xworm | 370cc36b27a50f6e31221b7124845b1e56376d7d3e9ed1e6c6ba40d3fabcf240

Analysis

max time kernel
1460s
max time network
1485s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
09/03/2025, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.exe
Size

89KB
MD5

4abfe31f2da3f0bc602decaaac08b0c9
SHA1

afff96b07c5e37c801b411ede860df94037573ef
SHA256

370cc36b27a50f6e31221b7124845b1e56376d7d3e9ed1e6c6ba40d3fabcf240
SHA512

dfadc09da95d07917717adc086cb400eb9398c2e280368edbeaeea02603447639e3317a8851eb6600fcf18b968e34903cc6eee4a7e0c1774f57cadd62abac772
SSDEEP

1536:49DnrYF3GJ8jDAj0MiMjObqLfxMbYI/1178G/86l0FK/kgO27GT9+a9:wDcuGwPCOmbYq11wq0FK8gO2yT9Z

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

argusishere.ddns.net:7000

Attributes

Install_directory
%LocalAppData%
install_file
XClient.exe
telegram
https://api.telegram.org/bot7694483961:AAGV-uQ7kaA3loPg-x8TWOxIfs3Vo3BN8Bk/sendMessage?chat_id=8146690782

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/3596-1-0x0000000000350000-0x000000000036C000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133860180022893071"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5216	chrome.exe
5216	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3596	test.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5216 wrote to memory of 1460	5216	chrome.exe	95
PID 5216 wrote to memory of 1460	5216	chrome.exe	95
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 2448	5216	chrome.exe	96
PID 5216 wrote to memory of 3476	5216	chrome.exe	97
PID 5216 wrote to memory of 3476	5216	chrome.exe	97
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98
PID 5216 wrote to memory of 3748	5216	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7fffa644cc40,0x7fffa644cc4c,0x7fffa644cc58
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4396,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4388,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5168,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5100 /prefetch:2
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4764,i,2758155450209420333,16959186110082639190,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f2a38c20927ea4378211827d195f6fd6

SHA1
909d7cb51250aea31aeecfbf77b85fdaa0cd4e9c

SHA256
b6cb83539b1af65afff3d53c09eba9840aada7722f4bbdbb04fcf428c8e2af3a

SHA512
c3e6e043b829b94644be5095d1e2cb119a2ec0af0088f444caee55f3064b034c2be23c52bcabbcad3ff4cd8c9f5860b27be13894bcfd6c0f7a0e60a5f5381d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
0559c25b85ecfbb39137acd142849e10

SHA1
9a76f3d1b0fe0f9b1e4e83b7ef1be09aa26b3d4e

SHA256
a49df55fdb6b1cc681df9e72fde5753daaa057c9a4ac743536a52df90c55dfa7

SHA512
16b19cf75ee9132a30812d6ea8b7b250f97276ef2e2934944d099e0d2f2a776355dfe6d0d13721ec24bc72260d508e73ff2e508d6f5434c0b2550960f6269401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
06be59c1bcd791510cc8d56dcc2c55aa

SHA1
09ede801e1130b5b63d0c7651e29abd492c9c565

SHA256
695d6ffa7f889d7e6f7c05bcbfae4754dcfecbf6a78858c822856bd2e1f4e224

SHA512
bf4cac904e4ea38a4540fec1717df2ab366ca84a5c682456b29a43962c102a8641258e4554c08ce02d62783bf154f8c1c2b922ac55d9d1ff21daa81d47905703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0d9652276eda770c16679927e7d26d80

SHA1
5b66c2204c70c5b30037159e7bd7f74379203300

SHA256
f199f9a8bce5b87ff94df4807963b899e385f78f2d127371df5ee78e0d2216b1

SHA512
d03e7620d68f45946b7cbb5f3279d8ce738ddd07b17cc6bb625b5179ae424aca5db008eaec8b91c782e1ff4a642ecc2dbd380c40e32c0a85953adadb1a650926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cdd9c452aa1b58c074d738957a781c9d

