hxxps://cdn[.]discordapp[.]com/attachments/1239589556853149827/1239601019995029534/Orcus-1[.]9[.]1-src-main[.]zip?ex=664d6729&is=664c15a9&hm=1331b7c666d87a329361de96ecf8b99d71fec546c602ec68c43e1b65d84f64ab&

Analysis

max time kernel
180s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1239589556853149827/1239601019995029534/Orcus-1.9.1-src-main.zip?ex=664d6729&is=664c15a9&hm=1331b7c666d87a329361de96ecf8b99d71fec546c602ec68c43e1b65d84f64ab&

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

mspaint.exe

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607778348081480"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exemspaint.exe

pid process

4724 chrome.exe
4724 chrome.exe
872 chrome.exe
872 chrome.exe
3944 mspaint.exe
3944 mspaint.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4724 chrome.exe
4724 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

chrome.exe

pid	process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

mspaint.exe

pid process

3944 mspaint.exe
3944 mspaint.exe
3944 mspaint.exe
3944 mspaint.exe

pid	process
3944	mspaint.exe
3944	mspaint.exe
3944	mspaint.exe
3944	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4724 wrote to memory of 4316	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4316	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 540	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4652	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4652	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe
PID 4724 wrote to memory of 4024	4724	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1239589556853149827/1239601019995029534/Orcus-1.9.1-src-main.zip?ex=664d6729&is=664c15a9&hm=1331b7c666d87a329361de96ecf8b99d71fec546c602ec68c43e1b65d84f64ab&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0689ab58,0x7ffc0689ab68,0x7ffc0689ab78
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:2
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=736 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 --field-trial-handle=1888,i,5894727942487994446,13777085845976453665,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4204

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1412

C:\Users\Admin\Desktop\Orcus-1.9.1-src-main\Orcus-1.9.1-src-main\BuildTools\7z.exe
"C:\Users\Admin\Desktop\Orcus-1.9.1-src-main\Orcus-1.9.1-src-main\BuildTools\7z.exe"
1⤵
PID:2996

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\Orcus-1.9.1-src-main\Orcus-1.9.1-src-main\Test\ServerStressTest\Icon.ico"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6864f1cbc836137d20c4897389fef236

SHA1
9a809ad76ef3598fa27f6df57cf32908aa6ef152

SHA256
341bffd6f32a70d5d0e49a33d3f14714e0d8b7692626bccb3ad51b80a77c7463

SHA512
88e4b69f7312e0de5067fe146db56c856225b5bd9aae90c35fea544a0011b17c022b6ba310be0a83755ae405c7f509d5db08ce528a61777b5cfea7c27639c57b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8fb79e43ca448227bdb01371fa4670d1

SHA1
f74a144e4ea3d9c96e4e94c37adabf30a4d169fa

SHA256
d77869909d242302af36982fa99c8c2c7de8f438415689adb9e9317b76b2fa51

SHA512
15fb176d1149df7b67abc6ab64ea8d4a2cf915fb6b9792b1aef1563534e531ad3d4d4c70f88e66dd4abb1c2465b351a9095f54da15696b32e0e49b9004289df1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
50d9c8f3302bcebbf981c270c1c75d18

SHA1
2321564b909fb0d08fde05c97d8157fa4cd4f164

SHA256
dda1ad3bc4a0b9e5538ad1921851855781f2fe6027c3eb0db0fbe077f11eee02

SHA512
78b98ccb07a48af016ccb839b3e8afec9332f4cc588a845281c2977ab290846be85c8406bbd67be808fa099634ee24e0efdb6f0eb8ff0e95523b2c634563bb42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f0e04d43c892e8687813004a877a01d4

SHA1
8603fe7be4acb234b60e6ce573af97f23459e293

SHA256
81ae11f5f940e945b7af801c6a1ea3de77536f6ca7ce609211a7191a1d86bcc7

SHA512
d5a023dff5230648f8c717e2c5383adcfafd35aaa115b41cc6d229d1e507d3eb50f66c775ac6809f940410b93f837c82e168751bdfcc6fe7ee846a4d998b0365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
895a26f23d3665177538aeede6865dd4

SHA1
3a36e52de185c38884e1e158e52ce5e9cde01c52

SHA256
6bea75ebde04439133a4472ca7ce63d91090fff51449f42035c4ec4321eca23e

SHA512
5da0fd1d3503d844ede74b1c6f071346eabdf52e3c8a39121d73a94259b247c596d846de25071cb4beb223f2ad96957923e47abe71e539af7207717dff9d4885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
5b635a85e8337a8da1c83e48de499eba

SHA1
261d4bf91d815338b417d1b16b7119965a792a30

SHA256
686e400575baf6a6537a9fb374e1ea555d2d780659e09d4f844dc555f6cf3823

SHA512
494e62875dadb103211365836b220af1c872bd6a3ebb8ee005e79f55e404103550140dab775d6b22dfc474b41b4d70d31ba46bd8e11f1eeca6957a2dbc0aae0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
377c3c17428a3b62339c947e2088502e

SHA1
4739e4c4f7f7d5fcdbc8a530d60621c194ebb07b

SHA256
31250894392946f82388390e83b2c405a233bce6ca1d698d1d4ea9c02a20401c

SHA512
c56f79c2a7fd39fbd11af648439d3ee5a87966c497cd7bbfc4891d592ddb13f999f75de2203b4a521ad310e20cdb5a9318747e6f9a7efe10899d953fc227f14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58dbb5.TMP

Filesize
94KB

MD5
3b788c40da326aab0a1031319611aa99

SHA1
d96d96d408577d4dc72d4465a8745b61a46c7e7e

SHA256
86664993b50e63ef4a63d03c3237fb8aa084fe5a1a0f2c87ee85ac855cfe2aa5

SHA512
2d5aaa01210ffe2dcd622787999077b6b74bebf2371df274572272b9700c1eaf5520629abeed8806f3ae9c20eff0e61791e5940bbbd4cfcc968927325e7d857d

Download Submit
C:\Users\Admin\Downloads\Orcus-1.9.1-src-main.zip.crdownload

Filesize
19.1MB

MD5
4c2625dee22754770a9f80ac990e31d6

SHA1
28e28793f9a0eaf43e58753d6f725561e56b68d5

SHA256
9558304d6c36e01d95981dab176a9a144a0e567a2bee50dd96f7e0bc4a231b50

SHA512
eab39264128e7222c1fd2100e305d5cdbda8731214db2eaafcc884cab9b4721e98ddc9f526cdc7949646b547595c6fce9964783211ec9b2c35dc9140ebb02bff

Download Submit
\??\pipe\crashpad_4724_NQITJJZJRIPHRZDC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit