xworm | 26653dd95cf0c35f757494fee76478a0532331e6271c323ebd2ee10d99c2804d

Analysis

max time kernel
900s
max time network
889s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2025, 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wad.exe
Size

140KB
MD5

c99f3f8298b973b58d216288fefccc0a
SHA1

ca849ae90f4df0f7951a1fa6943fe526c4cdbe9c
SHA256

26653dd95cf0c35f757494fee76478a0532331e6271c323ebd2ee10d99c2804d
SHA512

edae505b9f591061df6ef16041551c07fca169f058a781ec103e0acb9589df7f93d0200a064549cd0b003becbbdd417155e438c6fe36e7f3a3f3c7740be4bbd7
SSDEEP

768:JkIFS2U1zigDKNgAWMLxOchH5Ft93vO+hmNFiD621sIwEk4w00wm:u6SoeIVhZFt93vO+INYWEC

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

Au6cWZUCNAOIflwB

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/1768-1-0x0000000000480000-0x00000000004A8000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857412986963356"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1768	wad.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1768	wad.exe
2032	chrome.exe
2032	chrome.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe
1768	wad.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1768	wad.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1768	wad.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1768	wad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1060	2032	chrome.exe	112
PID 2032 wrote to memory of 1060	2032	chrome.exe	112
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 3204	2032	chrome.exe	113
PID 2032 wrote to memory of 2052	2032	chrome.exe	114
PID 2032 wrote to memory of 2052	2032	chrome.exe	114
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115
PID 2032 wrote to memory of 3100	2032	chrome.exe	115

C:\Users\Admin\AppData\Local\Temp\wad.exe
"C:\Users\Admin\AppData\Local\Temp\wad.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff995a7cc40,0x7ff995a7cc4c,0x7ff995a7cc58
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1380,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3368,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3824,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3576,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5412,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5320,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5472,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5612,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5672 /prefetch:2
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5920,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4452,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5884,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4788,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5816,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5972,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4440,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4904,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5664,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5980,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5516,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5804,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=1260,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6104,i,14452722963092268150,8383931008854819977,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xe0,0x104,0x7ff995a7cc40,0x7ff995a7cc4c,0x7ff995a7cc58
  2⤵
  PID:4060

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ca4b11b02bfb5fc8793517891b8b97a5

SHA1
b11fa1674ec78c9411c643de1fd7781a1b8894bf

SHA256
f6d815cf1e9d1d31b99cd34656ea29b649957cc984aa944d48e6a1a6f0eeb043

SHA512
c4ed69bbf2e06f3789d421eeca472f5e9380224b3e21fe2f43018f223a863952d043157237ae33ad8f0ec433b10a551fd7b4ca0bb50192286a68b27c9e86dcec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\431ef4e9-f758-41e8-a871-a79782f85661.tmp

Filesize
9KB

MD5
3a2f1795634463c06e76cdd657ecc0b5

SHA1
8754d2cbb6ae09cfa0fc4e88740381f33578ed8b

SHA256
c711f7fae0b00ec5377a7fc72855d58c31895ea86bc99af7a6b8296931c0cc68

SHA512
77f47159a4bda36cdf19957303eb1fd1855bf2b56a82d316770079717ad9b9225dbdee66e2f99b4f86842b73a8be99c2c42e7bde2b97f8605d04aa3034e42ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\574e95e4-03c8-45ce-b116-d3fc0a8fc4a9.tmp

Filesize
9KB

MD5
24d1991cc2a21b0f2fe5b10eb60b730d

SHA1
d35eb29866c36a60cb37152d75166a520ebe9e1f

SHA256
98b4a130e9f2e2c50d8fe79b6aa46e6d9017052eeb1200f1ec547b04410c28b7

SHA512
affcec62ddfafbf0c4a8e522b34cd806ee701ca56adb6d03d8746fa794381eaa667b9b44d7dcad087b4b3eeb163b6bbaeae78540355888ce50573ee043d1937f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5ac92961-628d-4750-893c-ecc3ca452207.tmp

Filesize
9KB

MD5
3c1d3525beed5ed6cf6ce1a294e7dd0c

SHA1
8a22485b9500fbce4bffaf5b9b72b52831ab1873

SHA256
c401c279b8302d0bf24976999fc0db87ce11d3e8f1da59b5bab09bf7d813c0e8

SHA512
e5db7cd4f0936b9c099e9e362b6f41dd63546e51e3af9ea9ab9b3fc84002d18fd1f3d5bfe01277f5daa65575f5a4215f87f57d4d08086bf8504b672a8ccfaeae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f16e372d37bcb8e19a769a651a8d189f

