lumma | d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

max time kernel
630s
max time network
632s
platform
windows11-21h2_x64
resource
win11-20250211-en
resource tags

arch:x64arch:x86image:win11-20250211-enlocale:en-usos:windows11-21h2-x64system
submitted
13-02-2025 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://pillowbrocccolipe.shop/api

https://communicationgenerwo.shop/api

https://diskretainvigorousiw.shop/api

https://affordcharmcropwo.shop/api

https://dismissalcylinderhostw.shop/api

https://enthusiasimtitleow.shop/api

https://worryfillvolcawoi.shop/api

https://cleartotalfisherwo.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Downloads MZ/PE file 1 IoCs

flow	pid	Process
41	3008	Process not Found

Executes dropped EXE 4 IoCs

pid	Process
3248	1048011678.exe
5336	Xworm V5.6.exe
2976	1048011678.exe
4732	Xworm V5.6.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1048011678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XwormLoader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1048011678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1004	MicrosoftEdgeUpdate.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133839376595809305"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1008898722-3518013580-3694625758-1000\{44575FBF-12B4-4AC3-82E6-D3CF1A64E27A}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsTerminal_8wekyb3d8bbwe\StartTerminalOnLoginTask	Taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-1008898722-3518013580-3694625758-1000_Classes\Local Settings	cmd.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\XCherv V5.6.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3236	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1080	chrome.exe
1080	chrome.exe
1080	chrome.exe
1080	chrome.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe
5100	Taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 476 wrote to memory of 3236	476	cmd.exe	85
PID 476 wrote to memory of 3236	476	cmd.exe	85
PID 1968 wrote to memory of 3428	1968	chrome.exe	89
PID 1968 wrote to memory of 3428	1968	chrome.exe	89
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1632	1968	chrome.exe	90
PID 1968 wrote to memory of 1124	1968	chrome.exe	91
PID 1968 wrote to memory of 1124	1968	chrome.exe	91
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92
PID 1968 wrote to memory of 2008	1968	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:476
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8853cc40,0x7ffa8853cc4c,0x7ffa8853cc58
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3536,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3292,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4652,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4668,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4684,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4696,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4312 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4508 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4764,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5076,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5164,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5404,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5588,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4896,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3392,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3136,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5908,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=3776 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5948,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5912,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6236,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6412,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6092,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6536,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3296,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5896,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6100,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6884,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7164,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6692 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6692,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7056,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6852,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6192,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6512,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6044,i,10957423070251631875,4223627886810131148,262144 --variations-seed-version=20250211-050107.114000 --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:3608

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4628

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Q0YxRUI5NTAtQzBBQy00REU2LUEwQkUtM0M1OTk3OTIxQTE4fSIgdXNlcmlkPSJ7QUM5RjY2NDEtNDMxQi00OUU5LTg1RUYtNjY1QjY1OTUwQzk1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NUQ1RTA5Q0YtNzFFMC00NDMzLTg0MTUtMjZCNjU4NTcwNjZBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEiIGluc3RhbGxkYXRldGltZT0iMTczOTI5NDgzNCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNzY2NTUyNTM3MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzNjAwNDA2NjAiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004D8
1⤵
PID:3724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5248

C:\Users\Admin\Downloads\XCherv V5.6\XWorm V5.6\XWorm V5.6\XWorm V5.6.exe
"C:\Users\Admin\Downloads\XCherv V5.6\XWorm V5.6\XWorm V5.6\XWorm V5.6.exe"
1⤵
PID:5188
- C:\Users\Admin\AppData\Local\Temp\1048011678.exe
  "C:\Users\Admin\AppData\Local\Temp\1048011678.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3248
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\1048011678.exe"
    3⤵
    PID:1664
- C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
  "C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe"
  2⤵
  - Executes dropped EXE
  PID:5336

C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5100

C:\Users\Admin\Downloads\XCherv V5.6\XWorm V5.6\XWorm V5.6\XwormLoader.exe
"C:\Users\Admin\Downloads\XCherv V5.6\XWorm V5.6\XWorm V5.6\XwormLoader.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3728

C:\Users\Admin\Downloads\XCherv V5.6\XWorm V5.6\XWorm V5.6\XWorm V5.6.exe
"C:\Users\Admin\Downloads\XCherv V5.6\XWorm V5.6\XWorm V5.6\XWorm V5.6.exe"
1⤵
PID:4276
- C:\Users\Admin\AppData\Local\Temp\1048011678.exe
  "C:\Users\Admin\AppData\Local\Temp\1048011678.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2976
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\1048011678.exe"
    3⤵
    PID:5808
- C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe
  "C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe"
  2⤵
  - Executes dropped EXE
  PID:4732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
84fae77848b4c12de6d8737116bf71d8

SHA1
d7bc07c8096c9f8929c16d4def712382152bd442

SHA256
34cef13a6a2f27c5dac437835ac77ffc7fe858817cf4966ca724d91c16e6fd50

SHA512
d62094c487c5d6121b280b0640361590c0ddb18ed056f8e4f58dc922f1a62149f5429c03f81f285107f4e746c568cab850802d6c5e931947133af775b367841e

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3cc8de65-0ba9-44c9-aa82-ca9746d31bbc.tmp

Filesize
11KB

MD5
5dfcb480e259f14b79ef2a57add4b0d1

SHA1
1a340ab64d2512f15909d91f83e7b15b010ccdf4

SHA256
e9b600f656df469687af74a180e987591868efbf8a3e6ca5ff0851179125aa52

SHA512
5597c88232de60074c02f009faaa1ded50d75debbc92301a0f8850fd3ab2d6574fed73e997dde1a2d90819292c42b28253779e2dc79c2d4e2c94b14f71f58373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
51KB

MD5
e80219fe70efd22c4676356778c3c217

SHA1
04700dce6ea54b07261076c58ae4fd506a723bc1

SHA256
6a4cb2f4dc859372974bd69a337c8c2d216f9c2c6b4484c6b17a9589225f5e48

SHA512
ab66b6324a73ca8d05a86427bae615d3c5c753835bf5bfce19deca6853a5fd7ae387e20e2acc03909e66a05ae453037a1e0acf9dcdbcc73b63c31b0d8ae42da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
47KB

MD5
dd844aea29541b4a5e9072f8a7864f8a

SHA1
2f49d5cae99d892ac86760b4027b848264bc890b

SHA256
1790e0b4767a084f84d08d1fe4c90e167226fe7038c6af7b8de66feb8d998a0f

SHA512
84a59ab1a5e014714c89b194a9df46c7abeebecf6bc8fb940666fc96cc222353ce889ea63a16632e36f608e1eedfcbd41b02c8fd2e7578fda6b3825f6157e4bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
141KB

