7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27

Analysis

max time kernel
249s
max time network
245s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-01-2025 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-5.6-main/Xworm V5.6.exe
Size

14.9MB
MD5

56ccb739926a725e78a7acf9af52c4bb
SHA1

5b01b90137871c3c8f0d04f510c4d56b23932cbc
SHA256

90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405
SHA512

2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1
SSDEEP

196608:P4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:PuyIhhkRka4i

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806560341201225"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2384	Xworm V5.6.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2384	Xworm V5.6.exe
2592	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2592	taskmgr.exe
Token: SeSystemProfilePrivilege	2592	taskmgr.exe
Token: SeCreateGlobalPrivilege	2592	taskmgr.exe
Token: 33	2620	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2620	AUDIODG.EXE
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2384	Xworm V5.6.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2384	Xworm V5.6.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2384	Xworm V5.6.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe
2592	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 2820	5068	chrome.exe	99
PID 5068 wrote to memory of 2820	5068	chrome.exe	99
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 2692	5068	chrome.exe	100
PID 5068 wrote to memory of 4060	5068	chrome.exe	101
PID 5068 wrote to memory of 4060	5068	chrome.exe	101
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102
PID 5068 wrote to memory of 4388	5068	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main\Xworm V5.6.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2384

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2592

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x314
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc0037cc40,0x7ffc0037cc4c,0x7ffc0037cc58
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2092,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2108,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4460,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3288,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3408,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5356,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5436,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5568,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5020,i,13386206656432770060,3708172202156967818,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3216

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
50a746b05f1faeb2be4b3abd4ac0312b

SHA1
65d2ee7d0d2b61b13fff2140a7286a7d0f9b8da6

SHA256
37a2f32193ecc409af2eb7af4a5bc3cf7d503a026a2aa26937834a6135a8f375

SHA512
7950c5e54c7ffcea483c3242cc734c35aabe029dbec989bb227a89001a1d6b2d992df485b0f2cd5d765f1df89d83914876836ec57f7a1399c47e56470f49a310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
708c94fcf353a6d353c7cbedc334d58e

SHA1
f1f047a34595448251b7f08530b4d36c409d9711

SHA256
f24abac8784894e1b88c60eaceacbcdbeb7e85e951594721081783dd7458beb1

SHA512
a22daf1d9e34509cdbd847293416c9fe985b09348d6938302a626aff8e83e5fe8c9427bdf674219b633d12fef85d3e2e148dcd92daa4feb949d0549646d3e881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
55085bfe238270c3a824f92cf9af25c2

SHA1
b4b77d7bdbd37467d64a5c46279502b44fb249bb

SHA256
139e3ab93b6dd831cf38762360b8896e1067479e66a1dfcded4a86635daa04fb

SHA512
dcce07247a53e07f850491de60fb3b994b99df4e9072377e56f2ee4b6c8165860ef29f20b54f0537fa888d6853626da41ea82c7fe3556ee22b01ef1ad76aeefd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b647afc0bdc11e27dfb2e43505b986b0

SHA1
34257205c51f711828e4f57e2cec9337964319e3

SHA256
fe047368bb73056dc296b1aee37afbd7ecf67004bec3788ad701dffb22845b46

SHA512
9443038ca37dda120a2f61ef4b1f69248c822ff54a5bb7acf30fe0834dd782bf4fd69b4865a25880536575fd67d48e50ffe02b5c62ac9800e1f5c25b5dba7694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b4b171f33174008fd96dc89644cc0311

SHA1
84620e80023196f16e6e98cc9e1a5f069683964a

SHA256
80eb3ed5b39472b9994d2285f0d4574d6740cfa6c64459b3fae60975e48a4942

SHA512
5181cf7f0d57e8b854444028338c16f6e83c41ac35ef3f64dc9f5d42cef6d85329b35c8b4468afeda9f31a195c8afb60aaf86e624386c6d5ad73e041f3f1f25c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7a7ea8c349333832c517250e226eccad

SHA1
bb8481a1a5fedaca075405aca27ea22b299ab7f8

SHA256
c04d63dad30c9f2365963bce397f6b69002b40dd91ed3ac265c419fd0aa06ba2

SHA512
8dabf43198212d8794f2223a5e15abdace8c9d90d96d0a3a3040f37d66d3686e84ce0356ed2a47644246d195e11dae9e542d79aef7e6c7726d29f4982ac7379c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
3eb6c6d23b8b067200bfea953c49bfde