SHA1
8170a8f77dea8a01060a9b927ea4c046ace72583

SHA256
04439ef8c33dac49fa250fa9a289e2a45e40716f12456645ea0e4c06e198774e

SHA512
353fc35b94fcd68397e6e8a6e16ab5ed83469df26445754e0c3d8cb577c1548ef506a392ad9a9dd09fa4ff11ed129b335bed018a81f33e19ca58542ab5a0cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
06b965b9362a75293f7a4331fc15d625

SHA1
dd5766c0a760e62b2bcbcee396a8d1d6b58e8ea2

SHA256
6b18e615d6ad79ea9647d6211715264bb6d787626819fb02ec8a8f5f842c92cb

SHA512
1fc86303da5379dc61d467f5ae4d0dd6bf3d69e096c1dd7e0f1d1a345b94d8b195e56d68c8a09ff0e54ae63b9bd7c02ff17e43dcac6b7b9a1527007e7bf5f67f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6a46a40dcbc272484afcdd4941cc0b07

SHA1
d1b9841a843b2612ec8c98146d31fe2098e177df

SHA256
d7eb935fd4e7ffda958ffffafb00e23c61c813fdd0c16c5d612015d7e6017590

SHA512
354623eef1d06f2d3e8f1842a95999f3689d1e74bd5283d1a50e90e522687d5aaddae9b3c299ba374b95542c5524bee967a158ca9572c9f36990f7b392d53438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d79dbc971840298d1e99d28bd2c76952

SHA1
f53d9de13445b61d08d11e56d28b59a8924e9e91

SHA256
6bccf6414647e85c1062fb547d44059d137a52dd614a3c9ed163d3ff1ac4cda0

SHA512
e6ee567f91918dd8a8e3cec15e78952c1ab6acb7b5ba319e947cc8b0dbdd6a6a90fdef508d378c152c277d074635f0986e1c44557c76e2c837766fef5196400e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e670b051bebe1d911f8952dbf0e23080

SHA1
4f1679f1c5fe1b972204471d29e06c514c0765a8

SHA256
c28b7c86f641e5bcc7e479247d68f4c56fb7eed5e9e4fb82dd2a34e4f62d6a8e

SHA512
89d3a0d19d825e05b7debab47274d1ec218e9cef66fbb110b87c1bded921d5c54e745b000e949e59e53ecfbc6e9c8e09b563e2b9ce6bee07b3468b52a976e054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
947c04ac89b376ca2ed6c162d0121e30

SHA1
bf216f4553dc9208b79b01b96db930a5183c46dc

SHA256
2bfc7daa197a1f22380ce36b2b5243ff89b4c55e9eebfd47112feb662c617883

SHA512
06d46aa206821fdf7fd17bf998fa52ab202def8d3a15c8af8513d50cc8c959a868091e8703de33c4f57b6d7db4fa788f82fbd7e200a9ff8706e09fcf47101693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
503d5ed05ff895908a24d94e90127f8a

SHA1
91833098a5c90b793e4081217d221fd613a253c2

SHA256
4e841b450c3b55f40893cf52c9d3322ac3d05c0bb047139f767fb02bff252674

SHA512
eba8f90cfced7e97425205ce7c15f110d05a1836f5316285c3bf97f2b48254dbfb37e69702707f151202bbb851852434a71c099075de7d5568291c29fa706ed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d492c501770240da3243fdec2bfe9cb5

SHA1
71ade1e89b07cac9d687df808415e88a34625592

SHA256
d259b7305603635ee1efcae1a61eb62d9c106e7b9c16d5b96b5e0fe134e455bf

SHA512
e3c066a92cd15fcdf07334ed4f173dfbea3f59c3e8b1b7759e77781cd2568a44af022a0167f68064a6ce7469e4747a36bab268202b5c4155ea6f5b149465a9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9962f7862ef0cdcbedf9eea55c5a3029

SHA1
3f901c17aefd6dc8bf6f83ed0eaec2cc86cb139a

SHA256
2e029ba4ab146a22f8aacfa75d43ec279d21f33a82ce53d80f41c4434071c59a

SHA512
1abefb5b403742103340190f745a6660ac475219045d350566b6dc2bd046f591f370622658e91273a0beedc54ad69282db9ec2b25d0e2190a01adb5d1f0ecd87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a49eb017782890d94b33edacd7d2922

