xworm | hxxps://cdn[.]discordapp[.]com/attachments/1331325598009790596/1347582219064971335/Vortex_Gen_PATCHED[.]rar?ex=67cc593d&is=67cb07bd&hm=e7368cd4b96e85408cbfa1fdca49d3aae71c44a31ad9596e63fc897c31a200ed&

Analysis

max time kernel
1319s
max time network
1205s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
07/03/2025, 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1331325598009790596/1347582219064971335/Vortex_Gen_PATCHED.rar?ex=67cc593d&is=67cb07bd&hm=e7368cd4b96e85408cbfa1fdca49d3aae71c44a31ad9596e63fc897c31a200ed&

Score

10^/10

xworm discovery persistence rat trojan

Malware Config

Extracted

Family

xworm

127.0.0.1:45776

unit-wellness.gl.at.ply.gg:45776

Attributes

Install_directory
%AppData%
install_file
Generator_64.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000a000000027e03-65.dat	family_xworm
behavioral1/memory/1984-67-0x0000000000130000-0x0000000000144000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000\Control Panel\International\Geo\Nation	XClient.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Generator_64.lnk	XClient.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Generator_64.lnk	XClient.exe

Executes dropped EXE 16 IoCs

pid	Process
1984	XClient.exe
4628	Generator_64.exe
4336	Generator_64.exe
4584	Generator_64.exe
4832	Generator_64.exe
1056	Generator_64.exe
1988	Generator_64.exe
2640	Generator_64.exe
3736	Generator_64.exe
1448	Generator_64.exe
520	Generator_64.exe
764	Generator_64.exe
1548	Generator_64.exe
4500	Generator_64.exe
5084	Generator_64.exe
3492	Generator_64.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Generator_64 = "C:\\Users\\Admin\\AppData\\Roaming\\Generator_64.exe"	XClient.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

defense_evasion

pid	Process
2648	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133858326628758957"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3140	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2516	chrome.exe
2516	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2516	chrome.exe
2516	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeRestorePrivilege	2352	7zG.exe
Token: 35	2352	7zG.exe
Token: SeSecurityPrivilege	2352	7zG.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeSecurityPrivilege	2352	7zG.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeDebugPrivilege	1984	XClient.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2352	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 3100	2516	chrome.exe	81
PID 2516 wrote to memory of 3100	2516	chrome.exe	81
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 4524	2516	chrome.exe	82
PID 2516 wrote to memory of 1264	2516	chrome.exe	83
PID 2516 wrote to memory of 1264	2516	chrome.exe	83
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84
PID 2516 wrote to memory of 1080	2516	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1331325598009790596/1347582219064971335/Vortex_Gen_PATCHED.rar?ex=67cc593d&is=67cb07bd&hm=e7368cd4b96e85408cbfa1fdca49d3aae71c44a31ad9596e63fc897c31a200ed&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffddef3cc40,0x7ffddef3cc4c,0x7ffddef3cc58
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,1903970212591397158,11163890601975017078,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,1903970212591397158,11163890601975017078,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,1903970212591397158,11163890601975017078,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,1903970212591397158,11163890601975017078,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,1903970212591397158,11163890601975017078,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4504,i,1903970212591397158,11163890601975017078,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,1903970212591397158,11163890601975017078,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5160,i,1903970212591397158,11163890601975017078,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3500

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4072

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Vortex Gen PATCHED\" -ad -an -ai#7zMap15664:98:7zEvent22402
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2352

C:\Users\Admin\Downloads\Vortex Gen PATCHED\Vortex Gen PATCHED\Vortex Gen\XClient.exe
"C:\Users\Admin\Downloads\Vortex Gen PATCHED\Vortex Gen PATCHED\Vortex Gen\XClient.exe"
1⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1984
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Generator_64" /tr "C:\Users\Admin\AppData\Roaming\Generator_64.exe"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3140
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /delete /f /tn "Generator_64"
  2⤵
  PID:324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp3BC8.tmp.bat""
  2⤵
  PID:2920
- - C:\Windows\system32\timeout.exe
    timeout 3
    3⤵
    - Delays execution with timeout.exe
    PID:2648

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:4628

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:4336

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:4584

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:4832

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:1056

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:1988

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:2640

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:3736

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:1448

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:520

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:764

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:1548

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:4500

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:5084

C:\Users\Admin\AppData\Roaming\Generator_64.exe
"C:\Users\Admin\AppData\Roaming\Generator_64.exe"
1⤵
- Executes dropped EXE
PID:3492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e336fda249613ff33ac3a3107dac12ea

SHA1
d422ec2a5e6bf59163ae4afc82eb65b21a308621

SHA256
343cc68b7b32070a3585512fafbd01b761c70d9bcb4799a52276ceed1948035c

SHA512
0f219d19c5401a92f48487ede023cb8e7913b1fe47afac246e916229be21ec152117b1cc45887b93bf1fb8de863a5c2b693c45d5395a0581331c85f8925ef54e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
738411541990fd8dd18106ef6f149ac6

SHA1
679474c968109a7e837689aa47ff286ede939230

SHA256
4478907146278a9d7d486383ef91579182cfd9f373f60fded027c1de747da78b

SHA512
ebcf31a9a8416d1c2654ed1563748d9b71809202a7d2963c5542ab2c5308561de9cfb8a793d8928d6891ad76c05f15d28626bd183307ff83d0ae8b33899a89ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6652d40e0a9401dbb213537fefbc6311

SHA1
9855d0791c292c3977fd8fd02b09495f2f098f72

SHA256
46ef6fbbb6029c672a9028a91eda43c1a5f000c25a70f3a78df0250074dbb569

SHA512
fbd309bf9391b9a8c3c3c41cc20d55ce30cefc442a1351f8fbee450212f76c02b5839df4fe64713ba552e1c0095b1310813124013cd7464a6e05d3eb0fc43309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dc8c44306a2c40c9fe2b43baa343db54

SHA1
94f89701093d056c84fe32875441f203cdb2109c

SHA256
09a4771cc7fdafed5a156c1cb05b8fce519c1cb0a105a09e29474c107f78f238

SHA512
037eed3483b0c5c06b0af39f702659121d3a0eb1e3a98900d6f5182f2ac46c205ddc48f8ffa24e9cbadfaa4858f555bbef01d8aac7a2ef152f0465276ca43788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0f4cb97d71a8e03d02194e9bdca8500b

SHA1
fbb4d5c0fc7ab88f2928ca0b2da2e605363bcb13

SHA256
8fa0d7e435086dc382300289f9a4362326b043dd666579bcf487e854f200adfc

SHA512
e182e5596cdb3b8aa8f6229234d0fb1a62857dcc11f5a623141c00616e1e6831cca06385fbf4ea138898d0d64104d2534f0fcf6c64635bd0c208713c1c2647c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b69be81dcbbf17b557c1f188b5b7a509

SHA1
8cbc74116e96dfc1d990c8134ec2f1b161e6a5be

SHA256
a52a9b54f2ff93aca33191c0e81ede251b3a954b590e224f38d556e961760d46

SHA512
0013073751badff9806bbab927d95623bfee5b1ed752a0449863fc23beb2ae86b36b7e759d31682510ca199e252d7ebbc5cf428b6d9b78585021c661be7e9064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
459f74fc14b2a7516c9afe194149ef23

SHA1
5b3d25d0e3c90b29c7e7f288d8b695042c34e374

SHA256
9dd6b5f80f0dfe41ee043d4dcfe4f8078456d2bb93d87a0281477fd8c690764b

SHA512
cecf19a3762cbf763d1efcd45b59f0d675fb3cb26b756f6a125d99677af252fbd90bb10fd7fd6f1615c972051e5b4b9d4654d0117ada0b87fb7975e9a2d1c75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fc479bfc895475c1d1107ffff51a31a4

SHA1
1bbfed32306f98dbeeaa2f8c7c53c8b9e1f3ea90

SHA256
6aa2a1c9778385e339487f34337c7bf1a44c47780f2de3cbbc863955444b2a26

SHA512
01167fafb533228cf59d50b2ea0f7ca79430fc5e3c664bfc99da3c9483a6c530132fa98d92f9619d88bc443c6938aafaeaa89d6dc75062b3bd3e1200b372739d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9c2dcd1c42edb7b1dffb302a28e81ecf

SHA1
b0ddc6a8ae284dc59715b836c2882bb4e05e0ac8

SHA256
74d8e22aa40fa055c02bf4c96c844cc4c354a3c2ad974222e672ce61ea586062

SHA512
184a04aa8647575b8a8d669648c9c938e6344ac1370e0a672cc186e8c3b21151aa0b179220db242a24312beeb282a53daa2c2a7d9c3be68c4360298ad19b73e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c2cc43b48308427ba7334e43947b1766

SHA1
58e0a655460db4662b5dfc945975931e75127bc4

SHA256
416e2286100860dd2164f5ae1ba5ac6aa32f3fc75268c8d7a2197601f1676133

SHA512
a704c066c1cd36f0225a1b54efc01455f9a8603f819dea5c37648e40e204cf6c8928a33dcec7c4dab08bb90378ed64b05453db6004a4b1f37420aee78435e3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
911662923d9709e8c0dbf0159794c716

