xworm | d326364bd2e12c39ccb4b775a800b1e52111debaf2cfff0d0c020e06de4bf0c1

Analysis

max time kernel
99s
max time network
174s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
06/03/2025, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sadasdasdasdasdas.exe
Size

42KB
MD5

3137c79a207244b4ffd8f47a280d6946
SHA1

3694dd6f44949f6bf681b8a69410118033fe0368
SHA256

d326364bd2e12c39ccb4b775a800b1e52111debaf2cfff0d0c020e06de4bf0c1
SHA512

e9362eeca845a3c7491dcb5824fbe282815cb15d343b9b5e7db8be609ec09dac0962d4536d582c3f845b31b33b7872d3be5e433aba75bbf3856136f2fd941e67
SSDEEP

768:ie2H+qvxFTOGo7ZQumhPMCYWGNthRQJMeZIF+0C9o/HhpjO+hJPbCPt8:J2H+q7TOFShECzGJRiUFu9oZNO+nct8

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

sjCLxqdf2jeq4aWq

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/1156-1-0x0000000000810000-0x0000000000820000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1156	sadasdasdasdasdas.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3008	3004	chrome.exe	32
PID 3004 wrote to memory of 3008	3004	chrome.exe	32
PID 3004 wrote to memory of 3008	3004	chrome.exe	32
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2748	3004	chrome.exe	33
PID 3004 wrote to memory of 2268	3004	chrome.exe	34
PID 3004 wrote to memory of 2268	3004	chrome.exe	34
PID 3004 wrote to memory of 2268	3004	chrome.exe	34
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35
PID 3004 wrote to memory of 1352	3004	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\sadasdasdasdasdas.exe
"C:\Users\Admin\AppData\Local\Temp\sadasdasdasdasdas.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7419758,0x7fef7419768,0x7fef7419778
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2096 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2104 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2760 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:2
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3144 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3364 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3524 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:8
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4012 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2604 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2416 --field-trial-handle=1196,i,9730881171634157401,17180652447315532947,131072 /prefetch:8
  2⤵
  PID:804

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb6df96d1dc8257a4e394633fce1d41f

SHA1
eb352f5061e2cda668846db46ca2cbcd873e2dc8

SHA256
28ab60ec0cadb809cc0b63c7f9952419048d5f837aea9a89dbb2a4192c3579e0

SHA512
18279a441cb715fcc146ec04ddba4cf6a07d7f2cef44512a4b201f07f69f1ea778c7367f007c1730eec03ea3562c4adca8e42c5b9a5dfe631418e79c9ce1171b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
718395c1cd914f86292a30e445d54320

SHA1
292d68e0157826201a32fa7375118366d593e11f

SHA256
d0deab0015e528bf42762eef6a352d551e85f1e16d2ac1112a72b356b87258f0

SHA512
a4db150fbf4dffc13a48bd39f5bcf2abb7d1a81ac51b018c0069c76f031b6a178fdfb3c6f260b5d5e29152c8449345614eabfd37cdaca5ea723fb3ff3a1bbcb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4cf3677364bca80538d5ef73d94fc94

SHA1
3cdff8fe17e8e07222a9dbf751e689c136fa995e

SHA256
a3ae705370be5dae4a9e23b789fcae3514202bf7c2978736fd5cd71bc25cf5c1

SHA512
2ebf1e34ffb8adf74b6cfbc49d8594b8a5b819d58ff857f848a8d3cf3c82fbd4c861622461138876fec72980aad8f048ea2990e77c22ffe5ca7d560abf8e2156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2eec20bf0a053bef071b0da8abd97cec

SHA1
bd5560e1342773064c5d284e465adb34dd0eb5b1

SHA256
e043dd8f2808de116c9876d5224ea564afd7af905a0b495b7f56fb66a8bb0b6a

SHA512
3633c446ef524341676e28d52d2e6796da9a51291b510faedea70d97d87da6250e73f6ecc73186530a336f0d18298b900810504fee36672d0476e9b47f3550aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
05b00e4aae98f52f946d64b127a72fb5

SHA1
8e480557f81842468857ceabd2620fb3f064f04f

SHA256
012231dfa3d120200f012ff1f48c04764c9dd58d89963f490e1fa1cb038afdda

SHA512
5d6be730d7ddf0acb5187e348194c91451001077233914240840a9ce2b1dba1e44022d93ca6b2e06d21ea96629c65070bacaa38e66b790a86ea38cfa63412630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
4b9270e0792f1cfe5051fab024a4e7fa

SHA1
5160529a9689c7070533b6e3f5bf00576f7b07b4

SHA256
f59e07b6b5bfb0328dce2509f5b04f9ded3d2f9ab0b6ca717ab956757f7b0c09

SHA512
0ee6a59eece31342a399fda00ba60163eead93c2a6317c4e56dcdcda4fc90c26697cce5870bcecee1e9e135736a15d2d9b6b97736d29a4850122c85853b2319f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
d88ee69252f4ed03c5b67b4e742ee9d1