SHA1
e48cf53e2e6d50cba83e51a57e956c271c708753

SHA256
7c5aaed15e8a147cc3f7c3e5bfb33d3779e261f0daeb6bf50330157e3e09aeae

SHA512
ef9eba426832fb3f3e772e1a84f59712913c9b7eb40822c9f3e29f83139f5de09c11f5e09d6aebafb3e70f87e54e54f59c7e112ef15de56d51b3e7d1a2505e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2fa3a15a03d072843700798488804a2c

SHA1
718f4a14ddea2b73791579d3088ad7ac556205f6

SHA256
472ba9568fb099d1f637022cf1c23390c423ace49bb1a1bdef36de74fe346ec3

SHA512
2a313e9a370adb4b7facc5c27007e82ded9164ebac318068427e3678c503490d1f6280f2041030971a9c6083b7c3bef159d1c55e7a03d9ba200864169db2cc8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd4af5d7ee65ac6c20cd548bd89795a6

SHA1
deee9a6891557a33ae9692b86bcfe1acc122ffb3

SHA256
769000def0da7c211e096bf6f60156c54b79c702508aa7f0edaf0e01b340ef70

SHA512
2797f23ce85904d69f51e79f5fefc422e6938d66e2a5f6bdd242890be6d7130eb9a4771ca8df59f4e27de0f8a6f80631ecc98aa353b7c9c89a6059f4dc658505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cfba86e8dc5e7b383af48c15a9adbad4

SHA1
4a3ef22bea41313f751ca655af5894c172217cfd

SHA256
aac4548ace08f99a508ce7c0cd70d49937d4b42c465873fb695e85bbf63ee9fd

SHA512
c6956517ee582e2d2195ecf4b31f4a923d1e34e172dbf8418427696d1a2f39e9a628a4b53dbe035802ed3ebe459747ae2bcca27a9cd5b5b7c5794caaff486189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad9590ced62c3c46cb63d423b67a1dc2

SHA1
6fc5c8913acfc2508e230952b11e913cb14a60cd

SHA256
98618d0081c0f7b856a602ccc0a09ca24930ce68a51d65a16fe1d5ccefc00654

SHA512
c13d276358043e46fc1c108d6a8feb464e53c85b6454fbcdec7d2d6ecc1054243ba5f68513b6fc35962e7512ee20b3dc8491f74464f866beef4def4df28a5fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2449d505aa07114c60a1d69859c35e7e

SHA1
1a85e95233712a5e1f3321140b3bf77d677d9f47

SHA256
96994b1757d8219b563bc4e06a90fba0ddcf6a9babb8beeaae11f0a7ba47de23

SHA512
1ff4325ec5a983b5f1eca49be70ab1811c48665f5928f9d4fe32c3cbe2915cd23eb49279458a863ee9dff02a828cec21d3b9dd7fe6ff5e0020674ee2f6bc8b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e50e6ee624da1443250e3a45d70a2abc

SHA1
30f11fc5d8310664d435b55374421b0c92736577

SHA256
2a96cd70dc59ace6004505f014273d7c7780ca7b7a5d7c6bce9f610996a694bf

SHA512
a24f7be444c7763a25be8dd87ec4028a89a2868fc9c6d059c9a780a2fcc8efb456f660b68ab61810d5142d35d16ae2c2c0b5927edcd85292163e0008f3136f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6da764d11cd8ace6d8a40ebf64f883a9

SHA1
7466120224ad63a99fd63f3ce53aadb42205b95b

SHA256
873f070b6fb58390b16139e0be9061d572f02aa875762fcb73a94d8321b9655d

SHA512
e65c7790eacc021753c54cd84e55835ffea4d1871373353b95fd5f70fcae94f379a6f9326692a12bec0eecdeb21ea4644192d91d718d0fb73640e086753c5bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae2106177720b5dbe7af3540e541e500

