xworm | 9cc07828bc4e8044c821061ef3f7ac85c951c45ca020f5b1aab656338c1595e9

Analysis

max time kernel
64s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ксго со скинами.exe
Size

121KB
MD5

298f11ec57f284d6f442d12ac0135769
SHA1

39a594b5f88bab1ce76c3b4e9497b1e9c0ebfff0
SHA256

9cc07828bc4e8044c821061ef3f7ac85c951c45ca020f5b1aab656338c1595e9
SHA512

01981350e64d29591a0cedf510a75877df1c427bb1d8ab0de88b018dc948d2d7262ce7ca14bcdb52c40641de19a5f751dbdca922ac8d1103c1987e66229e702b
SSDEEP

1536:dmKu1c7ynQowddJ1he6bF3/6oGGOmsw/joT3/4a:kT5nwJr1bF0GOmsw7oLp

Score

10^/10

xworm execution rat trojan

Malware Config

Extracted

Family

xworm

127.0.0.1:49834

performance-reduce.gl.at.ply.gg:49834

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource yara_rule

behavioral1/memory/1732-1-0x00000000013A0000-0x00000000013C4000-memory.dmp family_xworm
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exe

pid process

2852 powershell.exe
2548 powershell.exe
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

4 ip-api.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

resource	yara_rule
behavioral1/memory/1732-1-0x00000000013A0000-0x00000000013C4000-memory.dmp	family_xworm

flow	ioc
4	ip-api.com

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

Processes:

powershell.exepowershell.exechrome.exetaskmgr.exe

pid	process
2852	powershell.exe
2548	powershell.exe
2520	chrome.exe
2520	chrome.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

2968 taskmgr.exe

pid	process
2968	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes:

ксго со скинами.exepowershell.exepowershell.exechrome.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	1732	ксго со скинами.exe
Token: SeDebugPrivilege	2852	powershell.exe
Token: SeDebugPrivilege	2548	powershell.exe
Token: SeDebugPrivilege	1732	ксго со скинами.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeDebugPrivilege	2968	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ксго со скинами.exechrome.exe

description	pid	process	target process
PID 1732 wrote to memory of 2852	1732	ксго со скинами.exe	powershell.exe
PID 1732 wrote to memory of 2852	1732	ксго со скинами.exe	powershell.exe
PID 1732 wrote to memory of 2852	1732	ксго со скинами.exe	powershell.exe
PID 1732 wrote to memory of 2548	1732	ксго со скинами.exe	powershell.exe
PID 1732 wrote to memory of 2548	1732	ксго со скинами.exe	powershell.exe
PID 1732 wrote to memory of 2548	1732	ксго со скинами.exe	powershell.exe
PID 2520 wrote to memory of 2224	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2224	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2224	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2916	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2044	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2044	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2044	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1552	2520	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\ксго со скинами.exe
"C:\Users\Admin\AppData\Local\Temp\ксго со скинами.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1732

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\ксго со скинами.exe'
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2852

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'ксго со скинами.exe'
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feee799758,0x7feee799768,0x7feee799778
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1208,i,15813694570064262678,5216941689515931637,131072 /prefetch:2
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1208,i,15813694570064262678,5216941689515931637,131072 /prefetch:8
2⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1208,i,15813694570064262678,5216941689515931637,131072 /prefetch:8
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2168 --field-trial-handle=1208,i,15813694570064262678,5216941689515931637,131072 /prefetch:1
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2192 --field-trial-handle=1208,i,15813694570064262678,5216941689515931637,131072 /prefetch:1
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1216 --field-trial-handle=1208,i,15813694570064262678,5216941689515931637,131072 /prefetch:2
2⤵
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3212 --field-trial-handle=1208,i,15813694570064262678,5216941689515931637,131072 /prefetch:1
2⤵
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1208,i,15813694570064262678,5216941689515931637,131072 /prefetch:8
2⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1208,i,15813694570064262678,5216941689515931637,131072 /prefetch:8
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1448