SHA1
c733ee44b1824ecf8ee6f2dde10f1a5462688ffb

SHA256
d0c3ee13f0271d744d9b4c33aa6f935ec58511ecda6ce45b9cde59f68f872a87

SHA512
309c1ff1f1384c2a1b6320d2371fb43e706f20b6bb58fc32096d3e94b4ff701a7fe9b509b49bb3f350289676f3fe121b01dbdb53720b7d5434ee73f7b1e51f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1349cc53bbc624cf09822c1c7cb2895c

SHA1
83f2c7bc8c7b2c9f4507f78244541a3a1c3c1c05

SHA256
118857fa9098933080fad45ec8a1ab1147a108922aec01e8e52ba2ce2315dab3

SHA512
a0729ac0dda1def3edc5f8029790bb403626a38a357bba7b28fec93e8ac34700e5aafd1fa87f2109727c113c8eb221a444d38b0785127ca045520bedb00562c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66bcef7c4f1df5722a3c154afb602fad

SHA1
8bb2066417eded8e351d491d0bf3c96a42af5e3b

SHA256
57be2d0bfcdca86ce685e412a818be355ca058c1b7218e15c6902190707e9dd4

SHA512
f942712466c6dcc1ccebd7f8452019405d41e4fac2eb1358400f0574a47ae297bd2a777249fc000df29e64d997cfe7566ad875b3ca347c7e730c017b0db0cfb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e83dcc572a6327b704f9fcf15180c8ea

SHA1
fbfb490f864019f259e1df5dbc9c64bf234231bd

SHA256
02d46c890fa70e6c186f3cc279aba1f7180d58f7b7436078c68483cdd9d7037d

SHA512
14dc19aed0a8c81693bb6bddfdd5db6413e9422f31505d962edaf5b6ed44587dd552768045d374fee4855e979dbc0d0305ed9e5d42b20c1d6ea15a277b82eb87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ee5238000857ee218915d0b22027f1d

SHA1
59d457b25deb2eb73ef213dc0b156400dafc6e58

SHA256
ec7f379806056666093fa28885142a0eac969e22352ed7534b1ad198d3bf035b

SHA512
fe9909f099cc8175b00c522bba4ef69ad3a557cf15a89449cada6126283c686929e4a7acd623150952d2902535d7d3521b936501ffe4ee05140e9d5887f6c3cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51e1e3e4a4111663cb967223da99dc4e

SHA1
7103cc82834a0608f24e5669605dca9151a418dd

SHA256
d9292e687e786b1a0f2122c7a65988d95bff5b7dd9c0cb51009df269c4aa821b

SHA512
0316271746f3cf5b09b27f17a555f7d043298072f527dec092972928d249bf5a68be15947367578b3e33b3953364efd943fa6e200591815a12edb54309e6eae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
33d3625a75281c7553bd8790d9183439

SHA1
f84455b41cad37a6d4246f34a17dcd7b0fed985b

SHA256
80b43184a5c74a4bad8ceecd256c7cc321f78a24f797ddead44f79b3e483beef

SHA512
e27407a7cc73b14eb607006b101a9643887cb04e195ec1b6610ff4cf40b72c41edbf52ef77da3dcd3a845f99f2f10a59e220bf683bf21403da3949a51b174e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a0c91fed936a6aaa1600baadabf3351

SHA1
f55b04f67e2e8d61924727511d0bb172f62f2c73

SHA256
c67f1e517dee5fe3bcabb2006833e427d4bfe5c6a0f05719cf3756454e8e2aca

SHA512
4cdcb9e9f10bc57a2d8c9f5559128e2089faa2648be0afa6e0a265869b847ccd6cf8f5f64b6eefb1d5371bf34fbbf7eac23d462642248d250aa5e7fdeffc3ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b35b3fdd79c426ce8afede7e80547747

SHA1
46eba14754177194d217f611cce452f39e987ce7

SHA256
2de2e15543992aa2b49f35375e98fdf99115148e816c978212787caa3c2f0390

SHA512
1571c51f28fbfa80326457e69cbfa45e40889f871a3f03a5fa21a825dd923f1a217282b3a1cfc7aea8f3ccfc1f770bbadb7af97de949f897b882bdf462303fd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a0b95f1557e5bbfcce9af3942798667