MD5
d36d812aed57452c94c31b651341f086

SHA1
b1d76bdea1892fad32e792b3ff1298d379eba161

SHA256
7df72cfe952bc2b7e2c68e1b8e5a776108d69606ffe5aa5404052d357378d1bb

SHA512
21e27032a1ff10c44ca3cd9daf704b3f644664361d2fe1b90d0708380f25c3776265c1f0da6b7fe155aec236726ac5a93ea09258a850000bcc228b3554a8f630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
133KB

MD5
1c9e706f5da6bd9be836b900c66d12c8

SHA1
9c498941cecc36557647c127c5abd25b0a7c01ed

SHA256
3e93dfd66dee9c8fd7a89777f41c6ac2b958237795067f6d6e6401f4fa1150a7

SHA512
dc4aec40fc885698a3fe9d614c6e7b71e726a7ebd8c6124e04ef215424c1337b037eb55972711ab47e5a2e167449241945ced5412a409d396e03adcb43e5628f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
43KB

MD5
7e9c723898e68f25672f9ea976d1c72e

SHA1
29ceb6a0c4bcb238fd2fb8ad28eabe530bc0d79d

SHA256
46692e1cd06479eb930196c7270c69f3d1ed6b7a3b87d1a1de27b95c0f4d63c7

SHA512
6152d260e6380d0e5a98647ba52020239ea1c7276dd4efadeb15de72648607b5ecc982db41f777ef49398f7bb21fd5970eb63e2aaf34576b623753e8a86ab8a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
42KB

MD5
a9fc03b78ff614af8694118068548cde

SHA1
5dc31145691876dc3f64e829c2b5e66f89b4c4ce

SHA256
275dce50dd0f99660feda18a4bd220848e1f313f648a755fb906378482a57cff

SHA512
d2305169fec7771375bc4aa6459118dd3c027b0fc616c6c6a0a3d8d126dac61cc59b6746f28387f59e944283773b9fb4f28d8a3fe899e50c3a8da4092bf863f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b0

Filesize
215KB

MD5
0e9976cf5978c4cad671b37d68b935ef

SHA1
9f38e9786fbab41e6f34c2dcc041462eb11eccbc

SHA256
5e8e21f87c0a104d48abc589812e6f4e48655cabe4356cda9e3c1ceee0acaa4e

SHA512
2faa6fff6b47e20fd307a206827dc7ff4892fce8b55b59b53d3e45b7dcf5fd34cebc4776b63da5aa4d0e0408344bd4602d26d09e7a456dd286e93b768cbfaa51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
fc7539eb6c8e563db9de27e434201596

SHA1
f74bebb8fe180faddb1d1a235ab0f798f56f1633

SHA256
50f853e75ba13d927408769fc7f26beabf1c2ee5cf9f9d7b8e1071429ab6bc3d

SHA512
5b00bfa5e91b4ddcf4ec35de73abf3b107eaca2cd01a70d496dee78dc23bb419e8ec0fe580b1c4d7a4341d081ff0946be4ddea56b6fe6c84e92ee046190b2590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e28bbf93aeab4748482dcbf595abdb04

SHA1
376c77e1c25e1d057aa4f5a0f23c3159bdf63c09

SHA256
06d0eb7874bfffb8a776271a53f2a2788a1c5162939004e680b2bfe7eee2ca52

SHA512
edc9b1cebb740da761a20cafa93815f098e73b1efbde37a5ff6fb2747403265fcac09d5925c301923424d81c7f089bd9185a6db1931ea3f24926444de9567e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
f5ed0df3d92107ec0e01533d6596e818

SHA1
e4b98ef222709f9dd5eff0b5783a4f20c160943d

SHA256
f95ff1458c4cdec4104b3a755dec8f99a529394e64e6d0a62fad3d00f634959b

SHA512
bf03c6f5f9e75ce632e7340da7c41d2e0a02c1acff61e1c6418c07c53dbceb61de8c65c838420249c8bdd42c57298afe8fd1a66469dedc2ac539572d3496ad3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
398a4f38b90e13b5defac2ffd5acd8da

SHA1
7945eb0ddf8a3198e15bf7af9e2c7568ad6f6698

SHA256
8236c6b96ad18b42ef04a0bfb9f453e6ba616cb256a9f5dcc47baaff820a8c95

SHA512
a88a5df3043c0d0afe2dde769787bf2edb435a41212774900278f35c094595c87efbe07125d50b47d63a64fc8938531b4e197429c1ef590d96dc31d93775af87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
803acbad24fed71cee7915c944d3ea49

SHA1
68032ed97fac886ff8eace788cc7ffd1d2de9d4f

SHA256
794276aa175973a67fb6753483a1393278a965c252c406974530660e2fcad7e9

SHA512
f5812346f7093ae42d72e3026c4dcbb6e5b71d4e6817892805ed5daae2fbf72ddc1f1feb0432d1463a484d719fcd7952a9fb647ef7fb7802fa61b7d9ceb77be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe5e9bff.TMP

Filesize
335B

MD5
b2e3f11455bb845143e8f6ca105df92f

SHA1
96274c403c66d84bac0fef44b154b2b3957d8904

SHA256
1d3682d1ac1969cd83245f89958337bedaa4a27e51eec47ee2c8fd1e0b8a5814

SHA512
fa18195305179b0644190f10d6b80d6e22dea6dba7ffa5838a34870c6e7e39d8c5ec2f0fec6fbbdba814fb374928ac922f6241ea5d0bf43bf63068fa30b119d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1f9e5836-7c84-4b2b-a744-93c3f8d00d9f.tmp

Filesize
1KB

MD5
794f434e639a109250028fe8fc7dfe13

SHA1
596726d606436bb5a4f268d79c772784ab12db98

SHA256
0fb78436d571f49440e74b572fcb9c058b8a10c9a2fccea83a298da2f2599509

SHA512
1c8da9d39b4f68241af0b593a979d6bc53593623a343209c4d885ba772f28da6d88177260c08510e83a7208afe7c05b2ccb2b3f076a7883ae43c4c1d65e2bb65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1e9fb409f17dda72a7bac739e22063b7

SHA1
d6a0013669e6a26d7d2f0f0e594df3483a85547b

SHA256
110b51d0404dc609c600312731c774f826a4602489c8ef659ca8be3820cb7489

SHA512
34aa0d0552f24a091cad50a2938b537420d93d9a5befd05e0b7d0d20c4b70549e286fa93e123fea86ce6a9985112e4174b5a6993f603d9b80ed303bf5e62cea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9a950e3dc1f2a7b9c39c8efc52ff1d7d

