xworm | 8dc951e63096ed828b6ca4dceca2be6b640ed9d22be9cd1cce0f3c9a3a6ac899

Analysis

max time kernel
66s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/03/2025, 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45274.exe
Size

55KB
MD5

076f9e877b6b14ac5c2b1b6ac29811f1
SHA1

efe0a06e24c13a17d96a07c17de476698518b9fc
SHA256

8dc951e63096ed828b6ca4dceca2be6b640ed9d22be9cd1cce0f3c9a3a6ac899
SHA512

55bb7cf094464ee9de854620eb47615c09019a0ad001cc38a0a9de88e0e8701e31db9824a1fd1659c4f0702e5f9e3aa8c525100663876ae3d0c2a7104c8949da
SSDEEP

768:Uz2AQ7vDyb7YoBBlschSX9CioNIdxbyCdG5g9VrV/WthgOUhZZ5xBy:bLO7uchS8io2xbyCd2uQDgOU1By

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

orders-ic.gl.at.ply.gg:45999

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/2112-1-0x00000000000E0000-0x00000000000F4000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2732	chrome.exe
2732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2112	45274.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe
Token: SeShutdownPrivilege	2732	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe
2732	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2608	2732	chrome.exe	33
PID 2732 wrote to memory of 2608	2732	chrome.exe	33
PID 2732 wrote to memory of 2608	2732	chrome.exe	33
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1072	2732	chrome.exe	34
PID 2732 wrote to memory of 1968	2732	chrome.exe	35
PID 2732 wrote to memory of 1968	2732	chrome.exe	35
PID 2732 wrote to memory of 1968	2732	chrome.exe	35
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36
PID 2732 wrote to memory of 2456	2732	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\45274.exe
"C:\Users\Admin\AppData\Local\Temp\45274.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feed659758,0x7feed659768,0x7feed659778
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:2
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2200 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:2
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3332 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2684
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fce7688,0x13fce7698,0x13fce76a8
    3⤵
    PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3756 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4104 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3360 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2832 --field-trial-handle=1284,i,13582993083985431725,17601954729570104384,131072 /prefetch:1
  2⤵
  PID:2924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2523e4f0-0fd6-4079-9736-fe5353fd0256.tmp

Filesize
8KB

MD5
f521170df850b50263540f67117821d8

SHA1
f0e4fe20ff3d117acc49944a1e68f54925134049

SHA256
a758cf0b3b2bb325bb54f2981b17bdc4a605bbde488f6f2651ce2f9fc9aeea21

SHA512
5e36b131e9c261cc5bf7736da15819630d58499a47e4e1e17ec46e9725b548f3b5492825ea04a6fb75c2abe35f97d08586b69589dc0af5cbfde12fa8db640e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
0939adf672dd2376809ddef2d83fcd57

SHA1
d30d23e040f97a617834ba33125b66ffbbd072ef

SHA256
3d924ebf8f9723d86b43c805fe23614ac2dfb64a657ae9c0bdb0d7085777f0f5

SHA512
1adedf3e462f3cbf43d4785bb5644fb60d0508061c8ded9df5723795f3014dcc731c235aa839d9bc7c23ef35870beb8158a2f48e6039207ab0fdc03cd37a3981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
986416e3a2f39ffb34b0ddd37df33539

SHA1
f836b6f82ec4783cc5039e635a8ba841779e90b9

SHA256
ae75fa6770d865b3ddb5d6d33d2619a7fc66b7a4dd7c63fd146ed68d098f5899

SHA512
29306e7d7d41804b6a38698c5353a429a6ea5cd6e324f598f02ad05325d0bb38c81e02ba829e6bc1c378c3f82bde1dea0d9bf790f27395a31f0b15958df98950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6203e5fe4d923abf303ee0e5dfbe04af

SHA1
66a0a55ffb70101b34f5813cc22a68bf1d601b29

SHA256
7dfb452b63320215a257eb4f901fe564bd0564adc6e7867a2764bb58fc442b8f

SHA512
f1406e9e4486969bc18178bd6f44c8a08acbe5bdde90db3b7bc099fafa021a7e36c80041b94785ee61c4690484164f6a731b9f7eee637f258b3361116eaad346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\Desktop\ApproveDismount.midi