SHA1
aa636f87b8c66d7fdbb6cdbc1f3a960f1b0db690

SHA256
eece0e6bab03fd2264e3071043674ba08778b935f67731eef880ecb2fda7bc77

SHA512
c570b899ed0451dbb5f4f110e2a3cdd51fa34509eba29d9e57091829db809bfa078abc34f4ad2edf21f102896699ce4dc6cac6516d9403627b87089e28914b13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8c7f54d62a9a94ead3c8e6eaff84c125

SHA1
93825f547d46f069869032c8d629e7d3473f1d68

SHA256
ea8451c884341f571806290f87a7220e5c8526d2badff5cef81fa923deea2fbe

SHA512
4ec68ede267966b5bc0bcbd3229a9d35fe310f6b3d02e60467250b64ef60b27e26c55902cdf66ece7ac3040deb608e594e0146de85735acc8c5179fd10d9e7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
1f0197dff9b40d93d8c5619e90e19520

SHA1
530f0296c7edb404fc98cba8753862311f9e3385

SHA256
dcd271516edabfefa421ca64c98bbf1023c486b17cb4d2338b7516ef5e4be4c6

SHA512
f476521ea3802a5be0778c17a12a3fa63a738ce909715e7bdab9badfe911e56504ed386e316930f1d20b3bfb390caeb691630f70e8ace6231d279708a4dd5c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
aa6427bcc3d0ea4dfbcbe4b0da4fcefb

SHA1
82d893e4338fae1e9d861d61b131932ab95b9f8c

SHA256
d7390f07299a0c919cfd655e1d1e2314e97e83805608c8cae93e946626d4d82e

SHA512
5a8c614c0b13487c25b8666c56c1692148606eab011103e4f701717d3bd227fa23cea90e73f0515908893696ea407eefcd86dbdfcb50513b8fa095a97ff730f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
3c7b5b8a4e18af43d4bbb8b962fd7b53

SHA1
0b90eecf3f7a81d1385ec3a09ec772da8a5b0f18

SHA256
6b85bfd6454d12be7319408dd3272928789206c0a0d752af731af2ce3e1ad63c

SHA512
a7ac934543f9cb723ca8ef82f66d25b5a8f800bab4e7f29b995a98bbc8542a34ae8fdac309c6129ee20ae5f47b11d05ab6697f20ff7facd16716455634fc3cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e3c257fa745bd3ba51eaabe42b3bc440

SHA1
36e1d852794a99b8f4719d8dc171d6552c917253

SHA256
2d9ceecc9eb049d4c4416a2dbc7165ef45e6cde80b4b4361356d90057286822a

SHA512
52eb9e03307e3a91dfbbefa066ec75d20bc3f6cbe50c4545228540782ecda61584439aff8e3b7569458f8da9840fc922a9705e27127c57f0293544fd0790a8cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6c3f45f676b181b3bc25e1170c377e78

SHA1
8908a8fd134aa3340b7cf44847e32108c69cad0d

SHA256
2b6917adff91e0d30975fa934772206256144795bc9d19eab40c5cc3b0246d13

SHA512
ede7ddac5e6431bb825545eeb540288c4c39203eaeda3ad108289bb24c974a778ad964a0c7256dfa97ef3df0cf6ea9cc293ff9fe9bdd0f71c67c664782697e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b2062e580f8b359746a1eb7ae51375c7

SHA1
6f3a2d25aa934d74ee0d114ae57766a8d56d15ef

SHA256
9ef6f71e1a9c159c0eb07cfcd373078acf857c1a3cdbcbdaefd121b019f1ae0c

SHA512
3f006beba72d25176596ec6c005ae091353f32509ec59bf75b6f609f097a80b459576d851af926fbd5aec08735dca46ea98e25ced066c7c67e811997ee4586c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0c6af75266e6c21dd0a2bda8f126edc4

SHA1
e9817ede0abd1e38ad31bbc0a2b47d39bb4944ac

SHA256
5463439f9db7ab8fb072581e521b22428f27a31bae74c21953be02135962ffd2

SHA512
3c1e7b80d438b1d49298e87d5bb3e2ea81b19bf3a257875b6f72a979e32a45adb4729b8ffa1ef88cc676e1dfa96b95a3b5b9cc96cee1bc14b1d844c93edd5c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e7982073776fc1e93d9881d0ae0bd5a9