SHA1
3bc1254937c99b6a5c4b00500b7546203a27d854

SHA256
70bd21c30252562235563431bf9160f11f780b499acfd7285298f87f81bd2f45

SHA512
e3e883b6d6943a3cea0ded3a644ad19fa47281b74112cde5caf26fb9b306dd761015e66045d5dbbd3fcae9e5d360dc277ab58c2e73c37a181a7ae04c1e652eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
0c2b0c5dc36a77ec33d9dc2fa87f0e9d

SHA1
c9054f445def238e6d2cedd04d6e200dac86b3ee

SHA256
3622d956c27e49c8d24b822ddf443581bf55d9e99475bfe2f02f948c50637f0c

SHA512
24a5dde0567d03b8344429ca755ee47309a8c1c935d6ce631991cb3faa17a97637c534a69d80482a525f81e28a38334b9c8749eb89c4829bc8dab6f71b7f8b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
f97dca447ea448e7eb316aaacd803b4d

SHA1
f2310b16bf90c053dccd9d7a8699b9f9c7b1280f

SHA256
2be9985011a32711105a7e9c4d6df18f84b032a57e81e26d00e9dd058c6a2ccb

SHA512
c30d3899d7a5d115fa75f6ec74141d491464388f8b6eacb27626cd098c6a44ed371103aef0f497f3607c2c1a64674747967e079379ea20d28bc64a826147eb16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
a388dfb2c9b87025e9f038f41338ec53

SHA1
d5a30fc430f127662bee00d9f8405d180e0fc065

SHA256
2e9fb6df04aec867d308f9bfe2905d84c952822ab3cdac06c087769e9e8c8de9

SHA512
8e6a152c69d593fd180190d9a3caaae0f2ceb30aa1376dd8bab0f5eb2c07b8e05d7786a47cf20a63ecbc1b8e1cd08b6d293917b0b4fa8080fe00697472a831a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
9f3a4bbff98aa854d5c42a89df72667d

SHA1
9979a012364260d77b8d0d23acb782357392aa56

SHA256
a61bc11298d913a502baf0f32101857670088863ec2d7912233962ab3c2a9e5a

SHA512
36246b79dfb48c71ff2b2a724b70b48113a31605e9ad5145fab5b884a64209f670518e81dac4cdc61dd6862d624aa3b60c00052f14ba1f5c8fb40972b32d12a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
52a22ec06f168c1baef0b12a2bc517ff

SHA1
e71021cd705f5fffa249b6ec559b416e3597654f

SHA256
cbb959ea5420109872888b1383ab3dec57b3aa7903232c11b798b1dab8542d7d

SHA512
9ecf9a81b5ebc44950bffeac50752277001bfc41dffd164b391a9c4e887bf55ccb79b1c94c6d042ad7ced4a196c06bbfd0f9aaccb39ed12e2c96b50e5141dfb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8a171df36384b0c93d9ab592a85773b9

SHA1
9c9c7644a9315c9795d5b06f75b3656576349185

SHA256
36375408c52a124e7e76eb326e9ede6356a64d6918047c85719ce77ec0710f16

SHA512
614cb9a95bd96fc6460324529bbb79afc289315308abb3f47c841cf156c20d0ecfb85d4a3a0223c5a2af664b6fc9f74a6fe68d3089083381d6378f96d9528164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23ad5513608f615da4c65da8fedba1f9

SHA1
cdb4f1b380542d5393b1032ec1727d978232e2be

SHA256
55f9e6bf8b24d993b0b1e8572099ef01768cc9067d4d2a3d1417eafeddf5b1c1

SHA512
c56559e8e71a861e161f490558d1cdf5827b3770eda6ec01b57988e199ada53b7812f698280fe35c9d7349ef71b8f3fe05254c380e78e7df935ad580b6c25ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a704ecf8b517a6e22d504a11a7dc8b2

SHA1
5dc648ce7f479439077f4534db901e4b0ece8698

SHA256
f2bc736c8b7f154a5f8ef6baa00096451810a9d9f7a9934f8f39f74eb782a6f8

SHA512
8114219b96d6bbaf9869f13b1ebba2700e61cdbf0bf0402ee8e9ffd89ac01e4159f0a2baccb5562a2acf168a3c62f7a879788fca93dec40b0bf60651b4bda66b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
443d9abd88d82d6330ca0f57e700dd7e

SHA1
2bc77f2ed75950149caf9987b001ff017576f025

SHA256
181286b0af34d793efbfff0edd8dc9ae78d60f497bfec9142964d152430018b9

SHA512
cd9237c648360c6f735a42b0ee5f5d5d2168800d3a4d8162be12830d86063e09072f1e293fe9b90663ea9f89930f68304063eb578260f1bc5b2e9969a83ff940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dcb4deb1449b319c65b4fe7091c2008e

SHA1
a22cd9939f625b95cb4e28ffd2ae1ce1ae08d62f

SHA256
4bd7edbc18cade8494b68b5a9e35021c87a4be11d0bccc1ff0e4c7911513f4e3

SHA512
677a7daad1aa74a92029326c884ca9636636a47b86c9bd3916000de2e246000140fcff77c2adfe65c8b7c560164235210c06c261a5eeaba1543850f58c840a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db0e24a9099c37392a4c51c083829a6a

SHA1
fb702b8f6bf1426c2f1ba1331b54c8042d2bfd71

SHA256
1ab1ecd67b27147090597605569c52aff19c1b5706b1a049489f0cc95e96bd09

SHA512
6f7f748f422088e7b49856660789da434b212d443f91b77d7d8ca2263c0811b055f14067a95daaa2489424f0b772dfb31328cacad36c7809e2b0bc5e33d7a5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9f5d4cfc368aeffd7ec14522c81db5c8

SHA1
1f585d7c19f2c9e9032b3eb294fcfbd9ccc14fbe

SHA256
5409ec77c8f1d0da948bfcdcf651089333a690c2326c33398e3ab691b81e4b1d

SHA512
46a52991d5f9ca12bb89f3678d304626b72bfe79a3e543fe7aea7351fb8da9b398551883945b7331438602af103da0e173e746089b60c96a93cdcd1d50d06052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a202bd99873cbb0355d31ce156318bfc

SHA1
bb62a391bd3c32d69f9690d1b0ee2ceb1d51fc56

SHA256
5fa7ac27b35998435119a5b37b378aea6d97cba5a1d565c55102d27af24f8ec3

SHA512
ada4fe1d4d88a771bf83690abf7e81c41e8c8ea2aff88acd5171ee7ead282def0405681efcb797d6469c2dce34d3f3d46def62a666d18e1220f4239d5f570fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5496cf8a599ee8f7e1eadad3e902d932

