xworm | a6c7ff8cfbc453d6f8e3710c14ded4470729052f4d22d265b619ce4381b9a7ad

Analysis

max time kernel
67s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2025, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XClient.exe
Size

34KB
MD5

3eb4f7c089840079e7f49f0f12a4b4db
SHA1

3058edbbe0e00c891e848c35531e091080b0a0af
SHA256

a6c7ff8cfbc453d6f8e3710c14ded4470729052f4d22d265b619ce4381b9a7ad
SHA512

3dd83fd4e848e16b177a520b7e5f373d19bd87119a2392e31ad5b7585859af6dc46440a6fe7c5b035a0b2fc0406e97aa03d85173b6363a36d677a176e0c27fd2
SSDEEP

768:YHqIHRXYauPNhzIgtoFk9Fy9YWOjhF/Vcq:YhxX9u0gtowFy9YWOjntcq

Score

10^/10

xworm discovery persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

24.243.20.84:5383

Mutex

M0E8QJy5V3fFnsLk

Attributes

Install_directory
%AppData%
install_file
Realtek Audio Driver.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/4584-1-0x0000000000120000-0x000000000012E000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Realtek Audio Driver.lnk	XClient.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Realtek Audio Driver.lnk	XClient.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek Audio Driver = "C:\\Users\\Admin\\AppData\\Roaming\\Realtek Audio Driver.exe"	XClient.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133858577265230516"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	4584	XClient.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 4028	1432	chrome.exe	112
PID 1432 wrote to memory of 4028	1432	chrome.exe	112
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 1504	1432	chrome.exe	113
PID 1432 wrote to memory of 3120	1432	chrome.exe	114
PID 1432 wrote to memory of 3120	1432	chrome.exe	114
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115
PID 1432 wrote to memory of 4648	1432	chrome.exe	115

C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9030dcc40,0x7ff9030dcc4c,0x7ff9030dcc58
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3364,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4640,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4584,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4508,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5092,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5196 /prefetch:2
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5304,i,9277374796103241139,11808855331005119075,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5560

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b1497320a7b1463f60a18bc85859a6f0

SHA1
0c9a9f78d56a2fe5a79d851b3e9644039028cc67

SHA256
c93b1bb2ee37618049f01617ad6116c8276acd5c262c529264f1b382e3430755

SHA512
d8c966208fd5e10ce8e424f7062c5f295e6c167529bb359975d48ba54d60f0b588d7cb5aee0d03422b60913cb031b617c8e78036eaffb04a42821e2a523e3b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
cd04c6eb1d1216f8a1ba222db4ba95d4

SHA1
c80baf9415a7a7e2ac5cef349ee01d34a804a4d1

SHA256
cbf0dcd540a6885c83173ca6de47019d5c33dcdfcfbace39fdb407eca13bf9b6

SHA512
2066ed791f813e770dce2b29f27d52768c10bba1ec4df5813bbae29cec1f0403b90d79d976434171195d72fbf213d66191875b4497670bc01f5e90e2d1309054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
eee04708dabd1e9317e638bbfe5f0583

SHA1
08366c6671341ed3f572583c7a35b16bdc2fc808

SHA256
84ed2e8886d57fceb85b63b4c9b1e9b687d5839c9151cf14a67be92d92d2ae7e

SHA512
f39d9a599751914a9ef58cec2ecafabfddc1890cb7380e74ddb1a8f804e793694a2281c47eb4a87204e9186794cb0c20f8fe5c77308416714f2a6f5eb9cccc0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b000559633fff47508b32d4c1ef4df63

SHA1
17ae7359564378df234e7a626b27df00794957a6

SHA256
82322e7e5635fbbfe2113d013dc861ac5ac63305d659256c60f46e1204291b1e

SHA512
fe43115852600dfab3bb5576582495b5a80c549c26ee664b7fe4ff8486800c92262ca5c4d4e01191e5304c0e49a380eac5c0b5a94248304ccbe431478a4ffdf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d22ada3e7bc1f6fe4caef3948face298