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feee799758,0x7feee799768,0x7feee799778
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:2
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:8
2⤵
PID:1868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:8
2⤵
PID:668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:1
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:1
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1496 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:2
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3020 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:1
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3260 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:8
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:8
2⤵
PID:2640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1228,i,236091921955898333,5962350607747989754,131072 /prefetch:8
2⤵
PID:452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2352

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\23605ab0-4422-4742-b927-7327ffb3451b.tmp
Filesize
282KB

MD5
e0c3f311031893e51a93b7b0776e78db

SHA1
ed41241fac200f7afa5da21b63b998832bd7c83f

SHA256
b4c267c421d2376e40820610013f4607e6b14a4dcb3b12d9fa00118d69189e5f

SHA512
aed3563a0e39a4ab89bf0fc087805b259c002efeba741cddf76ecb441d6f97607fae666fbcb4e14a43d97f171d77966b0ab3f9be0ea47ff8e2fb7a3bc6e650db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
39e40b362bdc1e121c6c6a234cf5a7d0

SHA1
e7d46c8386bad51ab8b775c828ece711ef320302

SHA256
e593936454d92cdc9ca94e2ab9a6ad6fcce1b336d57adeb62c2ab0a23a938192

SHA512
b4250429c50a73e4d72e6f54008bb29cdd7bdd016096d9de8e4a6ee79a9cc2b9b39125b004e5d588633510615724ca4a11a96d32b540433927acdbb58e26b8d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
5ebb6fe54dde54ffb1f670625acf20c8

SHA1
92f22618a7b33580c60c910bf82eb475181594a8

SHA256
eec430dc474ad3a072dd1f69cde1315acd5400314eeb9a4d78dbf9c7a83bc057

SHA512
474d5bb15b2969e97e411ca8ea8a4b37c8ca52cf08c75c7cc2378008a459257b1d5c3aea867ab0dbc1dfda6ee3f841cf08e46af3562251b6d4ccc49ee501f642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
533d219eb40bf955c09255dfc7262dde

SHA1
011f4e946d27b233eeb095695fd56589415bea00

SHA256
b22a42dd4a5a370dcdd6c27487ca52a1dff3f95430eccb65775b12f5aa6794f6

SHA512
1bb04efa460f897e85019f44344653ef58f67c677c98234206afa0db508629629a42b88962ec743ec7d6f4d0fbb7890e72768a395869745d316b72c6ee3415d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
Filesize
1.0MB

MD5
011e4aca502eff80e9b69ba422e1dc72

SHA1
be09cade14d8ebb3a8f5e7f0bace2efac4c75dba

SHA256
da52c160a1e6e0d2a6a3be6c40de0359229d3ff38cddf01723c635c38874ed95

SHA512
9ace6cc51c9eade6f8dc516043ab0a20c05c80e7f2166dec86d07b1a341ec011a966ed8613890d33e807d3955f6b21fa4b139f287e9016e199ed6377e533c554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
74830fb40eb5dd850dde88599e0ad324

SHA1
49d3ac4e1c86d73694d60fb42394232c25c13724

SHA256
c35b7592944ff6a3017b6e1a4c0b666d308b08015815966ecc7fd4368cfb3ca2

SHA512
a0090b69fdafc7be4a4005328303ab7b32aeab4bc7aa115250a76eba3e5a1d58715b3d07ff03bd23a061dd34e0e4e2495f287af76a34178bc3310666ba34ddaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
35KB

MD5
fa131f705853d3464ccfc36088342ae3

SHA1
b73560ec64a71f5a33ce736cbbf7c1adb1fcf449

SHA256
e7bdcfe6b081f3cdca8a6791171338750e7e19ccc24ae055b7d1e44bb5ed1d72

SHA512
f259c1373c66155835e89e4e3016e3d8334afa9e66e5d66879d8661b447faa42d10dee2023bb83690945950dea7c33d2a2d866c97c0c8f453be0ec1c9d9574a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp
Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
Filesize
136B