SHA1
d30102dae437041dccec5c6b24de84e6f1ad0b17

SHA256
a3e2101a74af1b5d1beeeb949daa5ce31f6d4f96139cdb66f30ae3748140b5e0

SHA512
2cb1cd7dea1080c2bcd018e6b54fea9b9f131ab82156a0b8c7ce82d3fd3150c07c2846a1ce5894a2f5b67d01900ee27a7e1c76b1a491d28d07a8fae1e8b7bade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bfc90454393826d8f2f835b92b188894

SHA1
ee2b1e64f3b56ea592fd3455cf1a68d41af4158f

SHA256
765f4ff212c2453cbbb269b8556732774c0e42d8d2be42c96a50d2a2ece6cad2

SHA512
25b8dd6bca614b039d1824868fa83fd36c9c082d97e409fbdde9fce80e8d4d5a255ea53dffa3d305d76813c8e7f12bb76a0dda51ad61a36191c92c30a3a10332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54f8a6c0954ee67d29ff259a66ecb820

SHA1
61f6d7b02662d02612e0adda23195840f023b07f

SHA256
57180620be2096ccb73f5c0d38e8292e6e837f109e4c10d6bf1c69e62045dbfb

SHA512
8b40901a93db93b9750c79d11f47bfc4abb0819b6d994e7feb71d9b70342281572952f36a5125d09c833effdb851105d31d8a97e4abca94559023b38e0bc556f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18e5e0c3495141e38c7182018f6c3ed3

SHA1
ea9263c9159e28ba4bdff3af643385ba5aa91579

SHA256
c0f5737a64e027fc29f53d17cee5bbcd97e2c63e1e684ee6ca41371c21bb199d

SHA512
29611b9b0608aa0c5d6e79587f43b4ea535e4c932af346e10dd24920ca2b1be5882174c21847428a549322f1427f026ace91284a7a57457a8de40460e08ddad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afd6a663526af7c5323bb874ed204236

SHA1
227172ee2fd495d5ea923de4da2380d00fa63e04

SHA256
84287d6322a0d5d26c8facbeb7b79eeecd9180bf6cd10848ad94fe9fdfd4dd3b

SHA512
afcd362839ae35a983d473037890623d1c073e3fb0e941c06d39a0c53d596df4c20f67435442d9bc87c7df2e1b10e34740d7fe6814071aff68ab43b3adaedf18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
755219d3ed36ae1c66036197ff9f01b1

SHA1
444de0e2730c853e572ebc6585f9dc2aaa233dfb

SHA256
07ff1d8c7bca97e4131005015ea701cc2ef79fa424ffc2994aaa8395430b2999

SHA512
73664e763ba847391e6833cf9f1af437a29f0061960993c11024ad262bbf852ec156b6dfcbf1524df2be22232423506711317a368ebedcb3b97f18f560c41506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e2e3b5dab84b56e8c455e0f710453013

SHA1
a31d11c5539d86924edf02adb495b4a89b671012

SHA256
1c573c5a7d1dd155e49db500f3e79871c1f5155c075cb8f5c694b9b7d20908bd

SHA512
7ea6d60d0aa89486bdffb921bfb1fa083cc5dacdff90bcea254fda242f1ded00091c84358b084ee5316c94d30d8439e6462a1374ec34f9cd4d3de0b49d377c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1754c46335b283e0d2b9dfff93fbd1a2

SHA1
6a829ad9240688ac8f4eb77be64dc08c4a626f9e

SHA256
bb351ccd59adfc689f5bcfdc795608e12a272b4e26aa7bce10bdc85794c70341

SHA512
4112ca231e708210981fb0e95e7f7f1d6133b5ff868529bc27e4201e9f6d97d31a4ddfb7ea9dbc6d6bfc84ce76c4d977abe43048ea5751a983109a8a920a1732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d087e581ef4627774ecc920cc25181c

SHA1
4fb9401fb0ec49b2cd9b0d870805bb8db1ba9bcb

SHA256
2c9e7f3f995641638d6f06a10c55af1a8b299265e22b8c50c71a3d6da332000b

SHA512
79d3397e0967da574301f602b245e1a9e0a023c9d22185be5b962386df19432e2f46756b32c2651f399a80320d857af81a34f9e04056a03fa859ee01a816296e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a69371d2648d5032056e41dd7bce3bca