SHA1
56c0b0c6ef7bf19c46688ea295c138e216709a07

SHA256
88cf9088f11aa8adaed54cc51721bd0f505ee840dc72cc519b16ccee5fc93aba

SHA512
cd595acec90f10cedbb3defc26c35c3173a9940e65b65c782991697a3184234d96afbc9b77ed89cdc3644d31f3c8f3a5b8b7312a3d51244b4b3de28d715efe66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac35f309337ce6fed1a71c1b24efd611

SHA1
c79df68c44c463c0c410b61bf4dc4ae56ee5d55c

SHA256
3827d90c06f5bca0fe22d4053c26e9f79b1549baaf7aa48b92f625692e1ad3b4

SHA512
758bc740ac44a87d23de21cd99e88d7fd6e8841313aa9964c15c2a67869eacc965f5be75cb03ef75bb4667d60ee1acd93da661f1b9cf3f793224cc7280cbb039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dcdebef66567cb981d22eaea6d0caa77

SHA1
a5312d6f2b4210614905226ed1c05d1f4f46449d

SHA256
ff140cdedfa0dd9c63c7f06a32d51da79219b1ee31d37d3aa2433305fe605e86

SHA512
380a696e289b17f18b4537c5785c40fc307e4cde030877a9759390bd6e8f6941801b0d976c96dc69b128840e07ef362611f92c69b18997bd4c17167e03f99f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ba455c882c95034e6c0abd8ccbcf4460

SHA1
ecc4c02e7caf423552cf5ee5997a05b6fa458109

SHA256
15be4873034b31e6e244e45da9528e0079f1a6220de5a579cbb67db6de8da1e0

SHA512
e50e2156ae90764f7e03d19698fa5934dfc7ee0e88ee19f0ef7e06524476f52b2ce823741dd6b796bece55881cf12246d190c368dc3604f2fa9120877c257c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b7452a0dae59efc3895e94c347cf8e0

SHA1
b2319e56bc19260a4a74250c58739d133ad4d0ba

SHA256
42b0b0bf8a549e353232371432bffde742ca6f8efb98c5192cb13ef746af344b

SHA512
55e625d39b0b5d20352c38e5948be75342c56b5179d06dea04b2f2aa0f77283c284d3738e8b7ac4057bd27338d6881a971b2b61487c2eccc3ccad3f19f6eee0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b547d114c1cc514e6313eb29abc852c2

SHA1
1226110c9fbb3a96a1f96243f3bb03cacbaf9a83

SHA256
a23e772ed5a820a59277f1eae032e1b5feafd6a3b65057b3bf0a840825eb6b0e

SHA512
2cb7333a792065a93cd682347735fad5dd1664bbca99cb83e3d3e34598bc1324e39be2bfcc7557072b2d684c336aa3d1a5cc1d3e5aa7fb8c7d5225de139f8535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b25b70344591376dd43a906a78e9c2b

SHA1
e84f700323fc5e793bbda181ce5729e7f77a1421

SHA256
26ce231bf786d6b7becd8b12e024ab528c5f4a23c23854226201c1d02ebc4994

SHA512
0fa68c83e20a0d6f10ee7da7a0e7d78a3d668586465cc4111e714eb41fe5b328cf1c12cd44bffcd5c6c7753faea67eaa0d0a7c6da8618dc768fc0acc0cc5482d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
54083df69fb168ad8157bbb3088a0dbc

SHA1
18dd936f9fd9f677017578768a7e979ead980e31

SHA256
3529b68ace8bf7d3ffba84e0fc42680e9cc8cb9fac8d80c4cf889a1d215b1de0

SHA512
0bcfec45ce677aba2b162539f4410f00f03ba55cd4ce1a52587aa0d4abae7a5721497e566e0cae8e55dc7ac62a59260e5467077956a8c7eef82bb1d6db2732c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
99249bcd5490dd0cc86b802da381e812

SHA1
77f34d8ae0b233ed229dc2100b404ca1809261b3

SHA256
0e8bf3c68f56c5338a3ef48cc5118b298bc966f01751724398e158433013be2f

SHA512
2e479235ee7f76ead10c6592d6eeb9560f2e6c56dc96e714cf446342da37cdaee4c1a656f29976dfc3df38fcb99de2b3eca84ef84f792d3120b6b79a337e9db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1d428d77533ab9c079f99c71c6709fcd