SHA1
f0d5762101b04e121f536857e2169c554a24f1ba

SHA256
8dc37a006c12c94e463c4e28a3e5caf81c661b71b473a08e8c989b96f48e8ebd

SHA512
68ee866a7906fe7df050e54b6b1ae62a8a822b6255f286128d0f016b038e21d6a41cb898e75823a35362aaf084c751d4720a062570d3c1f66eaf09a55fa529a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d93a7b1e9b40ac7f3d5a811046451768

SHA1
a03569a18ab4f015f7d6832e86605a518352f57e

SHA256
acc6cfb7230979988247a2c9647f071024f94e5b5658f0ad44bc0512be66f2d2

SHA512
4fc9f152fb0d51047fad07731d9f8bd1231092228d8829f0761953d03bbbd6388130283a2cd88c53ae696a1b25ad5a972bfd629a8f7ae6a2f0df296edea1a20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3f3e7ae0f2a404886be95778e4e7280b

SHA1
20816835d88fb5459ae830794c92df83daa4f502

SHA256
212acb770b3240386fbddc2f7c4f27b3b4c01e5ec51a765443de7376a04d33e6

SHA512
49c956f8fade53c698f09ba65a1696515444724c294ac06d5365980aa65c59652a7169bede4fab1e68eb902f25bb1b6516cf578a2a5cacc54346e2835077dbf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f71f328d96106b377fa1be147facb1a8

SHA1
b178faec4d86963bba64c3c594bef283b0528c22

SHA256
0ce65fa7e8a46598134bc8bc0dad5e5a7404cb57b9ef1ace636539424f276de8

SHA512
0edd62df73b474cc492c273c8013267ae753339ac028259a8822a0f40a0341dc85633330d83bab08c6546bb703d468d107cd45936dd61b553b60ac1b0d2cbd7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
6354ebdb2bb0ce3474f458102c19acde

SHA1
90320b2d6d43bae6ab06f040dc6dedbf41318439

SHA256
d52a5b264ae82e6e058f82e4c3b6811f79b212923ede43919e0caf68cf1d75c1

SHA512
9a994609e6de918e9151420827f4f0441c9480624435cd987292b96fa1d6221244ab957b8f5cd74fa6d93696a4e27ee716ba949a491dd4caacc02d2b49f36ad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c831b9ea12d259d972f8723385b46ba

SHA1
fdf35ef35ded66efd378b558b3f1ab472db6d113

SHA256
f51e70a8e9bf1987bde4155baef81500b9bc6069c9fec10c606e43b342e685a3

SHA512
bcb791bad2c28470454ed6dd7eae8713b7b59cdca09e150ee41e663852361e2e8d29b76faed40368f4d151d917f1fe7545925adef17a9e2f469f11b42eee0658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b9d0670c3bfc545840d728ad41c62e78

SHA1
efcaeab55b34a934813db0032544e1870715422c

SHA256
0a9b5a7a4ef13e770136dfe00bbdb1d7207f6c9830e64c59cc247a311419b9ad

SHA512
67b307c3cf8d9afea23329d9750ba4aae9e938dc92f4b34243de948480a0a56d400d2ebe060c281f996ecb0fe7ccf0827a201248a1ba7748c1a7fc176d50cbfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
624d593e8497dc70e5ac9161fa8479e5

SHA1
366094a1987cf8e7aded9cfbcf7206cb857f2d8f

SHA256
a475c5b9898084123ee6b6b4c109730b1944cb504ed68535a6f53a7de6061f04

SHA512
76e96eff267271e91124c26ead909823c0e5a49b33ef42d1ea1cd4d9b57a66f1ee89ebd4ab21acb71c05d93b49237fa445d2e7461541aa2f9de0ca4acbfd8720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
160779e8fd0014842f1c4a3c8b75b408

SHA1
273b6eae010444a5211a8b44a824cb4374bba180

SHA256
12c502612a0b6ca5a870aa03f9527553c35e49dd391409802571d3066bd85ef7

SHA512
3e740be06151f5c89aa67aded89cdac8b23a342aa47649e12a7c0141d37bb0c1b086acb89798f3abc6216082d36c976616029ffd7c33167cbc3979265a27da9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
653cee99adae506c1fefc39ee014d634

SHA1
4cf0cab5638c3541ab02458deed3807a9442bc97

SHA256
95147c8075f5c08fc5fb586db33cc81c83f4638b54967f870bc0dc8b79f93f30

SHA512
5b2134dc2023fdfc982f04ca00d06ce54f68f9b582dc03453cd744b7c75eef6099276624a6b5943b7142b8fcb3e3b0f5cf0a4c3ce898ceafa2ac233145702fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5cd53cce16592ade37dd1e3fd1a947f

SHA1
1b4cbfcf3c71b0265ea8c192801e1bf752340e89

SHA256
fd72bbbf3f609c84897650af4e40a95b51ebd97e9d90ff29dd299aa727bb47c2

SHA512
82f9812bf2aaf6d7de4a1f374b69e0e1028106e69190a41931c62541ea6dce4b008520cf4377106b450152b2c0072f87772df5cadf5c3abca248aee1b606e7d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef2029d7bf0f24ce3adbd9f4c3c995f5

SHA1
56863ca9de82c6e079c19ab22699a9b811341eb7

SHA256
956d0fa6ae77dadcda8e03cc7da8e0d330ceec82270afcee1b4bce3cfbbfdee5

SHA512
fde178c8d72433ea2c1f7abacab6ae89f47ef9bb1561ca51bb67af0b705608ac70059459719ae6c3ddb48d5f95bbd65a6479ad17e2d8afccd49de2fe177199c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
857039a41ded2969213c113559809382

SHA1
ff0102ef716dba17bec8a53a7b191cf92dfd3339

SHA256
2ee7a036592dd3c378db9e8ec1d8a1ab605fc06f8605d6faee2ce6f9ca4522d0

SHA512
0dc3ce35a7e0715bbc73a6ad16a0f50e2a1115bda6f7a8264c926e3427074cfbf8ffda07b1848c24c827bcddb99987ba2454fc4666ceb3ce0585dd008fc845b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d78deeed1ea466334bf7b1fad3e6fdc6

SHA1
c354dd50d491785ce452faf540f38dd8e5ea068e

SHA256
7920ec0a781e3cb5be0fde231f9a7c94b5dafdc2120c8d98075ac207c6e082b4

SHA512
d3518144acdbf3ed21cf164da7cc86437d945f4697b70ab5ea7f83f0664efa787afbb7a51b61348d95b453319a3f02fa9465f46c295a2c8d9d52110ae44d6e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f7f5e89b777f5e5371f128dd5fc57b51