SHA1
92f07fcac7cda2142603777d6a23eda623fade6a

SHA256
d926ae329a3154edc5ae6e387dc7251bce7d0c4d19b22d70967758b71845aa87

SHA512
0e9a95ff6e0e825c2547ce53c6abe71cf457203e36337807609ba7229c950e159e958cc56cb3bbf162a02eedcf20e41fc106083a35006a948a821d340f4495ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa54aad0de5db8a0c18281ac80755f0d

SHA1
9b87c290354c04634216583389c3f886423d347b

SHA256
058c34096f4ecfbe44451b2a59ad51245ff25173f6768d6d5e8c96646ffe12f4

SHA512
517904229358415e89b9b9f044b228d5231738d445d8fd9c5ad1b471a0dfeff61915e59dfa085693555463191f8071e909c2c07c178bd9e2933422dca74701b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d13bcec9c177c997163b63791ff58f08

SHA1
63d8dba511e196d1029c8be71e26a2409f63332f

SHA256
cda9c3755f5561ed655d0bdabc8fcfec07434b55e768798926b50754272a765e

SHA512
1a99b2953db0231c0d9ec56468d2fa8d3d615fd9c404d73a8e82653ce509a6f9f75ac54a60cb3dd9b3ba9599c00eca3af3aef0373c493a2fb9dcf03081beee67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83cb75824f46d8fa28cdc4c04bb7f197

SHA1
79299c63d3ee4f41f2315d27a6cccc60d58de4b2

SHA256
48dbb44138b27b197450eca7466abe17a8d3d518f9ed28ad5606291a125d66ab

SHA512
0eb8c7030e45201ffff0fae0782ecdad66a97477654b2b7f822fcee7b1b3030a1461784dde59feb14923e90a344f6225b9b480e6727fe5b8958c3559128e508d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9c28d629d9fd086a5787552b04255be

SHA1
2e82dfe79de850e8769911d601ad35962e4a273e

SHA256
e46956f86f6b63e5b70aa48b442680f3fe758f68b5b6d4a2980ceb4aca91b393

SHA512
b67ee671604966b51e25843683935de943270111e2a823d423857c61530ff017ad989a494a6d3e119b2ac6a6832cc2bd2c0d4ad038d51b3e723c7afc9e392766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77e2ec1526d4bc6e8490a1090e15a470

SHA1
6b85746a4e118375bbe274f8fda757c1c496b73c

SHA256
8bc83c53c7fb0fcec198a0e9d0d841d4f9c8632de54bfe495bde26363a91e1f4

SHA512
3d9dbd32966d32bf68419d3f84fb60d5709a73de42e1b50ca2516b713af4b9f37568140731482cb4071987ffbdcad33d6e08e0b228fbf52094fa8fe34c7df5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a094a0d22c301b6ed6d1865b4b580e57

SHA1
3c0100b27af4662e3e2aec81a19794b9fed01f1c

SHA256
a4ea846d748679f996e0928a6ada5aeb334d6a6f1d4b3cc0c42e6622098b1839

SHA512
94b1f209b81aa08f274a82809fa1fc3e75afd2780e83c6e32cb3bbda01cacd4b41182f9ab72ce2c80d955389ed34f2e7495c6f7482ab74ad75e9a049a69b3f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9604dcc1e9a94f16fa220fcf7c486f1e

SHA1
f057d3238028c59d87142cae95afbad1e1b83f51

SHA256
eba4a4e2c5152c58d2a87ad68eb6a51716821001c34b190a8106cb61a13bdef0

SHA512
c92bc44107cfcf593c979fa57ce69c27f6454c54bc8c690a35ce9e909a663b3024f153bd76c5985aa79324e950f7af8536e110bf708b7d7f54999b1bf1584b19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b9385847ecebea87fb77580d6b75922a

SHA1
a831787833c307d9d63d8624ffdc08dcc53bbf1a

SHA256
114bd92a9df2314784754fc422a5f32d37b3a87e2c6e51c99d85fd546d1f5900

SHA512
1eb004ff2b6d8a6d61bee5e515f00a0b170f949b6d9e853a3b7f4b1fcf80add5731343514b016d9bff4de58e780d52e515c48f093d76eff4d966ee66d135921f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
672104901b319ada6981c9308deb2892