SHA1
052d66ab1a611bf6c8cc847cde684a0478518a64

SHA256
8ddc1c552bcb702184f124270aedece47bc03960fcaf0f586cf5345b4e17ca18

SHA512
a62773395552a9474fb3980f8f39395d12d248cc134252f88e485035f050d1ee4455e3ca5b63d27dd1509c099e520e0d893502acc030c451ac311e2cf2fae005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cbb3dd2e9c54824955514abebf311e14

SHA1
a264de229ae21c5250a51fac2477483a3bfc9db0

SHA256
dcc559240efa5b0ca382a547fab1252c4e88fba1a8378437805e75f054066d75

SHA512
deef8cbfe4f78824765e7bbee0a3f5be728954043f2f231add2b4bf910eb524a291c330ebdd8b4680731d4794ba5d4a25789479f07d420c9679bcdb28ea7a86d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
156cda2f459c49bb67498761d1af139e

SHA1
aa1f3e907bdc5cefb7f1661c24ee52cbd23079ff

SHA256
60a5233fffb5c34f84faba93460bff6693e4c8e7ebe9b9438fa844139d62e779

SHA512
b0b7180f110fef977140ece6d316f1336e9075781085d1a99446fc768b4e66bf839ebd51f8c8b40c704f6b544676d684d592dfccb33965f32c30be401ee1a649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2ab5c24ba6913d8006b7f3016f2f509e

SHA1
02113783866c4da00798afe9468ec1ff66c7fc52

SHA256
77bf1c2a01cf61c82e156d0d097571b4cb720c85ccbefedd5005600a34880a86

SHA512
0eb431d5c399bfa180fc7c6979e779d3f232cc37a65aa13d717dda6675e6a0d9761773fb0be8207ac2c1f1d888e8dfb0e4b79f58dacaa82d1c11514de0f52c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c0a93bf2cb3c4c4415ce732f089b78f3

SHA1
efdbdacec82f2e85291eb0b6fdbb2312a2469c23

SHA256
cc1b61d3bc1f2c475293232bcafba220c212ae837b08ab35c4fef0f2fae92347

SHA512
bc08f0a269edc2fb36401cad04daf65234053b7ebbb20345fc1ec8a284a5f5ce27e7df8cfb3d15c3d044230d5a0201570c8b1366eb34939f5cafae850e89947b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
470791110e073df14d5ff1b134d77639

SHA1
f750f3e3d3c6e2f6a11b90f567d1b10425189987

SHA256
67e06555b8bb6bc8ecc0a76c9b97d0c7427f08390acacc051fdaba6877e83ab7

SHA512
b71d1d762bfdfe996a5010e41339218d58d2f2ff9cd1f85a48ef1938b7e7885cda7ff95e4f9aaa48ab65ea65daa70110366272b635c7533a00b9a00e258ea13c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c2e0b452a9e98c13ce216784f6210c77

SHA1
26437030ef53495f2283d7c64efdbbddb46da0aa

SHA256
c3140f77f04b8e59b21ac5b21d68ce1b95797f76bb23085c335439e74a3095c7

SHA512
6b34864fe8b353ec3368bbd970d57fb5bc106c3f4835bcfda6abe2f9bcb78f249478e16dcae934c3dfa8a3bbeeb0a7b6f9ddc3e647e8f651a8098025c2c266de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cdaecb3a4a9dd90a944382102f035e62

SHA1
ae6355244e20e090c844ddce6a80e5a96b475087

SHA256
387c6ddccc25a5236f93ad62c61033a6a1a6ee99e6a0c9175fe53e6f7714cf4a

SHA512
8f3fcb2d8ffacb44f40c79078237705a45c05658486598559e776d3a87b2d6c3c733daa936ed83cba64239301e4b786c94f96b7709b8a5855c8a24d7c85a09c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bd229b32ccfacbf1883bf0bed168facb

SHA1
d5afa676acc1d3d9993cc5b73c74598712e38952

SHA256
215a875b091a11eb3d1c1c28fd40350a967f49f878b8cca89a37332a6bcc39e8

SHA512
cafc85ddab54d0d35e8f821a936bb8f68ff8af1527a61b48da0e3d3aae3cca50e335f5889a4e750a6ab58cf928dba363e5e04c072b94d048b016fa8eac5125d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e41a7491ff243611b9bcfb987c376caa

SHA1
4719e4b32e3b75f7e97658ffdae00896173e878c

SHA256
209d254e55f5ce7cf806e62051cfedd7a60a941417fb7ee1c26c4e71b4a32fa9

SHA512
bd159e4420de2762590217239935eb669ab991dc455d3e8e71c512b3591aed4a83e62afb75dd7d535b7a31da37218bf2fb07f20fd739623238eace644d213d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4e451d48127bd52cefe1bae22ae34f0a