Filesize
159KB

MD5
6a9fe67873bd3d5a934ef7dc65c84174

SHA1
4e220b7027f867b9983a5c31bb2ea7ac9cc0648d

SHA256
e6d075a31e315b09c6f36da5f61cab76b1c5e6a4ab0b0e8a252f5a47228e7ff0

SHA512
a49a25350de6120d95520b23f906de172732275ceea7d0238205d8c3e98726e1cfa4788ba4e6327fdfca31e6dca8df673d9ad8e3d2363f9af54f63db95294fd9

Download Submit
C:\Users\Admin\Desktop\BlockSelect.xlsx

Filesize
10KB

MD5
36b526a43379f526c4d517e0c2154b25

SHA1
c7c8c7722dc5845fa35176426758e7c07ff11627

SHA256
4b34f625286ce132c18c8dcaf344cbf55bd91ee795aaeaa8888871142c7351f4

SHA512
d4fa7de4e48711981395422a4420e14c1136407dde130f08cc4ebff1400c0c8ae77749ff031f1c5683c2b1a10a08a935a69900969ffa7793228337ca90b72a7f

Download Submit
C:\Users\Admin\Desktop\DebugReceive.zip

Filesize
349KB

MD5
f1e9631b9914a00b6cd3febe6ea6e4c7

SHA1
6fabea45c87b2c1d79a1f2eed013ed08f41971b0

SHA256
d2832b118ab5b1a777e49545e3cf3a9a468ad1408530e05accf93cdf26f2f39a

SHA512
24554102261da3c4ed629089af10be2356c6ab47df05a00804167d813400eccebc1bd78135f67404f7d954604e655e08003fcc7bbd4d0a1eeeb6155fc52a644e

Download Submit
C:\Users\Admin\Desktop\DisableRequest.mpp

Filesize
275KB

MD5
152cbae24939c02fff8216901cbab676

SHA1
4bee2ad560d69b16ee1749b71682191110917099

SHA256
ed270bfd0b75130470432a29269576e8278e50722d0d2d5e5afc1807f9ebf8ff

SHA512
12a94ced65631ce6277208108e9b15e556bb817d49d67623b8a7fc12c99b3893aae43d16e2d88bcdbd6c64b48d8443c36b17e2926f4393e90b9b5f6bc229fdd4

Download Submit
C:\Users\Admin\Desktop\ExportRead.bmp

Filesize
148KB

MD5
76ad1cab6a2bcb3f505d6a2c3a9b9f86

SHA1
72d97294d6d4a710844b95fe80f6d7b3e37cc95c

SHA256
0b51ceff21cfb797e91ad6616e1948b230a11e8fbf59a50cdfa27c7a5edbab5e

SHA512
dd643486bdb1bc70f3b15157066883bb5ead95ab0f3a1c5d8aed21888d4f6c2cac67a4942bc6db9b0286b348ee53157fdd8553dba0a65066719bb457deba1c11

Download Submit
C:\Users\Admin\Desktop\FindCompress.tiff

Filesize
392KB

MD5
1ce6d47ac27e4787d9b46b761e9f57ed

SHA1
17fc0955c5b0ea45818cd66dd13580a69462c23f

SHA256
98cbc32e6cf64fd575ab1348af97458fdea5a263f11f8903660762c03e070628

SHA512
bd2a5078b0d782a11b9bcecf7fa66ac1cda782b05b37ceb96c0448f509c90cb7cfcdcda714034f7340f3edb01ba0b249000de420be90e5743288c72292d4c702

Download Submit
C:\Users\Admin\Desktop\HideAssert.mp2v

Filesize
190KB

MD5
314603a35509b055b4597e7e644a70ee

SHA1
f62e14a9e3f8711475bd45348b294b3e85b024e9

SHA256
5687a3470b751a75fe6fb46788f736a3e1360ee33e610ddf71e819109cb6d565

SHA512
69eb5f03983fb1400c3eb45f0eccbef5965f31b50a7dd1dedd7862b24a25a09f0ca1a5aceec3c783f678a0ac02e2505a4f29feda2abb06d759541336847f2cb7

Download Submit
C:\Users\Admin\Desktop\InitializeCheckpoint.scf

Filesize
212KB

MD5
c0618b3b0094888685501c38abd6bb19

SHA1
d49af984622bc02a108bb555f2b9579c8a97e501

SHA256
529198367e17fd20d5f2d85efaa80f75d5bb764cad9269fe18f0540983a4d6ab

SHA512
0a0fad91eecd874bd049e0dce587baa741bd3c156f194f20064b17e862a08c08f31cd7fa54d432462627c57933a485fdf097f591dc0c3659d5e8f6365f0ada7a

Download Submit
C:\Users\Admin\Desktop\InvokeCheckpoint.xlsx

Filesize
12KB

MD5
10e0e1eb3e8ad5819e9ee0f00cf7fde9

SHA1
7a453b103addb172565486d4e441455daa78bf74

SHA256
aac585ee6a17affe7a8b98f501f9fc2a0ffceb7efce60b8f7ce4ef71aafc13d9

SHA512
a2b956c2692d2eb61d64c9210541f1e67288f1d4c70adaa8e55bd8b5d97bfcfa4cd9e05dab29c4c1db04084bb536ff9ddbb1d6d19ec18d49821ca4183568362a

Download Submit
C:\Users\Admin\Desktop\MeasureWatch.DVR

Filesize
137KB

MD5
969f586e30a06d6dd90e2b500d848fa5

SHA1
eb1a6fbc3ebd4f19120025c95db14f6d708dac8d

SHA256
6ce05f3ce9bdea802c80cb629a409240861ca334658cad79458c810879484760

SHA512
0eeeaceeec753c107f274986597205a1a825e54402c9b1be24bc87c7687c8ac454587827afcb20bc709ef25acab863a007625e616960c5f1c71dc680887ba681

Download Submit
C:\Users\Admin\Desktop\MergeConvertFrom.mid

Filesize
286KB

MD5
755f98d432f1ff676fab0c71dbd5901a

SHA1
44731a26a86aad598a4e6aa6faaf51c6fb12b0f3

SHA256
3d756d7147b954c090ee99e34ab02571823911fe6c9b4c72df50a1d7a773b663

SHA512
4e5d0af4083c076d497f2191bd21342dde613928c93b8685a2f91ef525a213335fe57d90fcde4ba652252f09e103b397e20e96ca09dde3f4a533d2ff47636254

Download Submit
C:\Users\Admin\Desktop\MountLock.vsw

Filesize
318KB

MD5
0ebc80541e09ea68a50746673994083c

SHA1
1ef9fb822212f2d1fd4f3a7094cc91f52c7996b7

SHA256
e14c80bf9483d4a71d77ec94c0ffdb1755244756463f5556832a111018077056

SHA512
4b0084a32766b50e5744d01a72311eee564848cb34ff14dcfebb0779b75864633907ac908b63190ffb0dc9e91267f754711fcb698a7f702b0bc6c7628bcc1ea8

Download Submit
C:\Users\Admin\Desktop\OpenConnect.tif

Filesize
233KB

MD5
d3275a8154c6416c81c547bb944e3860

SHA1
967f58b050183578caeed02a1a66eeb660823c9b

SHA256
b8f6b6edb199317834bf8a8c4aa34d7326dfef745456fdab2b34c1b5cfc54816

SHA512
a0320e10b3a4fe2cfe88ddc072c6150a5415d4d7ccdb07376ebbde3dd2873881fc105e7150b1d83f7f8b0181578dde434024a7642cea7f8fa82d0087db1e491e

Download Submit
C:\Users\Admin\Desktop\PingCompare.js

Filesize
307KB

MD5
d6565369ffe82ac95e205cdbc5e8c3f2

SHA1
6b7c2d3d3a24ee126f927c44838d466681ec0d39

SHA256
173cb643a778fe0d23d4679e3c77970430464bbe925ea8e13cb8113e891b8283

SHA512
12ca5ec5ebef822fc42c605b5b50c68aa39c9800d31821c8e5759de4a4768d97db42872a03de2dbc2eb68bb9cfc03c12bdf80f154713c73ea00253855c7fc42f

Download Submit
C:\Users\Admin\Desktop\PingRestart.ttf

Filesize
296KB

MD5
b3409b40cd4ee52e396b1bb8085a2754

SHA1
298a84248ae5f252b5d41448865a94d22e341611

SHA256
51933f9466c0753247eb66e0811a947fe4b2af57fce9e1139d50dd415656acfe

SHA512
5ae14a86987be5ea3a9631d3af14045c703ed61d141175d6baa347969e00c4759da452ff4ec3c764a81670fb9030d9b9f7c433b59ce6b449225c2407ff3b78de

Download Submit
C:\Users\Admin\Desktop\RedoUnblock.css

Filesize
339KB

MD5
249ece9c3e806591a09c2c5352080bb7

SHA1
6dea876e3566e25c047fc9cea1cc6ce1b75ebc26

SHA256
2b9c65ef094bbd8d34510169b57c84222a10f7cf92b69e81a2a34c34483035e8

SHA512
a88031c42209d34e127f391c3ebff94341aa06d80feac292e4d3ad7b511c617b98138e6b8951f6a1d44139176fa668ea21a7890997acfbf8dc77a66651d8686b

Download Submit
C:\Users\Admin\Desktop\RevokeSkip.vssm

Filesize
381KB

MD5
fa8069bd737487f3c8eeb4daf130519d

SHA1
98fb0a60dfcc04d2e04cc30b35e7ea021e68b7a1

SHA256
f84136ab6a06f2f7ae2355681fe09147d28697bdf86a9d27e2e5cd5629de7ab8

SHA512
e5aad3e5a68f9a06df7a32eccb5bdc57260313c482f66806c37815bb1c040b27360794a52cd63ddf77075390c70c3f639477e7c25b501d8a81963f1f13351b03

Download Submit
C:\Users\Admin\Desktop\SaveImport.ttc

Filesize
540KB

MD5
6ea22e56f69ee92543e32cf6300d3c5c

SHA1
dfc2742c088d3c40e9ea7006722948f0ad8a74f6

SHA256
e42848304180134b397f5bc9c69d75876f8e1c7fd3905d1df6c9d5fcaf2374f5

SHA512
68b68151da87374227e1c4301b618e6bcd50ac95d43b92605f148e389459deb9b1e6ff011625cc3f927a26a9aa74ab5b20b86efabe2ec1e45cb75b0954c40f82

Download Submit
C:\Users\Admin\Desktop\SaveMeasure.ppt

Filesize
265KB

MD5
b8cd4719423ddced6c7e79512cf43752

SHA1
36f4e0b0bab1802b6de57b64ee7991fd31e5861e

SHA256
3dc257587495b268ec18ed8e66cba26c2a95f066da79eae2a37bf1dad9535ca6

SHA512
76c8112e7ab5cc31d9d66868fbc52ea91a4f059346c2bb80c75a9ee9f0edf59f2f8bde784e3c2061ab64b74fbe0e84bcfcdee61bc2534b0fc1ae8e9b67e6d828

Download Submit
C:\Users\Admin\Desktop\SkipResume.rtf

Filesize
201KB

MD5
d722f6b13b7561f7099b15c56db4af78

SHA1
4d615d7223bd9e38dc80e8a5b1c3aa53a93eeb0c

SHA256
61a230da98c369f43de7f69208a161c8d0c5eea6f8793a79f3110921900d9cdf

SHA512
62cf1024e8893bf185335e3d80035af6a60ba1065ddc4daa3cc530c4e7422a8b09ac2652b4066b69ae03aae1a66b49f3ed09dd066545ba4af531343494d6a3de

Download Submit
C:\Users\Admin\Desktop\StartRevoke.AAC

Filesize
360KB

MD5
b517f41886215e3ce654cc9266aad85c

SHA1
fe2269a6e0e65dcaef407398e8cf9f8f5a5b4c54

SHA256
34ea898648e8b35dcd2449e2e62da3e7f24153b29bdd99ddb9f2208369088920

SHA512
605aa62ef7678a465a853835cf63f09f4eb566587f6915618bc36b5ab5bd1295eb205dfd7f44d454616d9761d8f9a17b0e3ac630af9c3537fa0f2d9581ebba10

Download Submit
C:\Users\Admin\Desktop\StepInitialize.xlsx

Filesize
13KB

MD5
f314fa3936c350eddc1771e8b69f1ccc

SHA1
4ac06fadffa38e20758c66de411fade051525fa5

SHA256
37dea538e0121ceabb8aa68c8641badda9ee424c034fbbe0f51491e74064f86f

SHA512
6d0b5a95c67163e8964a34ae177a83e58af94b67227949a520da06dade31ab11e73a335fd980e196e2fb8513c0d9bce5fce87491a004c02d6a95506a8cd87b88

Download Submit
C:\Users\Admin\Desktop\SubmitExpand.MTS

Filesize
254KB

MD5
d0d12568207f34b76482e9e48e81218f

SHA1
e77cd9c947af6f4e484653cacc5e26268cf4d01e

SHA256
05f191a8a858f4d10f674fc80b71d6a08e5b740cbade02925e0c4a2d3d80752e

SHA512
fc9cb462a8bdf185b16324a6fa88a210cdcfc386dc21b454a2f4fe1799e6b79d4e49204af6b7c06a8a4a64f348cfc007a90890958320de3ed0284b531ac07c1c

Download Submit
C:\Users\Admin\Desktop\SwitchInitialize.docx

Filesize
19KB

MD5
56b84809936e7e9f6c6e04a70d952c09

SHA1
d8122c837e53f5ab72df6a21e7116eace949058c

SHA256
c9f60ba4ecbb9333c7691de734808fa4d27a0867699f76dca546997f05b0a10f

SHA512
cab23a70470cd6b3d0c4bb8d7265de3a4c0dcd324b4376e0471a2cb9e8fc51f73c5efa61a7949ef6dd9620718fcd9d8fbd33b05378a6a2e66ae12d039a80bfc0

Download Submit
C:\Users\Admin\Desktop\SwitchRequest.wm

Filesize
243KB

MD5
8d95229a999a2e493d4e84b31e79c447

SHA1
47c834c181e8459924696e42a36dabc8f2367656

SHA256
51df00cabf54f6360730d178574988b2f9f2cfb2127aa8270968fa27360f3188

SHA512
ea92aa2b47444e7941029d07c97543036eb60aeab18d0c011b26c1fd1f9cf4e492a5ecffc51cfce1dcc27f319478be4435c26b6bf0405d179e9b8c4cf1fbbf52

Download Submit
C:\Users\Admin\Desktop\SwitchResolve.tiff

Filesize
169KB

MD5
b9fc1d1235dcb5ec2e934add56a90960

SHA1
489bda167ec38a8d8a2d66399655c6873fa480d1

SHA256
21460d065ca19732345aa99979013908e67e225b81c2c5454a8fc9de1582eba8

SHA512
a1125597b3db5736ef53487f36f85cb070598b1c416dc4885bf442525f6c7a0628207dbed400a7bb0a555d63c1755e207eceedf61daeefaf44a262efbc6d82fb

Download Submit
C:\Users\Admin\Desktop\UnblockBlock.contact

Filesize
222KB

MD5
ec2a6c744ec4721cebcdd74350679a06

SHA1
7179d709a29bb4c506b8de57b155a22d0986321e

SHA256
fb09af91e3e5f12cf1efc64f02f67e6df34764eb0d32269c53c99716a48964af

SHA512
07a4924b513b0b4b3ef54cf34bdefb416fbd8569b56d13b5844e996f1f3191446c7cb37860e9026d69ba8e54ddd56cac7e454ae9009ecd3f5d2cef26e2ff9fc4

Download Submit
C:\Users\Admin\Desktop\UndoOpen.svgz

Filesize
328KB

MD5
28abc80e50addb1c8a874150f9a7e76c

SHA1
41a66ec33dc967a17fe95faa51de18c101ec4c03

SHA256
a9af307931096c10c530bcc9b16acde5296598777eff52dfcab4d6bd041ffe9a

SHA512
dd168db33451f4e836e1b0e06a346835ead463c20f0b2fbbfba4d4a53983247ff28b378e4fcecf4e3871476b61f6b8f2cb5607a32bf5ca7c28b45083cfc827ea

Download Submit
C:\Users\Admin\Desktop\UnregisterPop.zip

Filesize
371KB

MD5
f1ffff4e6ec35250441a8c969fba65a5

SHA1
752ed5b641586df9a3413da1ef93093df025cb87

SHA256
6199e916cae98b85992201d64dbefbfbc547fe71a25a5ad06064b34c24e978d8

SHA512
835b892ff22ed0a57f6ecf658e535451c0ec172d5e3b3686749e12fc39f10e34edc35c4183ac09f542ebdc82e877c58dec2bb60007f7e94846d20c56a4ae18c3

Download Submit
C:\Users\Admin\Desktop\WaitRedo.ps1xml

Filesize
180KB

MD5
595f029bb4eb4f8d836ba2b1ebeff63e

SHA1
c5b952faca42c132ce8fa01e411953e0fb3e07dd

SHA256
740589062f1856c8d48599f1fb6e89e83a3d7c770ede9d3aa614469cc01ca7a0

SHA512
81df6b09082f4fa63454acffc13733542ebb9879b6ceb74aa0f2d35640d2be3dbd98d0e64fb22f88589d73776778af907e8cbf71cfadb3fa0ea59c83bd849569

Download Submit
C:\Users\Admin\Desktop\image.png

Filesize
170KB

MD5
e162f3c3e59ed38ab14feff3f9d0b244

SHA1
33640b30761e8e6b7f1419fd2334fcd83800897e

SHA256
3cae8f9eb2996ca209d4ee13f1080fc85505f611f523f100088b201bb458323c

SHA512
a23b316898712c744e480eb5a2937393a89ed84c40751587b87058435565807369c598a6e0b3765b95e47684e6801eefc0d9acf0126912d9a1ead4d896345271

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
a3efc649bf4c9bfd98889ed7c328e82e

SHA1
3263154741ceae19ee61e14a98b604a788324548

SHA256
4a7e7ddf10f9c52b801dbc59da70d94621240e1683c146027de84cfebee600cf

SHA512
3cf8951eaf9905a059bd58c086945421a4de58f83e2fd3278f79bada94aa2792d00c152b215a61caa04037a23c22ee6e553c71102b1a637befa0867df013fc01

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
46e2243e580363b59e17adc20bcd5131

SHA1
fdc3668da11eea8e25746328e4ce6a5a13f99f5a

SHA256
f18c9b06a579f8963c8a6aa7e37adb96549d0f7779012727beef88c49e8a67e0

SHA512
a4abbbfc0d95ac18313ec321bc0808e779e481ec5ef8c58d5a98709e518a1c9f5bc4885e7dbf455fc505c15e619d29d53764a0bc76d13e35bba339f44d05f06e

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
f1fd4309d15b4a161aa7b157d475a8e2

SHA1
82c8dfaf0673d0c445df02cebcf6fd5a37d42ac7

SHA256
f119ec8ea05a236f764507200feeba85fc5856d200e5003d3fbf9d84f01b7212

SHA512
ec16e8ed87fd47ee678c271b3081d9c4403ed5a929496872cb79275ef0e34aae3e407ed6211d9a66bcbc2c5d2d1a6cf501b1107f212bdeca59292b3b639a8dee

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
d1467c397dece625f7790d42caccca84

SHA1
917eb33df5cd8e7478da7ac889667215edc83ce2

SHA256
03329f0ef173d09c0aa27d28234dd3cb368b1e141a0ab926b6be8c48896e2130

SHA512
0c16fd1bfcc99aaef50bfd30f114bf49f8aab992321422dcde521c7311a9d22569c4b107b1bde4bb5291507516bb7906c799b1faf8c37fe7b248ff87aec3ec87

Download Submit
memory/2112-0-0x000007FEF5523000-0x000007FEF5524000-memory.dmp

Filesize
4KB

Download
memory/2112-4-0x000007FEF5520000-0x000007FEF5F0C000-memory.dmp

Filesize
9.9MB

Download
memory/2112-171-0x0000000000280000-0x000000000028E000-memory.dmp

Filesize
56KB

Download
memory/2112-3-0x000007FEF5523000-0x000007FEF5524000-memory.dmp

Filesize
4KB

Download
memory/2112-2-0x000007FEF5520000-0x000007FEF5F0C000-memory.dmp

Filesize
9.9MB

Download
memory/2112-1-0x00000000000E0000-0x00000000000F4000-memory.dmp

Filesize
80KB

Download