SHA1
8f9b9aab53ac32517c18253458f9103eebd55546

SHA256
2af7e278ede6321b83350662e2fbc432b2b7d1507be2bbbd1f3ad7b4974ca4de

SHA512
7081901947f777687efce43d77ca9e0eb68c6921e43fad42ffe6921e528e8f5b319231419ef73fe090e25d7ea7d2a1a75a1ad6d730897f18ec2ba3b427637121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3323d9f58b59bd3298f1da39ce618a1

SHA1
5e526cdbd889f43ca9879d5151222dd4094ac1b6

SHA256
e4b3b9885822cd43fde970ecc184baf626a291a8b761ebbe407f6eadeec137da

SHA512
3db423b8d39441ac4e7ff313c3d9cbbc68ce0787ecf14db93b9e1acb3c808484fb647a5f2ece93dba0eb1a5208c8c0faaa802d5dca456594e12a0c253a4c549d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71e5d535782075407947f427bfc8c288

SHA1
b2610f6efa8df9b2d22e72e6a396a265e24a8dea

SHA256
b419aaca566809de44f9db9d77a36a8d4a497f1cda52ce9cb53e90a02dcd118f

SHA512
818c311b675dd25f09183ea7ebbd65d11eb8f585a2287e894f9b3430d013b4c6b6773dd64464c67a55ae6c2ab0fe7250bc92ad499845420e4945b32d2116fb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6786196c48bcd5a79922092a01f6aed2

SHA1
a24fcde69d78cd9958f9bb6d8976b643281b571e

SHA256
dd969ffb9dae51acfea9c3c924bbc6a42beb3faea51afc8fe35fabf663170216

SHA512
01202ea29856d34b1e4c8ca82faedaf527d5f6b9b08fa3ebc1ae1a334f3719073000c6be524e51c9a4eaa178e94ea494a404633b746278928b46bf13adcd1818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
661735c1bfb36ca64a38a1039c1f0bfe

SHA1
831676999ec990a2b152e24cab3d43ab0bd2b973

SHA256
c04598bf64e8f76460aac90062913370a85f8c98120a68289c326cd6c98b5173

SHA512
91eb9fee12b4a1b7b91fe49ed30b088e440a015aafa74c9144679caa871d893c4eb0b12376e4a4f23bb36d4fb8cf923c585b9371c2aa2553743b24d5131b463d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71a2622a367fa49efd32102d833b46f1

SHA1
4bf91f522402485ac148657f7466bc73363fbb95

SHA256
620981bf7b8974aa579734d1f65ffc6ad08aeec590dc90b58ef9c7a6f607ce33

SHA512
1514f9d2630a2862977f63ea06db42dd6ce69d3a19e58bbd437bfded3b7e4af6893862d25ce16274a6d5b897f97c79b609af7415add760faed61c87564e18be9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00655f9a560e953f94acfb37b0f7e40d

SHA1
00d8b7b2a2f186c6958a0b9b1acf34f173d2f04c

SHA256
a1027be84cb40187bd9d31d26112220b7ddd89fea512b57c0ddf66b85d4ee4d6

SHA512
5fdf7aeed7e655a6c9ed6914881eea6cb167632bef862ff4dfbee32af9030ce07590783b2d6f11759dbd0709f311a125cb1b1b216eaae4cc39e78df7e370c335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b9cf9487ecf0ee4b5f88c1b35a2c6fa1

SHA1
a4d58adead2f957bcf1bd8ba99d5e291d32ca570

SHA256
b2c9cc3da309158dee3a36f0bdd824b39fbc7f1ffbc04c579a3b5b19c1348fcc

SHA512
8d59dcd40f91fa2f358caeedc9c6f2b2de1e7c58ff5cf03c0c3d377cbedf3a5864d7c0cdebe171cb3ce4cc5481bc6e14013a4a2aa92d31d989676805c5e2e5a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a4e92c11edfd3a6ff0218a32759b469

SHA1
c43e50dea3bd3fea5bb866516f2de9594a628bcb

SHA256
dc9678f3a3d4c6fcb80f47cc1110845a31f3cb098bcd27558b817a680a2035e9

SHA512
e331ebe5279bafbd11b4c44ddb56fb2b116c1af1816ca57367bf0aa6c1f5c2133c2bb32ca831d78d29e22068bd496c26ec182f88630ccdd682be3a88495688de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f128eed2762648de4a8efa7fa588ec3