SHA1
2cc0d8d534dccc4374c457a30ed79ea9f57e0cef

SHA256
dc8a80fc5e18eafc0d16dacd7ef2a08770b47a35e598ff676334b6e8322e50b1

SHA512
8a599a045f9c12c049fb924ea3b5c74587bf4de670cf4f468c73c6bfcc805ab66a7555d8ed7f3606422dcf131f6a637e63f9a657f4d4dfe0725826ada2361ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
578c209025a7ed657b0a2ca91c7e76a8

SHA1
59ed5be8a4442e0c137fe7b0feda04b9f09dd808

SHA256
cdc18b9f395aa10cc18120894f8cfa0e8bc81a397ab8058ee4e563af61a381a6

SHA512
31196dec00fc785659b372f01172726304e53577722ac9aa732e97e6f64ff5d7f1aabe2c019fc6e0d35aceb951e637894b7112fdfa0814c70af1971a69fe6266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b4daec7b8110d54eb820776b5d767b9f

SHA1
c7ab813b15ba8bf7b34f94bcf840ee1c3e62fd29

SHA256
b685d9298b94b8c7fc7ec6294398e7c9deb1def4a676b064264e640bc73b6239

SHA512
c070307cadcad2810228c96069e0ac43ef843c31f8f28545e818478e3854cc362c12e54419cf67d8c32d8d0469417df7e50237996c8e976ddca01d12a39059b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
60a70e3213799cb0fde36840d3fef1a5

SHA1
52cabfd0e3d78a6a1653322c5f4f2602d471d717

SHA256
22fcb5cdef1aaefb1198fea409b96407ce9976a7885e92ab410d8b31450682b4

SHA512
b397201026e8ccaa885be12f0dfc38b3e7b2845b69336c28c043990e3fd15b3ac2eec64b7c2c2d043b171b66511ef6de5bf3a211858c6c4c4a6d3e2ce404b79f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eba6c7efa13cb37f3b2aa95ec5b15688

SHA1
b8c7ee2c4f6a497ecd5307e0fc8451d49156a866

SHA256
bfa428a6a3b1823076579ddb8387f1c73cd34014ed3d1d40be13cacc92d587d4

SHA512
b785d673b0ee451be769e305c1cf46aa0a6af61fe2edad0e392fd472cdb1060938cdb25bd094fb133469d2df75bf4c4687b1669e56f032e90780ca5f40c83d10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
115dbacca6c39942310bb3f81c22cb4e

SHA1
0f9380732287a3fae2152fa58aeccebbb1fa3be3

SHA256
97d0908d615732d4110985033c65da04b9118570f3425a797d6ba529d10042df

SHA512
ef1537bb19decf6fa82111ef1eb68464c681e5092979e2d10dbddbc3f4b5ddb9331aaaccd549f3d1e1b9994286a26046c6797cd7922e8c970abebfee6adcba86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
518b38942a716715c88bedf71dd3ae06

SHA1
aa497a1f4c5f0969337aaafbeeee5b057db7484a

SHA256
6337236fcb8dcb0252a78e9c8a178c27d9305a2a06828be9d871cdb8b6da58a5

SHA512
fb704bcb8681ec40853b8ce81e0e58bf31d01d5a09f81768be1cf9a1ea9d606ff82ea348801ff045cf50b32671c03a8c8c9e6db9b10e080544ad8f3c7faa8fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
325b9caac0cea5bec66313fcf0fd4b83

SHA1
5cbb2c2b79718c41b988e8d5ea801580cd2330a3

SHA256
f4a7e20a0a9b59c5c1ad62b41ec6f825603b010ac31a281cc257415330020d89

SHA512
7d932369b832798d07a575699b48cd12ccb0e5d1a312deb049abc7c5652f07bc50775e8edb110d440acdd7ed8975f2691841d61a8545dfb7c158f199fa5b6e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc4996569d8216ba9f6a149bb1768c58

SHA1
b9f710153fc64af8575b627d660f7d2e8af9a4cd

SHA256
542d602f3fbeb59dce02ac589070118db8d6e2550fa5279b267b5fb6a48bd785

SHA512
38a9348f51f970d50e7aec5be621b68bd3130208357627919762244503e602f4d38b3f39fc87ff39a0042c68310f9393f253fe04578ac19f5b4192dd0f21c438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
60ea903c8cdc749d446cc7a591447421

SHA1
4caf253ad75575b7840c4152027f336492061ea3

SHA256
3e57c910d6b9ec73324d85ec166688bc705debc9f96d765be9096353697a2363

SHA512
ff64f1fc8546097d495d65b8be7a04d7a61d0a6adbee06e614a813eeb200268592432fde3541480cc3aed806d08ab2c69434538540b9d33307e450e0c5eb0a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3589d8ca7964cd4c651eee661182eb7e

SHA1
645d0a719577ce090f815783b43da29910328475

SHA256
5edf4ada62685a4159928a7baa6f8339d79e0c31bbd2aff33211659e3819e6ce

SHA512
015c39a79f587b1ac49db131efa18b5ce510e11202fb5c1642b31b1b8bbd5e7794bbfebcaed8bde13f7ebb27911b6ca0f3c3edae6d8e18a8e675c8f75e0b63fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0c7fd7c300cb9693356daef68423740f

SHA1
70441ec656600a5f4c6cbfc31f6e893000d992b8

SHA256
116cdaaad4c5c5529487fe70f8717a8eda72133cd3310a263b5681893886bcfa

SHA512
2b8a7c4daa9c9f1c521d5d9cb985f0f5ad3a79b749e9bd9b22a8cb44d6e48c0618d67375ec8e04c136bbb245070c9e8ff58e57dbccca9fb60764bd544bfcbd56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5db31b4a448da8a94564ee2ca0883daf

SHA1
c8118fe1c529ea03c3b8e78f290c651fdd4e2d57

SHA256
4c1ba1779836a91502b7e05c844530bc8476e94d40df54283cc026450e6ef1cf

SHA512
2fdd54e5ce86fb5157c3911a523c00deddca04c2f4daa402013ae38976b0e4c65f9bc94ad4147f69c6e72ce591da3451edf5237b045fb9124f0d23fa6974d73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0433437101524ae870f117d0775629f8

SHA1
cf46488143593ed3a687d33007f08cbc2f8d40ba

SHA256
73d7c1859af58cb22186fa4016d015fd693f56b9eeb0fcc6ed354036030cbe81

SHA512
cc1df769ec1f59c2b5e44692f2fb3ce0faaf74345f6da7d8206c9b957e1168c83306383fc45861c50e57ec93d89321e42af3ccdb19cac34b77f715e9a4a6ce6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52c1d1c6da4ffb3931d147f5c142dd0a