MD5
a8402b667a2839624103335c5e974f7d

SHA1
43339685d8546f3db403e6838c0fcefe17a18ce8

SHA256
c3ac083c93c8c1a1ea97c7e451ab98c4927e82fbf1253effa5dee2a363cc21a3

SHA512
86fda8f3b838bd2fe3e9ebe8eb0488f83b9998bcad838fde597d06978e2534444338a782695a11dd23c996e5878186516eef3562a9f49696b3ab75a8e775b956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007
Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Filesize
136B

MD5
d9549ccc23225a47f9cde186ee90ec6f

SHA1
2a81d6a6f3fe50a0c0870f85b0e7d62afda7b184

SHA256
1049583cb8a866544d980bbcf3e19e55917b8c2a3b5df6182ae0fd03ee2cd142

SHA512
0c554b921e5cd46502f23c8a983f5d35e0b5808538e178fa79b32eeba469e718d3ab79cd651a4f60d9472dacc5f70888bf0cc8fc68ac04f169e7ea2f1ffb9937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006
Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1014B

MD5
570c6c08014b661f44a5ff3126b8b1f0

SHA1
c9c7869c4ede72b133f3c779bee0c27b0911f512

SHA256
3e8b394f7d70aff576cfda9c7e7d39a1c40105eb0c05229652774b1411c613f7

SHA512
daa05c32a072d24aaece0e4e58fe77769d4ae09e5ddb811b446fe7c8f0ad283230f752d014c99238321b150c7870b7f463dd890ef8659f62fcb532138e5f776c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
Filesize
36KB

MD5
981addde62c2f559311661e50adbf177

SHA1
23b227363cda91bd8cc877543ab7ca1f1c2be503

SHA256
e5f4e24124cbf1a403195d851299f78051dba61395390f4e40715831f8808ce5

SHA512
0171d22b5a0ab45879e29fb371b6ae28eb1dbe36552b13543fd26bff4319a5dcad3f776ba2b442b83f4d41c1df5790cdd5788248c43a11ffe5556a59a0cff620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
852ae594d96ebf84f3e0fd7e61fb5e8e

SHA1
3860bfa0111c77fae8e95e9f9f9c809ab8e361fd

SHA256
855f70bc4a142962bb29f1396a24b3bc5a6c7f018409475871d106a3ae3dd45b

SHA512
ca3e57db1ce37c5c6d912e03cfd3aab43f65495c511e4a568f1d2b0665deee85461c2db3cd513474231b1b5af60c27337ef52ed4a7511672524c8a5a45d515e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
eaba641f439e1ab1690605e97770edd8

SHA1
f51df8655bb59b01db439077e37707880d33a758

SHA256
57ae1bca89f25f386bed143a3d4856d347c8cd5eb81c05bad85126132c26ba25

SHA512
fe579d65c83829ff92b39642ef4a1f38f14c3284e1bfb7e104dc5d654850f028a72f98b01d9cbd76915d40acf38c693927de530a7f9b46a615bd8cc41faa339b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
b073515294f7f9a6a1a454aaa9639f21

SHA1
51b9f1adf4a3c3ebe81f0228340145c1239766b6

SHA256
108dc7c0f2239cac7f11420dcb7b3ad82e4f2809832c23f3b44630365393c4d1

SHA512
f972525bb85f0f620e99aeb8d65005c88c6f8b89e006ae83f680559f99ba1e09c8a1693d64ad54e15d7dc95243aeabff34698ba782056e52f5bda43b028708af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
0b1f1fc4e2d59a553fa2bf6874d389d8