SHA1
2869319966843c4a17d91f3f714262bb22c25a21

SHA256
a501f25a882848f76e5dbdb767cef18a8e5bf8a077b72a58bfdf2a9f050340cd

SHA512
57bd5a22964e788873bcbff6e45dfbc12c6650a1a7daa1e8a9fb255181313f809d71eaa84e5412fe330d9b93536c7b0b214dda35ef5f9a90680f77cfd4f17d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f0292e8c084ee8d357cff7b49615d843

SHA1
1da0615beda5ba6f3c0ac3e87232f4d4a21248f2

SHA256
f2fe544b00eebc43589114751e691f6c90b0df5ba5774839ac98a299e401da51

SHA512
4f205c9bee1310dc2e5baf8b718e25ac385bab833406c78f2a08c8140f7115f7b938ca37bae3618540561a802e2946bc7e0bac941a7070cb57e13725a70700cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b21573d4a2a21b25cd3f7bab52abf32c

SHA1
d0579ed4550e84e42a9a5babf32683e63a1b658e

SHA256
7fc8989e7619d2a6f66fa3fa8a7d9778b92a4a0b93db26a5b6be7a98eb2e75a4

SHA512
82bb1ee1ec469b2b239f966814915ca9b04f110d5ea3e5950c81f0630389f2df311c183eaadb0e50ffd0d07de7d1ee4145f1f70ee0aca7ef1212a69a07afa1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d30966c576bf8fe47064ea98bd89aa10

SHA1
1d809262fb012cf1a5f5a460e4d36d0782d9abfb

SHA256
24ea2d80e7505ae9777df1e1bbb8321f89579e7e0864a8dbd5a52843da0f085f

SHA512
9dcfc5951d04d878d6ba5897b9c4b8ff8d376dc830806df6afe6e23338b7461a6038cfbf9dcd7adf2a84dad9c51d7ed6ab1c3a73f34e5c9fc8488e39fa96e4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c6b0144211032ea45d742df42723d1a3

SHA1
c24b08e9fe783b6d0168dbd0599a47a31d7bf89f

SHA256
14cfe8acd75763ba3b1fe1297336e44498434326e7be4447f8988cd9add0be1f

SHA512
af2750e4278bcc4347648cf1cf361aeb0c6db399a8b17977bfe903840b4a66a4bca0d01df01d1f5fba051e53465c2e181a1a04fa1451ae7007439baf8d4de070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
2d21f8b3f0b160b84e69938d407820a7

SHA1
a8f26873051fb3988b64009de143508a25c315d9

SHA256
cfe03689fed9720f4187645e4d6cd8668e4877ffb1b01c77032c3b685c9a0fa0

SHA512
3f7724e3b896bccc86092b22931a579cad99350709725ca8587bb3969eef4b9b316153e723b73ae08aea754cdd4726380a60f2cfc2368d4aab766f4d94314912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
d9dd09060054694233018615fa988511

SHA1
ae02c5e515039c0f48a0e235b513c13d6a28cee7

SHA256
dabba0fb344d8174b59c15458cb56c9d818005e287fd4e33fcf463bd911eaa0f

SHA512
add25fb8168b962fc2dd353c8e38d0fd280e7ff3894725ca4d3a5382d6247c09411065101120c7caa46c6525f089796910ce8bdc9157574dc263b2512cc23829

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1432_1722458954\8b3a985a-10db-4202-9542-9d38ba50a79b.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1432_1722458954\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/4584-0-0x00007FF909683000-0x00007FF909685000-memory.dmp

Filesize
8KB

Download
memory/4584-8-0x00007FF909680000-0x00007FF90A141000-memory.dmp

Filesize
10.8MB

Download
memory/4584-7-0x00007FF909683000-0x00007FF909685000-memory.dmp

Filesize
8KB

Download
memory/4584-6-0x00007FF909680000-0x00007FF90A141000-memory.dmp

Filesize
10.8MB

Download
memory/4584-1-0x0000000000120000-0x000000000012E000-memory.dmp

Filesize
56KB

Download