SHA1
92b994f2ac98cc6c9a1b37a156af96d70c93bd4f

SHA256
4ffb7a678a6abcab0863c8489d851a42cc67e0029d80ca2f1df481ae7ad8ebb0

SHA512
b98621c558591f58f47b9dc27c059f058b7642444c6408bf488384ce5f67b606cce774d9a0909b4dd26ad91b8de0cec4622e497600d488f076da90255603b575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
08af8c9a7783f77414e8691b5b8b8921

SHA1
a4ce3f582779415f3be31e64532de8e09e769ba0

SHA256
bab3662783f46919314351a6eb2e5f1133bbbdd824315ce67499096f69fe00d7

SHA512
f2bb24e2a442e542dd848ef77b936778436761a36a34e0608504a2918f5e04f3bd7999cf37e497efee6e0d3561705d539d10fbb407ff32aad61aecb4f04b81d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5d7786016697c9c004ee48e9ae632ace

SHA1
08b57f392b53c9b541783f1a2ed47327b431370e

SHA256
e36b430378ce41e06f1368aabc800fe06c48cbcd71b798d1133bca40f2f02c51

SHA512
9720fb3436873a8e9aba6c5f182936715c6c3bf9a55bdfa8c2638fbe40c67450c45236da411d21af40ef59e6b2ae65027df66c479329bf0e6cd902c5d9eaf597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
58e28f899a2e138da530876c153429c8

SHA1
363bf4fa7dac8134b0c1cfa47103de6783c42b58

SHA256
477ea5637fe2de5784001d96a334619ded44b88b2e642c85551d9693493ed355

SHA512
5964eb2c60fa2b08421f21819eb09eca41f11a31d47166428a3d61f27b200dbe33d5398dfb532af92192891433fb91947edfc3000c62a8bfaf3f0a5710c665f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
52fd79dea122d0fd5c2c896b68adad97

SHA1
af3fc39ff4a1e55b2584726cb811441e523a9778

SHA256
08012f128a0e35931be58ca2ee913802dc5b505d1072720ea50e262a4b38de50

SHA512
b9d2eb42d1ac0422992e050034377eee42f38efb3cc85ccfa5b92a11d5cc96fc6e3744ba502c8209b51d9145f869304375751cc57f08b67dcbf9782794668df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d3358ff02d1a0cfbcc072b96178c6e33

SHA1
ddccb42b5e901f26616a406d52119c53149b784c

SHA256
c4a83dc0a76766686bf0f8ba3a4b7cfc9d0b758dead3a6443651f081e54acab0

SHA512
35fe73a7e10886ef3229e3c612d5a789d1b5d97f73d20064a2b6584026afb647564c3734c645ebdb3c5df4b9b9d3f078fea91d55069b05a8ae8b7f9576335bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2c80796f2a938fdb6a23bb95e7d64ed4

SHA1
22653985b4ebfa9f95a329e4e6bd006eb071cf10

SHA256
d7812dafedbf2b4d265fbeb57c3d02090018e1c49fbed11a463a4d2011931682

SHA512
6f37211fae2e97130b064a4122d6687f8b8c9ecf43666a10bc4d9a2083fd9f88588c4747629e78ac28d62c59880bf07b89e2ab52a1060c8ac2b85e86e330144f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d5bec2c5d52ae90720a0a7320ea5b5e7

SHA1
cc118d2b7ba6132d208a423b4690bccaebfc4141

SHA256
4018e291f321fbd94f5f05573c65865a0c76e501e2f57c857ef4528576dbaed0

SHA512
42d68ea2e0f017ae68a22a540fe95d663c879e9246972d6d59f3d0fdb30990a912f9225c5ddf38a8716d3a3b1df4ddc2bc989e2561f0fad83b4940cd51ba7202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
311b7f9dad7b446f650350d25ac844fb

SHA1
7701b3931bf7b20eeffa7c38502a5d0f154ebcc5

SHA256
191b3a05a2d91a2040aec3a47dd6c79828b2a83d07713dc9efb416b5cfa10ac0

SHA512
a82be16432c136bbddb92258bf426ab55a32b1890ee76f88d247b94c624a2b80a9e3bf136e47ddd1059a094f138d76f5145c9cfee1d9bfb467c10b40b09c5f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
49da02314152f8e23dc5e5e77ec75001

SHA1
15158de501d2b937cb03394442f12da183ae8d10

SHA256
d7148f77567df12733d73094df84afdb322aab8f25838cbeb375cb0e98e4f846

SHA512
6ce69f66489cd5b2788ee4a34b17e595e469918dade49446d331219e26751ee448d76c25804ccaec8d4666384580a73e08a4672e17a1225a11174a455925a4b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
32c97ce8e754bb687af017aa62755cc7

SHA1
1507dc621d6c4938f5a252839ca8d8b4c6f6ebcb

SHA256
5c2788ad2bb17338eae260da0071e71feb4cd096ef3d4d579cf73dc9a93f2e61

SHA512
effc57d828ee0a77fec6eda6e6af4baa74c6bb3092edacc58d798b4307321e68dbe938c56ade93063194f24b920d9b8368f3ef09176c821f98d07f9ea541d19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
11cfee1129d0c1a5dce7f2a053fa52b4

SHA1
a2fa618b0b9973ce9509ce0377e9d25944416453

SHA256
16eee0b2a716ec60fb6ed1162214b93047a5b090d9dc0c12e15889a00fdb2528

SHA512
cdc412258396f707769c9c2e548d25fd486133dcfba29c8fb0191128b2bf7f5a8d9de11b6418ba3d8c6883bef302a9505db574a6887c61e89906e58757e2e9ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0f79fd2663cb660ba3ea85c9ea983d84

SHA1
4a038ab24ee2815d3973c45a3f4e5bd7e05abcda

SHA256
bab4fea0fbc9fcdc41a97934cb0bd09db313948a9e3b1a833a076e15ae1a94c9

SHA512
08a756f7e4a8c26095bb0f59a61824d453645bd352d7de1b46865ca9c96cd284435acd0d52079790081d2a88b014f593f38130dc3f7dedcdd5049902773f72cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cde20c1ee38a0940b7d0b61ccc31629b

SHA1
fa06564d086536bd6e6ce2dd307824a0f8fac842

SHA256
35c70c9abc0fa7f498c67d1db5a0eaaa0b242b19b4ab94699586106a6ef9c9c4

SHA512
8d97c6812f75126f84ee64591f1405fb1b3234b60f67a9a594c07a52e3d36c3c3c4856deb756ac53771fe236833b1fb871d454496a983fb2d39c217103822d12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
093fdaab48e86ad6fe6cc1290f2891d8