SHA1
6eaa59aa13ea0d040a918f9000ccc1bd96176904

SHA256
1454e266a8054d99c4124a4fe13bb722450d9a1b7936811d4bd6803803ed89d3

SHA512
00c71657be1af8e51d04ddf2690625527323b561e7d519d39cc535eec3887cfaf95f79941e5a0cb90986dccfb647241c2ef14a7900f31b2cf95c3200e67bf29a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f6f66f5b367aa668b1fc1d5b860398e

SHA1
de137ea4cb111a32fb58eeef9e2e866aec1f3bc8

SHA256
29824b84ab5ec4d15661d6ced6dc951d903fa8d905bdab00eb77d35163a33efe

SHA512
e4f13b7621bc2abf78a0aeed12a0eb1559e552627b274b162dc4f1d8937757c975a9df3bc451aa1a2819f5bfe4a449360d1c9a080bbddaead818503f15978ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
634f7d9b4dac9a410ce8515b8eafd9e7

SHA1
d37a008cd1ebdf35431f382e3ad686be0458ca1a

SHA256
afe72fca10194557411311d55d4380f0eee63e047ee0f6039f7d3c4b233a30b3

SHA512
0d4682738901fed2b4a9040ef81f0dfacf379af185e2fb4f28e2d8bb835933d11cd0ffebd56d069d1adaa886f977074a4cb450811171c434418948415dda951d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
374df96d1d15e959af963b4d581facca

SHA1
7c05354ab46c9753ea25b4c67666e2743d38b8f1

SHA256
ea411118fd0b5f00c8ea3d63e4080d83f58cbc2a4a87228d1e786e800082c0b2

SHA512
ba14b3d85ee9e03c99ea9921c764bf7722857a56f7d5df0955bd61d09a08f285d5751892a8c51e8dde732d4324d885af1dd9b91119b09bc76fd8081b08c70076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47b6246e76a5af4b713c136698a7d959

SHA1
69bb69bae374aa3171eb3d988b58ac325c5ea67c

SHA256
35fdc260c3545eeef8399638c9f6623b3f24006900e0b8d50cfcfac8fc2e4561

SHA512
9a621b7bac1c0ac0fc9e87392454f1522789468d9b441a39b70d5a61b29a0cb0f0ddb2bda0a109e135aba4b1314e8c21f8c1b37537f475532f0f02548e528b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af922c6735ff15c4096875711fdb60cc

SHA1
f1ee8c04035667beb868b5c421d230b657d61b9c

SHA256
68941cfa2aa78fb2474b2f213594429676eb6d54505403b44c355985b63789d0

SHA512
5bdedf3436a8c65768ddf56e774a22b983fef3bb7dca6a92e7d06f6f6e163599f4e163a1d354f78c605a3a93c2658259ff779738560c4ba2629c73c9654a5153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f516114f655b912c8664aaa424c960b

SHA1
17bf47442468123a95e0208a1dc823b4770b0376

SHA256
00d1f00404be368ce397539cc20719ed82ae738eb89ee4dbe477ebd7c9738c68

SHA512
ce4e7448bdce135493f876a8ae95d0ee65db18b8f8d050d9729afcc6b7d07ea466c9f09a08b4616b4dce1b4c6a6988a7b5207e36d16bf1ce48ad441aaa7d5979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
988854d9c498668c216b16bb94f572c4

SHA1
78cf9b665bcf4db9d75f65989f7011053763204d

SHA256
a66313571cbd5aa70efb35ebbac9524d25861349788edba3adeaf281972d209e

SHA512
ecac54c165ff6b3b04d9799ddc63c4b0489ccbe36b10b66f22a0130c420f63182d8c854ac1176d045b94ffeb728630680a2cb3f5b0998de1b4294b156de83adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
011c4c23567ddc3d74f9b925238a3d60