SHA1
b59c3f260d4304e736140afd8960b508a2122013

SHA256
3f087c46f4d4f7145a8166244a67266075c7be063207cde49710a388e1dd27f7

SHA512
2a23f7cbc7346b5eb538bf3affd40dd1c464cb51f1ebb03642d2fd50152be306c1d2bfafb11e99a04beef2813da326583404b51b221c2693ffcce9c6838ff5df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
c8fe0ae983586d55d6c208cb86f0c043

SHA1
4e640201806ea7f26baac850091b128a2e2ea689

SHA256
1c236914d485f57ed5b323e9af80f6f3bca774803b44b45597d43b7eca15cd3f

SHA512
1f3c6e07c27f2d7051d5440074150b19f9875844593127591afec9e1530589f6c7349793c2294d0c7326137497e9a34458d4966145af153183816ae8678c708e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
1a77bb2cd5bdc59fff34de5927a0549d

SHA1
6336ffbb26bd4e7ffb179d2e6322a62efd422b2e

SHA256
207ea9f3658a3d55e9357f1053d69ea62a4c5ee9eda5ff430731e769ff0e819c

SHA512
ef46387555036180ffe194569c219d00afd4cd08674e0fec0141e2946afd836017e5f5e7e5c8dc0d29e2bf7ed2a351f68172bd8aff210e71aeadc353c0c5b605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
d74e6fcd7bdb653b4aa0763b3bf0b97a

SHA1
693a54081f9a98d42bbfde1f1f3dbb3545d8b79b

SHA256
53eb0d73d638d47996e13868a65e71b77af95dfdefb9fd18d93fd2b3e09b8585

SHA512
871a69f55b7471dff75d1931d7992c9c801e8fdfad3e1d06ecac5295cba707aa79e83ede45811fd5a49ae2aa7904d7a5dc172e5f61c9f55789d0c3795d15c57c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
99a85f0628a66e96ac941bd521a6d548

SHA1
df8f4332055f76fe4c91a73c0b4a3e3f3da089bf

SHA256
854cb8f69a7d312b5abd0800b2d53494c92a0fda0b59f97aa1480f8594c6669c

SHA512
62010a2a218854821e974d2d42185f37c04b47f86a15e4fed9fa96b310302bd3ca169b11052193491ad9e4863ef2e4899c308b4fd6b467eb79b049bf38c04377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
a2ffaa7b5d6e00ad2096e148a51fbd84

SHA1
541f5d015a7310eb07932605d6a7cc0c208560ec

SHA256
8900917e782908f9681cc83c80365cd71466def9995cb3ccd31a38d77e2fad1d

SHA512
4e88031a84926b79eac6541e315edf92c290e2e764f512363b5e420d2ddbd6d6f0fe731353e2754a161c588706fb0de6210aa3902abc56fc8e7786f24dddd9c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0109b91df54bf30b3ffee165d78b99fb

SHA1
68554752010b97d3dbcab7a150e916b3a45d0421

SHA256
03ebecefdd3c7f4ee1080b54b165fb0990c13b3f5485915a1627c0e9e0c0b4cf

SHA512
1440d5c76458d9a362d08f6b99bcee6a7d68845c6ed859845b210ae67c1598907f232f5614256eb9d8017eb1547fc42856ae3d43a4aa08f43411a582b5b16908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c24b188efab133ef81893635f59e5192

SHA1
61eba0d114783b8110cb6f1551ffb6836ceb381a

SHA256
965064d7076db21703ad7845dd2f441879dc742a67e302f92e01bc2c5e1a534b

SHA512
1338ccb56484b6c148815b882965810fc6b51616e9dac09756ec5035e68cf3abc00643cc69d48d18fef501a4934631bc74db32157cb031be5191e23dd30cad76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b93ae5a8e8706a777bb1d45b852a998

SHA1
383eeaf18add3a1d6db37333c5fca8067c42262a

SHA256
98234885a47ce983190c7706e4ea6c12b74e82253bde1236f303f7376cf5b3ff

SHA512
80c8499cd72255df0853c183ebc028471428e8fe69b16549c5a5c997a84ad43a8458a02ddace52124f094379a09fda708ca814cf3f49af1272207fe5f48bc104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d6480796-718e-4633-b75e-d78eed579e60.tmp

Filesize
6KB

MD5
b8d204951c00acbabd0a222200c787a6

SHA1
dc46352f17966372109d8deaccbb81ed521b3b9c

SHA256
61250725d01db0b26f594f279332b9f8c0cb948b13675279506bf172c31b2d53

SHA512
25737d235418ef1ccc94d88eeb9f97cdb4cde3b2105493a1b38e35a433588173b27787bd02356323dfe95b14e627a47769d97f862089da84bac0c0b86d696245

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7A36.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
memory/1156-0-0x000007FEF57C3000-0x000007FEF57C4000-memory.dmp

Filesize
4KB

Download
memory/1156-4-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download
memory/1156-3-0x000007FEF57C3000-0x000007FEF57C4000-memory.dmp

Filesize
4KB

Download
memory/1156-2-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download
memory/1156-1-0x0000000000810000-0x0000000000820000-memory.dmp

Filesize
64KB

Download