SHA1
ea945d73684621a58972fcec3fdce768534259a4

SHA256
8cf32d407f82d17b77a5686a67988d222c13fc6839a152484087a167ba9abb6e

SHA512
8dade9988caaba9f6c4410b46f5954db445e1da468596d9a866a3097b121db3430db3026b2cd2b34a95b0cd406098f30222154f3f37f8882bca3fe2edfae83ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a759943988fcd43ad94902380dc6c0fa

SHA1
7fc4589d4a1681fc6dcf9d7a1fbb63d9a4b17a22

SHA256
c348e7af84b723dea5b2727476d98eb082b0773f90fde63318ffa18323e2997d

SHA512
63c419c18a3fde4c4792fe947cc2d4d1a6e7ebf66a64c269fb7c96aedac294e234411712e6f9bc7bf34c8bc2f64c17007c605ced7bacdeed73b4d947f4ed1fd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
530c02bda45ab87b6c88104f82504529

SHA1
56c0cfeeaa2559d2189549e988c4528998b943f0

SHA256
aab1e4011226cf7b280947c14c7039c22728c8125d064e5a8ea15ad40ef687a6

SHA512
5d2d6893f91ec1bd6ff9cc4b4aca11f12452152634bf9da09a6a03b5afad3861e7330e3954a7df32e89b02f2bb5e5c4807a384537e597ce6ee9d9a013d40b92e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
17c7c58bcfb8f0c00ec03ea9cc2150dc

SHA1
98fd8232b4999b1e57d4181cf188f5be480c6f3b

SHA256
fda8b1d26eef5a2071152dfb95e83fe09e70d5b4e0d183453df40c53048ddbf3

SHA512
73f9a3bc4e237b976a68e9aac95d311cb9c274f0dead10d051d83efc77f2eae710bef08b63f8add038d973bd714006e637c5cf0b210172070eb744e377f16a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9f5416aa-c308-499b-9be1-7f24964bc118\index-dir\the-real-index

Filesize
2KB

MD5
271d9186ca1a6dcba4716858a7b6a29e

SHA1
5de70d8e44919820bbb4972e4a29a5bea6c2ac1f

SHA256
68a6a71b33663032a9a94abca5fca08e71581c4c3e5e23de17207585209fb3af

SHA512
b6743f125db3ac22093092261c799ce3a75572711052edfca14142e9feb302529127c4a6664dd3728d9a761e790c30a9d73b35f5590f0eea92155d683d4686cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9f5416aa-c308-499b-9be1-7f24964bc118\index-dir\the-real-index~RFe5bfeb0.TMP

Filesize
48B

MD5
535d68bff38b9ac1204edcd388433a7f

SHA1
307e2f646b2f44c7637c8a19b7960de0071ef54c

SHA256
38ee48217ceae7abdf0636a8f43c27299b84db36245a44ee5c661d43c2820933

SHA512
722e257527c050563b7c6a68ee9f264bdf115bb03875c6b21718a403754055fb28be44351a0ae9c330692bf47beea9f3187c3c17103f9074019a65a9e7163a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
a2bc90ad8cae937a39b2bf4ae2641360

SHA1
7bcc069f3d3824d1961b3da55232b125bbdb1e05

SHA256
00d69279122b24f7275dd0af2d36dadff3e6d492b412adb965fa90f790b748bf

SHA512
6464a5712059b505ca7b5b9532e75d84facc84b0a6bdf00c424bd5b9f18221db832ab9c9c77d6303332c2b10da06aad026251a27ccfd89b66e3b835048a02564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
598258f21f1cd895e4dcf550b7e877e5

SHA1
de5e6e63ae312cd2ef8f04691a7a4d438f436a9f

SHA256
80d7bb4c03940a29dfa5ff276bbce3f0dd0a63edb22a340df2f18715675bbfcb

SHA512
a51a2f165999478fa7cac5414e35f39e3c47d44d5a06ea5b2b83124e1e1988996cec2c9b8067b6bd9fd4399714dcbddde6f62588fe0a888766fa3f664612f845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
38582d1541e969c2c3c38e08ef42e1f8

SHA1
e97b53efa14330b3542177732b89281a09ded634

SHA256
771fb1410a81772788f63df35b8e1de86d611959cadf5915bc2e8b3c1520c8e3

SHA512
9a7f6007876bec22a189b6e93a6d104e4e488ddfb06849dc66bf10315712e244a0e26752624954e126a29908a25e3d45541417e218371df392aebe1ed15c0054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b54a4.TMP

Filesize
119B

MD5
b53e5b820ca2700cb23818f964659fd8

SHA1
f9382a82b29d5b4111ae10153df2648fc7ee7816

SHA256
748538531038150ceef505d46274386958a6edcb386173255527e9ceee91e762

SHA512
ffcf58e9cf24b4defea4a8079f313762819ee934606dce5cc3de285fbe83db5592d5861e6909692ec8b5d81e4dad59dbd3b6ffa8e21c1cd4329e0448f0536b65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2bf8ee72d308869541af2714476c4446

SHA1
082f2b9104f3d2d18bc76c75899208b297e4ecac

SHA256
4799c649b5e09e25d4a5e421c26fcb24951e5b184dfaf256268d47c3b8d715ae

SHA512
77e5bacbed0e0e9c6beb41cac3db54c3965ea2819c3c929bcb890f63f39ec0c1c91b5459f5592de0be1f9e20034355b24692102ee6ea9fea6fb9f94887291e43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
019651879f5ba99b5628eff1304994df

SHA1
998be3a7cadc1a53d1c46fe3ef1ddc4bded17351

SHA256
df9eec2b20e9c303d8b98dbda05a92761bb3403b19863a1a7e14dd965353a8ae

SHA512
c08208f6df7a67c0c0961d3779ee1b4c5159c791058a9074a2dd9c46d9edac71886066a648a0068ef5049375ea05725c88fe980ceddbac86e43c726e8994a8ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
bc3d320b631e826a71759fe03f705a36

SHA1
e5925ef388f01b78de16fa89ba919c746d07c4ad

SHA256
366ca2cf1eb81e1ac1db525cfdd4c826266039bc0eb0b3160c2db105f0116951

SHA512
4a999cf7711bb0f62248d2af793a1697e979e40f9478a0cb3aaae002011fb9aa32c0841e82ee96edb192065a04899140ced31f2aceb5f2682503b9d85f70d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0f2e256-aee0-4435-810f-8e4eb694c0da.tmp

Filesize
11KB

MD5
81c0c14b489ca946fdeaa5197a4d91dd

SHA1
daf24086bf7da0ef0e80715640a782dfcadc7953

SHA256
69dc6ef5a8a9de4b39fb1f4ebed3cc72d0d8669ce3494a7fb412e313c3a40f61

SHA512
503f0e3211eb077c6b5816ae0e632fe72c3ba164fc7f4417012868fac462e364fde582d979a631b4a6fda792c6543e53ccfa6857edf1b1dc3affff67c9fcd5a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
4c50b525da6eb567d11b9905952ed31d