SHA1
5c1af10d21e2e70d37bfd809944578b1169445b4

SHA256
1bcb21c4b8e9143340dde68c1e5947db48e8858143ed2e3bbd9fe32f01a32794

SHA512
91c166f28c23d7429214d502d049c7a9c317dd06fd37ef384be869eecfbe5a4be0d1e315431dd3456632f2d58824744312de4a470445fb4189ad0a560d753f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log
Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
Filesize
247B

MD5
db4d91ae4417bdabfe0e862dc1151991

SHA1
30ea1ed1e2796aa11db2992179311e976d458291

SHA256
e2770fcaa2f4f64622b01b4fd31b3f63f473dc460d7c7426a2a84916da1c7222

SHA512
3940d4f64f06d29c9d8b9993f29a15d25e20c573d4880aedb6861c4924aad7db074b77a4dfa706bbae4afa32d21898d68108565ce41fd8f321f1447602970094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007
Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
136B

MD5
add414dc0a6cd232d5117941cdfa6336

SHA1
3146c36bfc585624b313acff2939ac602002551c

SHA256
5c69ded3fb2b64139150c75a163d2d0578f9fcfce6cfe736012bf4a69c888e23

SHA512
14c4043d9be22b7af22d79c18e91489f74b2fa0e1bf4ede6fcbd635bb00ecfb44b7e1f24afb64035d3521dc4ab6477ef209bda3a97b7da7d0960dfeef6537fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007
Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb
Filesize
1KB

MD5
4dec34801cfeaf13d24aa4643697417c

SHA1
c771c1048e9e815871990633503a708a7d3a5b6f

SHA256
969b54c5000fd1a720c3e396863c148e4e2dd44c9c9dce055c7a8707c7242600

SHA512
26b7fce7aa0c8999948b9964036928ee1a4928cef3603c839a9abfa5783da3b16026bd63631032af7bc6cd252bc691095f704f954cd235e9cde1dc1f57de36d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
Filesize
250B

MD5
c61d00bae77e7c83efdbb40433f25fb1

SHA1
e0647f075bbd298432af47a3020a5231fafc4c02

SHA256
aed1bcda59e567ace6aaefbb95de8c9b6ecde141e577560619222182b5727795

SHA512
c3b5664c2356ac6b9157bdf461a80c6832b5692bfc9361f6420c1f0f2e12866f269dec4db99bfdb6ec7e0719957efc873d54c2d32247b45d47c5551c6daebcba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007
Filesize
250B

MD5
17955c6a1bfe62d0dc5fef82ef990a13

SHA1
c4bc3f9ccf3fa9626c9279ecb1a4cbfbf4a0fcf5

SHA256
1cba135964cd409db09911c7cd4699112622596ff633cea868a83c54088c03a7

SHA512
5fb73bb4f7eb1c9e26f34e5d0f310783c7e629e717760ee38731a52a8e3fba6831d77abf0f37631fed820839a00c9242a582e59266de08d3c92c5c4f83c8e7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb
Filesize
485B

MD5
df92a5f2a6f482b05d94701f1a92bf9a

SHA1
87f0bf45335a8b66af92385a3fd796abf0d3c3a8

SHA256
bc8d154850d66fd11ebc2fbdb0f8daeb1b4fbc15011c3f2cc675704f38da25a8

SHA512
d634940806e0aa99db27b6c7a136937746196ac9818ee550261d45091fcaaf9c1b960f06157f0ae4ae7bd13c846fbfbc0ea042c9ad28f25bb2270faf764f875b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log
Filesize
19B

MD5
a2f36fd75efcba856d1371d330ed4751

SHA1
fb7c3dff0fa2b47c6f0026287d12d16d05d14d8b

SHA256
561fe33b81dac187686e9e50103590f3a857f4e1b9c8ada714d43964b938ea7f

SHA512
79ca96560a074fa678cfdc06007d0e1e01718831d18c4a800c5361b8ba8091b46acada47418a8d7be3b626d2d9af5cf346abcdd88166a9d1634f81157ab1ad6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
Filesize
249B