SHA1
fa709e50646021d2f7f4612676c47472c909e746

SHA256
94f25db5f1820075a8689540309dffcb189faf7d475ec8e7e6595abe3f41f2ae

SHA512
f26c2dbbf3946432760c308860d61da5bddcd4daa557dec6ba0a1bbde1ad012d868fbfca23ccc68deea7c8c62726e75faa655e40aa7b2555e5572763d6d1b21a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6961cfe1057a987202a3aa97fbc8f80c

SHA1
825437011b73e53b16edf55c18d26a3a59a29a3c

SHA256
9af613dc0b6f3474b523e6500dd5be329557c81f2ebf101cdf08e68fb1beb998

SHA512
5a8ae49bf0fd3543fc2792ce07090a7696db4b3d8fbb1d6ec79764b9e84d74739332550a34d734d881f13caa3dcca170dc281ffefe5faa669e75d19cd27ddeb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5ca1a04c3960922d7a24fb9a4b0e564f

SHA1
d0a923bfc737ad1ed3c8625100763d001add36d8

SHA256
846805829cea3b23d996ad0ce876fc3146e922ab8fd1ff9335389afb578b3170

SHA512
7db1b9431ae246007d04f25d4069fc894786b16b830162d3ce2dd5ee88e3e6b46d87848866375f01b88f10a8cc986139ee512c5cb3b826b34c72d3d4ba43d3e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bf751241c674a54743e16e1f3c2ce014

SHA1
b0925802a5feaa62a62c509dfa037607faf39ed4

SHA256
60333cfcb3cfd700894a0e467d2c66f5b47fac1ae9354cb6c55f966fdff4c786

SHA512
c6476c4522669cf13d1343a2c3c09fb82de28f3851265f2935257324f7da1b9d05b9440e5ee4536e2dca456b4fdd0a4ecd82f5e2bd282c5dbbbf82a30bdc2595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
7dc5be369c5ec50773e2969ffecf97f2

SHA1
fdee8598490340ed0ca8da04084978538db41241

SHA256
f82ca46eafc6b5ec5e71313881a5d288b110d153e0c868d1a65017bca071c2b2

SHA512
d9679acb9c2ea28626445d0c9bcf22826071e36a0dfee5f23933732d1d4b5760a7d1c4988e4a07d0acec673d0b80e8f2d2e60d3de704c93d75c4895b01ffb105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
158d91adc45a2ebe8c852f869964c446

SHA1
2f81f7954e87eed78545251f1906d49b7cae2b73

SHA256
c8256a0f40547e0b7fbe0e3bde6a473eca24ce1d2e1e9d72a28e97f7cd95b426

SHA512
6c05596d0a826a84d50e765ca95129ce1da4b563de2b22b05d4005b671626293cc918aa1352216ea0d4e2c4567fe0872f8e1b27e98ab3f7aacb522336aba14a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
2b9f03eb3369f7b3115c1db4f5109fa5

SHA1
072a4f813b3d52028ff63a3c0144c325fe312546

SHA256
93c5cd0b5a83274005a8885c74aa0792d17393dc10add85a599dce3de0422148

SHA512
cec1c46fc82c0033bb20378f8aca90fed7ee53b43b629f7a17352e269b0c04d12cd99991b421a11dbc6b176d3f289126fdf83a8eca1e44c0f73eef857796c97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5216_1161089554\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5216_1161089554\eb312a29-b6b0-416a-90d1-309a4f010d18.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
memory/3596-2-0x00007FFF943F0000-0x00007FFF94EB2000-memory.dmp

Filesize
10.8MB

Download
memory/3596-3-0x00007FFF943F0000-0x00007FFF94EB2000-memory.dmp

Filesize
10.8MB

Download
memory/3596-0-0x00007FFF943F3000-0x00007FFF943F5000-memory.dmp

Filesize
8KB

Download
memory/3596-1-0x0000000000350000-0x000000000036C000-memory.dmp

Filesize
112KB

Download