SHA1
564b25cfc66eb5a7d15ced10ffc9c53337fd7bdb

SHA256
2f24f09843dc9e787c2ae1a0a91a50be271cf09bf78b0765ad20509f83ecb5e5

SHA512
dbc7bdce269e88498777a0a62b3bb47fcd34e28bc92cb4362ac63392852d2238bcd45d7866c331863d106e2e8412bae5d6e0173ce2c7d1015bc22b2b7fa4cd22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
49575fabdf5ed8ddcee454d22dad0ba0

SHA1
f54b6c46a521e41660b52e98b04505bc2813b44a

SHA256
212469049ae7093a2f0f942361935dde5bd892daecab1ee19585db25d180ac6d

SHA512
46863ee06cc8a47c4a1a7343c5c34babe8023d2e55632b642787d0c72c6b50c7e97afe4c89de4163f51f67ea9dc330ed4ee5ce96e7d8eefa91b13dbfbec5a6c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
d45605bd4f31f2b331a5b1abbe035f70

SHA1
3bc3e3a39bc3c84653453aeb52ffaef8d5b23b95

SHA256
b40a7d9a4ea963d0241f3b6f76151d57a8fc4133afba463daf799f0b03c38edf

SHA512
495a26fb4a8078ba561a3502e8ec4262ae8fbf10d8c8862b63d4d652ad52ad76034b3c26e70fc2e79143894f0a7d514c962a39920899f701afa80c31d592a172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
1d7c1368a4c8a524664cc1bf71166766

SHA1
bf17687c3098af14a3dd8418d907406952d45397

SHA256
216290ed533bf30a4f3175c22a23ae56aa6c4d9edb5eba4e1f29da11d94009a3

SHA512
c1984273d0618df464a46c213d926702ec023e4b18257d56f13b889afecefdeecef342f500b55cefb644a6b7906b043e43c53dc3f3f5cfdabbca76c51f4fcb10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
e9e5997ba3e654d82e31e096b8e499e2

SHA1
254bfac37e3818043671465c04190228df950b24

SHA256
4d1d04355f59315df7d68278908936acbe742139dea7a5e0f897fd00b4629067

SHA512
73ae25b5deca755bec58a43d534c0def7e4c5889e3fcdc1f2cc207d8bebbb98278661e69fa9993528b2662c9482f2e23a4bc064ad72d448885c580bf395f1455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
21a1be33174c82e52efc8d09815334f8

SHA1
7e82e54337d3b349e2a0dcfe58036d15fb1dede9

SHA256
2bb282537ebb63d4f66dbce9f1f3d544a58faf142ea84b83eb34dc07b8760981

SHA512
b22e2ac47feacc07e9e3c768caf2ffdd2139d02815e9d4f1017bf3d2b937b87893896476089f2216005e966f29fe71af1e09e745f11c6e3eb6f63fd2078901ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
91eef430bb46b27da683e34769589140

SHA1
2eae9965fbc1a4ed01f34b5b8cb1e92e49ec0c7a

SHA256
c461da47ae3d51a48284c312c7a244a2801255671c7608e8f80784b8bd750f03

SHA512
ac5654438c8cdc9a127432d81352ef09193ed7b02e9f925fb71d2b3ddfc89b3c8bfc144278e6dae66b03e2e955d033f05ec9fe0c0a1bd0ea0e31fdf3f0b78076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Xworm V5.6.exe.log

Filesize
654B

MD5
2cbbb74b7da1f720b48ed31085cbd5b8

SHA1
79caa9a3ea8abe1b9c4326c3633da64a5f724964

SHA256
e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3

SHA512
ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\1048011678.exe

Filesize
68KB

MD5
dcfc4b9f26c995cbfcc70cb0435c9f03

SHA1
1ab06f9b611575bdc2c0fd6bf9dbc47d0c9b1c7b

SHA256
ce4621d2ae5ee28571c8b013d49885eba7861cb2ea86c8afe7d9155c538cacaf

SHA512
8aa01d7b2cc37114cf18be07168c7b29d788ded518a784f79521043986a805b0d7a4095a6773cf09e449131c39fb264b1d6ca0811a19a6609721064595977d13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xworm V5.6.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1008898722-3518013580-3694625758-1000\83aa4cc77f591dfc2374580bbd95f6ba_8a848db9-70a6-4b26-b3c5-072fd404445b

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\XCherv V5.6.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\download_libra.jar

Filesize
31KB

MD5
63e06c31bfb8415e430cb3412c9997b0

SHA1
39aee00052bb5a5403080aeeb2ed1abd08f73c87

SHA256
c96945bc821eefa15a2e6bb27b58f05eed5635e21d079e5b27973551854142ce

SHA512
349d9e11da9abc541f53bf755f78eae5a8c8d048e99bf0716032ac0e9896eb2c93bfd3228668b47eb01b75c1941c164c9ea9391def0c972b7365a471662720cd

Download Submit
memory/1664-1704-0x000001A898610000-0x000001A898611000-memory.dmp

Filesize
4KB

Download
memory/1664-1735-0x000001A898610000-0x000001A898611000-memory.dmp

Filesize
4KB

Download
memory/2976-1842-0x0000000000F40000-0x0000000000F5F000-memory.dmp

Filesize
124KB

Download
memory/3248-1679-0x00000000002F0000-0x000000000030F000-memory.dmp

Filesize
124KB

Download
memory/3728-1822-0x0000000000350000-0x000000000039B000-memory.dmp

Filesize
300KB

Download
memory/3728-1809-0x0000000000350000-0x000000000039B000-memory.dmp

Filesize
300KB

Download
memory/5100-1771-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5100-1772-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5100-1780-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5100-1781-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5100-1778-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5100-1782-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5100-1777-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5100-1779-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5100-1783-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5100-1773-0x000001F375900000-0x000001F375901000-memory.dmp

Filesize
4KB

Download
memory/5188-1670-0x0000000000E40000-0x00000000015F0000-memory.dmp

Filesize
7.7MB

Download
memory/5336-1703-0x000002012D6E0000-0x000002012E5C8000-memory.dmp

Filesize
14.9MB

Download
memory/5808-1865-0x000002627CA90000-0x000002627CA91000-memory.dmp

Filesize
4KB

Download
memory/5808-1892-0x000002627CA90000-0x000002627CA91000-memory.dmp

Filesize
4KB

Download
memory/5808-1895-0x000002627CA90000-0x000002627CA91000-memory.dmp

Filesize
4KB

Download