SHA1
e55ba01cc56a04cd9750ca231737313963950db7

SHA256
9872b2b6078ef39a07abe72cfd22f6187379a268298f179329d1aeda447c91fa

SHA512
04469098d87782f883134858d470863987baec1eda0f651d210afa65414bf254567ebaca24dfd01f8f063fb87c06e6d6eef4e5136bd311313f9700b330bc60f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a036c.TMP

Filesize
48B

MD5
2d3a4060b95d6f873622497e5cdc3cdc

SHA1
15dc3aaf621aaf6e897352486d83ac0ce050eabb

SHA256
0fd02251125c9c99cfc9ac86f895671d6430281cc5a54d98c5da35f74051af3b

SHA512
e4da20472632c3958abd4f7f9d3d6598966a155c09d23abee17b7992a4beb7bffc5123a3a365df19a9239f1d10bcf9465782a10600c0f25a58b28ed4b5922aa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
fa11f555a4e90fa0ea0060dce34dbaa0

SHA1
c11eeae0bb0b2ff94795a4068d443d93f2fc045e

SHA256
4d43b78d043e3b2f10ba7b64260558f4c8b2f310a0adcac876a7cb5a0b7afa74

SHA512
c37b92cfea53e1952319ebb7d3e18593bb26d2d95368e3f3176e46c2dea317ad06629759d55ae73c72ededf2cd0d4d397c58c2a2d590ba4f337cb0916464ac7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
1af6ee13e1a8388873dc2fd913259b8d

SHA1
1a1e65988f1ab5fff619cd5668a878fb34318843

SHA256
8ef9903001d10af2c8495abe801ef604b169d4de625b530bc64a1ec32e7c3133

SHA512
ccb8a9148fa232cd2f41ddc37b21fe26b61f22c1abd2b62885f6062df511b3fc7648147718bafc3fdf9a203ba6d599dea4bac5bb27a9dc0c68570ebf59d35b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
dde9a2d5dfddb66e98011f28446e50e2

SHA1
f1d2e217394d7add9c750f4e9ad398eb4051a794

SHA256
451d89f8aef94b46905c99c95b42d2cae04de0f46b9bb136d49c72f1a8c0301a

SHA512
6dbfe37dbe9a8560f8f8f4a9005dbf362de307861b75c0b2b5d4095d80ddb85d06e3b68de20955ca9e3aee9bc05bed729a8b246e69752684da5951c717e02bf8

Download Submit
memory/2384-2-0x00007FFC07BE0000-0x00007FFC086A2000-memory.dmp

Filesize
10.8MB

Download
memory/2384-23-0x000002B7BC1D0000-0x000002B7BC377000-memory.dmp

Filesize
1.7MB

Download
memory/2384-0-0x00007FFC07BE3000-0x00007FFC07BE5000-memory.dmp

Filesize
8KB

Download
memory/2384-5-0x00007FFC07BE3000-0x00007FFC07BE5000-memory.dmp

Filesize
8KB

Download
memory/2384-1-0x000002B7B95D0000-0x000002B7BA4B8000-memory.dmp

Filesize
14.9MB

Download
memory/2384-3-0x000002B7D7AA0000-0x000002B7D7C94000-memory.dmp

Filesize
2.0MB

Download
memory/2384-7-0x00007FFC07BE0000-0x00007FFC086A2000-memory.dmp

Filesize
10.8MB

Download
memory/2384-24-0x000002B7BC1D0000-0x000002B7BC377000-memory.dmp

Filesize
1.7MB

Download
memory/2384-6-0x000002B7BC1D0000-0x000002B7BC377000-memory.dmp

Filesize
1.7MB

Download
memory/2384-4-0x00007FFC07BE0000-0x00007FFC086A2000-memory.dmp

Filesize
10.8MB

Download
memory/2384-21-0x00007FFC07BE0000-0x00007FFC086A2000-memory.dmp

Filesize
10.8MB

Download
memory/2384-25-0x000002B7BC1D0000-0x000002B7BC377000-memory.dmp

Filesize
1.7MB

Download
memory/2592-15-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download
memory/2592-16-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download
memory/2592-17-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download
memory/2592-9-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download
memory/2592-10-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download
memory/2592-20-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download
memory/2592-18-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download
memory/2592-8-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download
memory/2592-19-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download
memory/2592-14-0x00000157DB030000-0x00000157DB031000-memory.dmp

Filesize
4KB

Download