xworm | hxxps://github[.]com/GeniAIDiscord/Solara2/blob/main/cmd[.]exe

Analysis

max time kernel
53s
max time network
49s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
05-11-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/GeniAIDiscord/Solara2/blob/main/cmd.exe

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

completed-rally.gl.at.ply.gg:28996

Attributes

Install_directory
%LocalAppData%
install_file
Windows Data Compiler.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral2/files/0x0030000000045229-172.dat	family_xworm
behavioral2/memory/3920-200-0x00000000003B0000-0x00000000003C8000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3920	cmd.exe
1476	cmd.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
54	raw.githubusercontent.com
55	raw.githubusercontent.com
56	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
58	ip-api.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752941242265953"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1220	chrome.exe
1220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1220	chrome.exe
1220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeDebugPrivilege	3920	cmd.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe
Token: SeCreatePagefilePrivilege	1220	chrome.exe
Token: SeShutdownPrivilege	1220	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2648	1220	chrome.exe	82
PID 1220 wrote to memory of 2648	1220	chrome.exe	82
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 4880	1220	chrome.exe	83
PID 1220 wrote to memory of 864	1220	chrome.exe	84
PID 1220 wrote to memory of 864	1220	chrome.exe	84
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85
PID 1220 wrote to memory of 2508	1220	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/GeniAIDiscord/Solara2/blob/main/cmd.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x1fc,0x220,0x224,0x1f8,0x228,0x7ffbf5dfcc40,0x7ffbf5dfcc4c,0x7ffbf5dfcc58
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2116,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1964,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5176,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5208,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5216,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5224,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5232,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,17298620222556843997,10515954089084009642,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3220
- C:\Users\Admin\Downloads\cmd.exe
  "C:\Users\Admin\Downloads\cmd.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3920
- C:\Users\Admin\Downloads\cmd.exe
  "C:\Users\Admin\Downloads\cmd.exe"
  2⤵
  - Executes dropped EXE
  PID:1476

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8d4371ef-04e2-491b-8529-29f5e9001726.tmp

Filesize
9KB

MD5
3c9c8c9ff2734911b641afd3e2be5841

SHA1
11f3592d7ced71651eaf0c2163ad66721b65bb6c

SHA256
3113bfd6ad5c40723ddaeb789998c44ccfb00aaac83d2addc2ad6719b279c63c

SHA512
99148a6d9eace4af602ad83aa01527e81037d55a4fe61811ab9a890c7fffa74b1e01af616219be26fad574353d6a604b02196262fe0d3b8d4206c6294baf0db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ec7e8289d8ae6c3b17417292efc7a13d

SHA1
c712032d830ba3d0f26d49c282dc6dbd45f628ef

SHA256
45347100c3319431aebf361bb1d55589e37887e62ecd3c233f90f97188cc97ee

SHA512
a5ad0faae2c516c1db512fa913978e3a2c643feda460930767158c5ce9d8640f649a034e0f43433c729f566490c78e30fa7f0a7bb4c2ad8d3bd4d4aee9295975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
840adfab9acf3bbec039752dec1bb764

SHA1
7c74f0988988766632f261d7415c5987e384976e

SHA256
669c4b1740e896c9de4a299c22c7eaa0bc785bb297ddf1be8e53be6d649485a8

SHA512
57e7371a177276cdca04348802fac615746d45ddfcd5cea01aa5b08f7e494825cb7b5c227a76a911701dd91fb53feb0e746ab2a2e7ce017f88ef430afffd5dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
43a14b7f180de0c200e9479254f8457e

SHA1
6d4d29fa97fc877760f5ea18de5d8d8ad82e2e5c

SHA256
257cfbddc97f7ef2e823a08a5c4bc3d3db1992d3fd34c293cd7f5a1b2cdd2237

SHA512
a6f92dbbb3ae09e48ce6b4e11fe866adb7409d396be254151b9aabbd4f8a7b873ee63cb8a745944616f97ca4935580cd556cc20c574cb0ea1aa2c2b8b728cb7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23fab4df6466c6a2c3085dbb2bb396e0

SHA1
2147d27d0230aaef98cad30874de0cb371f1e15c

SHA256
aa9aa17de49eb4694d72ac5aa51fe79c46f0919de30ebd5391a04c14099e0629

SHA512
8564cec1978c63c7d079a52b312386f98b4758265bed22dff8ceae447bdda0e1db01c633061141d1018982d6223e0235cd9124b19270b72077dea5b39d9b658d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
641f296bcdf4bb468e63ea0a03825b28

SHA1
82d183c42743c28530b7f796c6b77ed1930ba69c

SHA256
f105fcb449526f43c995f95ad6eff3a0a28e3791002f9a9e678d506a3f0be178

SHA512
58ea45bc135096d8ff2ca020dd4fcabb367fdfb0139f8506f9b48c507f38be9ba5fcd27ae9a4355ccfb4ac0394e476aa935244328ecf92c9338ccff8d55f6ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69e53535cc8b2fd33e2f356860e72abb

SHA1
dd0091cb56284c4d9565cf31edbac1f0efbac684

SHA256
809c6999eed2aeeb8cfd8064dc37cd34a22772065432cb63b5994b3690753007

SHA512
56651c570e1579dd9639cea0358375732a33c167b8270ec6c4d5e4ae2fb89ab5ba622009bc132647532b7c790a74086bfded6dcf0b781bf3f2f4f6a804c33839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
754fb960d5bac5b4d98f217807ad4a2c

SHA1
67c5e5bf47ffba9375e6d6b1111dc6faf7285a16

SHA256
27918a831a96c69507d964c1f884a95dda446b99324326ada5668fb12859635a

SHA512
20a2c1d3a2a62f40f96c3af19f9827cd5303ef1cb84d1e018fae194e5bcb536662bba22c8d5e5aafb72faa05475a1b94eaa7630c466a2cc85715f83cfd433b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
5e963fc07812540e32c2bcbe35df4718

SHA1
fea8f6a49b4566ca787a6bfdfb21f523c8b8e621

SHA256
8e7b89f3b1993ea9283237399d3a908ec5cc257134ad62fd7228d8a7d4e4b961

SHA512
cb9673ae46dfec94faea498d2f00029e2444699a7a152e7f1d5866e73cc3cbf52975ad68962cbef759cc62921570cdba016d7a9b5c66116eb6bae57d6ef5de68

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 470926.crdownload

Filesize
67KB

MD5
7928407f9279ea20ae811608e85e9f24

SHA1
be0414ecfcda4fe76dd12c571e5c01e99a26ea57

SHA256
6b74151930702bbabe7511fb4b73ccdc543734bad541f3a5e482912c7530bdca

SHA512
9f8f3d304ccedac5705367f02ddab38c096dd65e54089eefabd21a410ba031d364c780475f8a36fcb55290d64b0a09bec83c158fd9a8e97e746f12f21572319e

Download Submit
memory/1476-240-0x00007FFBE2860000-0x00007FFBE3322000-memory.dmp

Filesize
10.8MB

Download
memory/1476-241-0x00007FFBE2860000-0x00007FFBE3322000-memory.dmp

Filesize
10.8MB

Download
memory/3920-199-0x00007FFBE2863000-0x00007FFBE2865000-memory.dmp

Filesize
8KB

Download
memory/3920-200-0x00000000003B0000-0x00000000003C8000-memory.dmp

Filesize
96KB

Download
memory/3920-210-0x00007FFBE2860000-0x00007FFBE3322000-memory.dmp

Filesize
10.8MB

Download
memory/3920-220-0x00007FFBE2860000-0x00007FFBE3322000-memory.dmp

Filesize
10.8MB

Download