SHA1
f84dbb48b3350648edc7a130665ddac3306ac449

SHA256
026e491569c74f6c404aa59bfa5a2897f27493ef7ba46ccd7755c4c281483190

SHA512
8766cc62e75c8be1e272e62ca26d33c69c167b1e31b1001fcfb732d853ca248ceb54039bd91ed03649a0a3094243e30045011ecff2464b0ac0d229d85c50bdf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f629d1d3b4e551d65e374a4eefe7a889

SHA1
2cd420435a8fd33811cb919e7b4d4dcb3708c4e8

SHA256
62ed3270c322cb757901369548c26af716bd260ef02694499f136169164e2c23

SHA512
541fd26d006783366d494c213bd025c37e3157a0aa26b0c6b7d3a974b97414c2c18e06c9ddaebb7f0d76119a3a49182cd40a3b81230a43631e1ea1940ca57038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
68a9ac77ac34c504aa23b3d81b338bb2

SHA1
f6f95d45103b74fc727b3cd8d91a44a9cf7e230a

SHA256
6a8498065f85914bb3567ee9ad9e69767869cff3a283b166d490e041b0c4d101

SHA512
5e1b81bba741fcb8c7436cf232e429000b62cad8df274082d15c06b47f217535a25ba9e628583210b7dfcf4ef5f9eefc516fd6e507d4cae1998b6078a4e8c75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3413566f9f5eae25bad22f5fcf39e509

SHA1
6991e64012c7bdb0fbc0a04785b4cae07618086a

SHA256
eddd11b54af832d19cc895162e76a923c14d823fc1d8e446b506fa566c7c281d

SHA512
4d568e272ca6ff70f22add5af32d7e58099137988ac3b4857588479e951f3ebc696a46c24872fb9f5dd616a19be588bc4e09a07b30d3f9ef49300313841640e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
db9af0fb8c5b5317b5581ac877f4cbe5

SHA1
64d7669c2b0b8b7cdf909596e989a9d236955802

SHA256
0d27e9a7a41d2fad5daa6c58606bbacb98e1acee74a8e56a5c67b1bed4fc99cd

SHA512
0a7b0dc0d5beb0bd5a7318b41153b201fd617cb1dd0878a0601e263abeb23f9f5a352f031b08e1803c5c4f03a85dd604650e609168292537e16d132cb7cca164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
57b9ce3d41491702269d7c34f279cc7c

SHA1
95f4e28c237060ce1217c8e03a103532f15a7819

SHA256
5a776493ae39c25a71b778d071a8deb799593da34b4404a62f614a2c43273d7f

SHA512
6dd525f04eb21ad12693bcfdf1aabde0b0bd15a07639489cf76fa0b0a67ebc7af0862cf9e4ea2e93f27ecd1b4f4a72bceae3ed88275a177bfa1368299f561e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
3d5cadf843c4a4cfe28ba78af1c4146e

SHA1
fe5f8eccd4ef696eb3f3c49481df1b528a1b30f4

SHA256
10b2422b599138d9df9a89cd0e3906ad7f6242fab7d01639bbe31e9aef97668b

SHA512
5ccc676edee74b7dfff3edbc4a7e7bae894e63fb4acc9771213777cf89ba45e3cafd9225baa65734e501e02682d24abe22972a872a1f94cc6fd539c06f6019f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2032_1285975464\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2032_1285975464\e13ad297-ef2e-43ed-9cbb-44895de5b163.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
memory/1768-4-0x00007FF99D400000-0x00007FF99DEC1000-memory.dmp

Filesize
10.8MB

Download
memory/1768-1-0x0000000000480000-0x00000000004A8000-memory.dmp

Filesize
160KB

Download
memory/1768-0-0x00007FF99D403000-0x00007FF99D405000-memory.dmp

Filesize
8KB

Download
memory/1768-3-0x00007FF99D403000-0x00007FF99D405000-memory.dmp

Filesize
8KB

Download
memory/1768-486-0x00007FF99D400000-0x00007FF99DEC1000-memory.dmp

Filesize
10.8MB

Download
memory/1768-2-0x00007FF99D400000-0x00007FF99DEC1000-memory.dmp

Filesize
10.8MB

Download
memory/1768-531-0x00007FF99D400000-0x00007FF99DEC1000-memory.dmp

Filesize
10.8MB

Download