MD5
8f436f581315b05a5af594fd7669ff18

SHA1
c68dfb24707cb62526b49a68faa54a1ef4c72728

SHA256
839488cae3f18b95d3d63b787667a668bb2ce54f694a22b35620ed5a2dcd6c1a

SHA512
eed57a6b470dff94c0427665814a2dc7252a39a7360d0631e445d44a11350bb2cdf60caf712d30ca0b81ce68606fb2a1a0414182fa3780410667903755f81206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007
Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb
Filesize
318B

MD5
a06a0694713a6c912cff1d963dc6ead5

SHA1
7cb5c7e092b3f0472088f98c63dc8543a9ba7505

SHA256
27ff1a9135c5f37746db54bd202807ded4e61e71b97000ba9578172d80f9caa7

SHA512
9937f8a8790b19c866f3560d11d248a48c0db86a22b1afc17ca104c1d4105da16a234641cdcc9a3185ea8d92e01d025df39d361046e75b31d6814b5f638835ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log
Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
Filesize
249B

MD5
2873ff5e7f4a67301e9bb50bb622f291

SHA1
e8869e99190800cc041419612a38e50adceaa103

SHA256
8abafb6c1ef678f8b890071d8ab4ceace58cfb8479c56ed597f4742baffbbece

SHA512
0f2c1c75e178f86c598a3bbbf7067c028c577e0fc399d706b2a55be2f537b72d77989d9364e2b86b864e24a4bbd84205564c2163acf54074c3d53f17f322f33d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007
Filesize
118B

MD5
032bf6351084537f117883d481461603

SHA1
834c8ca7a57a7f846e51fb75db639f20186ebbea

SHA256
9612a1bce235aeb1f9f6f70de803c9195e1c6f23ceb29563028dc297dbea1a8d

SHA512
22be159e095f241cc374411737e7d0ad83ae840623bbc2f464539337c5be29fa37da74d13b31f7ca37293e1305c84d748d9eaeaac2baf139b885a1cb039cf9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
Filesize
7KB

MD5
57f91420e737dfcd712d0ee616f8398d

SHA1
f29696c886305ccf06eb4c1610b2a686d2b1cb34

SHA256
c59c7de2ff9d0f90db42d4efc16e9df4b30e5694dabffc124290801d5fc78887

SHA512
1fdca5f9e6267b37af3bc6bdc1efc307c64250648469a01fc0f6fedbff05045c0ed7daf5f80a255e70b8de6936682367759fb9ddce7a2439c0fc6f12a40db8c7

Download Submit
\??\pipe\crashpad_2520_HMFRZGOGDCPFFWLT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1732-0-0x000007FEF50D3000-0x000007FEF50D4000-memory.dmp

Filesize
4KB

Download
memory/1732-2-0x000007FEF50D0000-0x000007FEF5ABC000-memory.dmp

Filesize
9.9MB

Download
memory/1732-1-0x00000000013A0000-0x00000000013C4000-memory.dmp

Filesize
144KB

Download
memory/1732-147-0x000007FEF50D0000-0x000007FEF5ABC000-memory.dmp

Filesize
9.9MB

Download
memory/1732-66-0x000007FEF50D3000-0x000007FEF50D4000-memory.dmp

Filesize
4KB

Download
memory/2548-15-0x000000001B570000-0x000000001B852000-memory.dmp

Filesize
2.9MB

Download
memory/2548-16-0x0000000002810000-0x0000000002818000-memory.dmp

Filesize
32KB

Download
memory/2852-9-0x0000000001EF0000-0x0000000001EF8000-memory.dmp

Filesize
32KB

Download
memory/2852-8-0x000000001B670000-0x000000001B952000-memory.dmp

Filesize
2.9MB

Download
memory/2852-7-0x0000000002A30000-0x0000000002AB0000-memory.dmp

Filesize
512KB

Download
memory/2968-163-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2968-165-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2968-164-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2968-162-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download