c6cef971f069d5f8c18d7171

SHA1
3ef7368f3a70ee9a3cfa573466a55e380ebf5f10

SHA256
fcb31bb0726eebf45bfbe0f360b71dc751bafb2c68f04848f547ccb094dd539c

SHA512
4e4ce9f4009fedc8fa55e3a1a0e4508d9ba6189f14309e1683b37bac361f2dd5508a3198120e602d2e46bc6ef0f369b1ddb7644238f093754498daaf3d7bf064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Sync Data\LevelDB\LOG

Filesize
249B

MD5
74bd95893361ad49534a609596e7d756

SHA1
08241321b4d7bf8fa7dad9f6b5ccb15f6c50c25a

SHA256
4fd7c13a4b0d2994d1e9648e46258083af2174f9b7eb9523b47e523ccd271b10

SHA512
f6a99a0e069ba499cf135be82fd232f2800c7d6ae75f8d25aad3db7d8b4ada6031a2314f3774858990ef3a2f5b8c7274f72263e76d8f71ce4b3eb7dd910eee96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Sync Data\LevelDB\LOG.old

Filesize
186B

MD5
4a6c7343641fdae99edaec7ab165580f

SHA1
e008404b158c583e7affe03d7bd3089a583c9817

SHA256
9d0ca81c1bc27610c8b457ce17d473a0182c5fc20feb2965bd636d2ce7939152

SHA512
ce90d01b349c07e26eae3ce5413e5d3821c3d53ded305020e047980fd3cafc249bdbc9e4a1d9b689ea826e921208bac7fe668986b1e2a7cca9dc6cc82ea5a176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Sync Data\LevelDB\MANIFEST-000004

Filesize
139B

MD5
8d9da2a364a249c6222e6ab992df06c6

SHA1
d713021bdc2ee7a01da8f351d8592dcf8228d2a2

SHA256
8b6cabc40598599fae9d670094f32db93cd3753a9585be8dcc0e4923569385fa

SHA512
a2a452fd3c926636d74776bc9c8489e04f31ff3e0fbbcc14c2080e003dd4a55a7a8177ce30c4cb0b489f5215132b0a791b33254f4b5ce4658323330f11886e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Top Sites

Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Trusted Vault

Filesize
33B

MD5
da1185ddd8830abdd5c77f497a6bb8e2

SHA1
793f9e4e4f5b9e7f30b9dc003f5976f0f8496ced

SHA256
e6a3773b10b7557bfbf051497cf2cdf333e98104252492c15347a0813f30980a

SHA512
71b2b9b09c6612206178868b84a54521f077041eeca54cd23b80db12b4fb17cffbce195f608b26c675f91c55ac51404415c4c2914d3cdb9f30998423a7bd8289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Visited Links

Filesize
128KB

MD5
88d4f7eedc49224aa0dcce64406192e2

SHA1
c1af978a8c6940f919b0a5c05aef6f4b80274b0a

SHA256
e11d191e5ca087230648b0eb6eb706415ae05aade7b34f3460059abe2da4f173

SHA512
dbc116dade935922504cea31dd2f69cd653a56fe3e6526ae25a729b3b2f29d338a8a3aacbb7930616684fd9925d37101ff151444f9d1f463f7769a47feeb671f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Web Data

Filesize
92KB

MD5
102841a614a648b375e94e751611b38f

SHA1
1368e0d6d73fa3cee946bdbf474f577afffe2a43

SHA256
c82ee2a0dc2518cb1771e07ce4b91f5ef763dd3dd006819aece867e82a139264

SHA512
ca18a888dca452c6b08ad9f14b4936eb9223346c45c96629c3ee4dd6742e947b6825662b42e793135e205af77ad35e6765ac6a2b42cefed94781b3463a811f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
42b74556820a9da61ed5793cb5ecc46e

SHA1
7634c27723755f6072854195d61eb0f32dfb38ac

SHA256
9317d2b263607e39d56515f12ee6559f9626f97b77f767273cd047eede280d6e

SHA512
03b1b88d7735f37d81fc0b07abf67d8ace62da6ae77b5150f6d23683dff5b15dd0dec9b4bf9527e979d3b1c9022cd6f6a37b7bcc6fe4a2b13f6804b269826638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\shared_proto_db\metadata\LOG.old

Filesize
193B

MD5
f02102087f73f2a053a32453b46a0979

SHA1
98fa7d8b51e5344fa025cdbc2c0e2a0540e381b1

SHA256
c07e4b1a5e5e5fec650eb1acb02744794b77b227c10bbacc132d62212fe62522

SHA512
7f1ca84f6d4137e38db822fd3c67f83fe4cb428c85b9613f633aa5c80e47aaa5a1deec59540af926898aa6d7a2feb805303f4cef0b60b7ae5c7bea9961b82719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\GrShaderCache\index

Filesize
256KB

MD5
e5a17fb51e3e1a8aa7923264c64389eb

SHA1
77df0000fa2d14a358e38a306379cd59a432cdbf

SHA256
d14a4ffaaa0340c38d3979d70ac692a43d56b05b406f5986c8873cbd887301ae

SHA512
0cb2ee891d1e0eb764bb55f124d824800289c4560b01460fd7051cb656d3d6a8dc558befe6011222d4f67c945ee6b452f1de9f1f88c07fa518e5f891c32f8565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
169KB

MD5
db4cfa9cb75cf33ab48975df9d874724

SHA1
b067d62b98f9022d85434e7e412256adb7233919

SHA256
e525cfabdc01df2bf2cbb35663cfd7c2ec471606a6affb3e1c3729777cf9cb7e

SHA512
dfcf21d8a47be89777e8193aaf0cf091716d40f0bbb29278e17c23d5fd342787e5ea37ee4a719f0e3c5291e3d89b0046d5f3a19c9e466b56d43e24c276fdd989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\ShaderCache\index

Filesize
256KB

MD5
5ee41d7ba6a7f0472075071ff69155ab

SHA1
192ddbb58c69f7d12ed83636f25c39799575dc33

SHA256
d1c7982293108fac37bcca91bdda14e434c2b20e3ee11369604d6f02fad13184

SHA512
10e420fe49f416cfeccebbe31f0d77fee7e675bcae1609ebe1cd280bdc7ac63edfbc93611d833dd8ab20e283f7ed1e91b42209d3a1e00354f17f9214d6fb9e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\XClient.exe

Filesize
165KB

MD5
6b223bcb2346baac936dc94b8fbc0e80

SHA1
672fb1856a64c9d71d438e9beaf8094aeb65e4cb

SHA256
573b2ca9df39dc24d7e769786b7fd1bcafda80c2b7404b919e92cbbc65db9baf

SHA512
2c22c62be5490383f29ea1b9023dbffce9f0d9a36431bbbc494d29e041896758878f729539abc793e2ae5e3ef4b27666e50064b11a284a7ef9d27c2c57a77443

Download Submit
memory/3020-29-0x000000001B570000-0x000000001B852000-memory.dmp

Filesize
2.9MB

Download
memory/3020-30-0x0000000001DA0000-0x0000000001DA8000-memory.dmp

Filesize
32KB

Download
memory/3028-14-0x00000000009D0000-0x00000000009D8000-memory.dmp

Filesize
32KB

Download
memory/3028-7-0x000007FEF4D23000-0x000007FEF4D24000-memory.dmp

Filesize
4KB

Download
memory/3028-10-0x0000000000990000-0x000000000099E000-memory.dmp

Filesize
56KB

Download
memory/3028-9-0x0000000000960000-0x000000000096C000-memory.dmp

Filesize
48KB

Download
memory/3028-0-0x000007FEF4D23000-0x000007FEF4D24000-memory.dmp

Filesize
4KB

Download
memory/3028-12-0x00000000009B0000-0x00000000009CC000-memory.dmp

Filesize
112KB

Download
memory/3028-18-0x0000000002260000-0x0000000002276000-memory.dmp

Filesize
88KB

Download
memory/3028-13-0x000000001ADE0000-0x000000001AE28000-memory.dmp

Filesize
288KB

Download
memory/3028-15-0x000000001C8F0000-0x000000001C996000-memory.dmp

Filesize
664KB

Download
memory/3028-17-0x000000001B240000-0x000000001B28A000-memory.dmp

Filesize
296KB

Download
memory/3028-8-0x000007FEF4D20000-0x000007FEF570C000-memory.dmp

Filesize
9.9MB

Download
memory/3028-11-0x000000001DCE0000-0x000000001DFC2000-memory.dmp

Filesize
2.9MB

Download
memory/3028-2-0x000007FEF4D20000-0x000007FEF570C000-memory.dmp

Filesize
9.9MB

Download
memory/3028-16-0x0000000000A60000-0x0000000000A94000-memory.dmp

Filesize
208KB

Download
memory/3028-356-0x000000001AD90000-0x000000001AD98000-memory.dmp

Filesize
32KB

Download
memory/3028-1-0x0000000000AA0000-0x0000000000AD0000-memory.dmp

Filesize
192KB

Download
memory/3028-291-0x000000001B5A0000-0x000000001B6C0000-memory.dmp

Filesize
1.1MB

Download
memory/3028-331-0x000000001B330000-0x000000001B36A000-memory.dmp

Filesize
232KB

Download
memory/3028-19-0x00000000021D0000-0x00000000021DA000-memory.dmp

Filesize
40KB

Download
memory/3028-24-0x0000000002390000-0x00000000023A0000-memory.dmp

Filesize
64KB

Download
memory/3060-342-0x0000000001240000-0x0000000001270000-memory.dmp

Filesize
192KB

Download
memory/3060-23-0x0000000000310000-0x0000000000340000-memory.dmp

Filesize
192KB

Download