SHA1
399ff4dd8a96136a4c604d7221604ad75b9262b4

SHA256
650e7eedf1aa87db1ea09d418ec17c8f299f0aad3f0a3bf78293337546ed6479

SHA512
83c6e2fb505a2c2aeb6c3f64569dfed9de7a49667b25741e8f28d3889709ce4027c938dfb5f534683c9117b9fd57caa1fb3e699f3baf565962bad2da4e572eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
996a9c146a4bda2467f1afa0e03a18a9

SHA1
f48f105b56e0700622fda7d37eaf331a68038240

SHA256
bb7108ca1f501f7c5ccbda148bcfb87a1ffa55b4a61c76f67729a5e7462cba76

SHA512
6da91ede04b84e8095913a06860213964d63d2397ab6ac642b8ca275afd028df3cc5b05d99da9ebb4d24b2c4f1c95f1915ed8484a58de6898e8b0bdf9c49d772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
83bdb05153bbcc4c9e2d3aff81f745fb

SHA1
291754e64433184fc332c19bd6061ad5a1ec14a9

SHA256
dd297d3fc2f4ef1550f90b41df000509d873080eb90aeceb050da669e1a2858a

SHA512
556b5aa3fbfc3a97b07365642a0a7d56d71ddcda9a0e1cc358b782ac17a46bc5a18d631177894523aa21e0cf541bd974e994c24ed54fd6b13baeddd2584a2b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
04e96ad13282ff1aa120ebfcfdac6d96

SHA1
d1a9caff80a1e52556d754a9377e9b24a1c2e4e7

SHA256
c7f4e9357f097a093072437aa81d6f517ba924317022bf68e8027673340e9f83

SHA512
5933c3eb1d06b0a66d7a73c34adcd05c47b5e874d23a9362415f975bba9bf7ed0e4de67d62aae50f3615284bb0c2f57983f02eaef6e5c7c9da9133071f84502e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0da71cdd6b30b46081f1ee71654454fe

SHA1
55bc43b763fc6d7645c1766106dc1c39d56d3fd3

SHA256
a496f633a0c7e524c0af8884c647959869c54bfa5008d0748fe98d781023f838

SHA512
6ab278de55129030adb04db65a61d80a08d00b2ccb5c7fb724c84eb687cabc5b20d9befe713eba5b44a831061ac92e69d44904c21f27ccd81f72baf672c3ce8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2e01b123dd20459828c63fd49d4221ad

SHA1
b2ed7f287d5233c28898c4f611a030417000f2da

SHA256
57337b86089929908d5158d1a7018e01544cc619040b7e21b272830bbbf521f1

SHA512
ab9678bd2ddc270f6a090d9d99b1c7e351d53b85800a54c677dc276116bc9fc0fcbf6a0b077b9e0c5f239c230409d025dafdcbeeea60a8f10f163ea84278e76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5fa85fcc3f313d5f4651ff47895cbe7d

SHA1
d3711895d05e3feba96edcaa86493239aea74c7d

SHA256
8c8b0405949dd994b92dd66fb3c452003de5bfea45213b5068ceb677d25561a8

SHA512
9b721e4f65297115b47775044c193a090ce10e944c049b517f481b951cca57c9cdc294920c19f87f662faf48aba67efbe4d48c5a367d47823739f6e99186d31f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ba058bafb6c4dc3cf4475f628da0ffff

SHA1
fdcf3a456c29d2c63a62b897b02dbfa9eabe4a39

SHA256
500112d25a17fb4b05efa2a03eab1d3b930048c296f5c42f449305f217001ffa

SHA512
4a087369f9f57f7fcaae5bac6369cb90dfbd967613d618dcd4fe38bce2ac24480855bd3d65c66bf4e4e6e231dc6a6a748808ee3d1eee57475701f972d88d1c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a95a8b49d5869b82bf0ac6cff2469340

SHA1
80a207ea9cde394dba54d89544aadf8a65a35adc

SHA256
b10d3d93d27d4617f4bc972350d4ae95d146b15a73889ae4973c83e708b6e74b

SHA512
1a0faee85230c45fc0237d19bf93d98e2e92beb1558e0f0f6ac4229d41e21b91ccca193226c30aaaa60de1b73d89d009c9e6bc8b2a075c0aae975b8b4177815c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d67382e713066c285d3f68004e762b9c

SHA1
a0befe054e94cbb4754726fea686b4a71e60c264

SHA256
f4b2c0dfb14f1c974fda4073a35fe1a8c868475c801b1e9eb207f888deb23882

SHA512
1f64f48002e84446a5a1caf01462558bb2cb13250714299776b4afddebba4ca4adf3feb3441d1b695826f73ede2a911c1b462a8f22279b1a78da9ef601c50a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
058fa2f6fd1c12afca1b5f152625f2bd

SHA1
4ff30471010410a83d2473a497a555cc11b7380b

SHA256
feee788667d36f74610a7068f91e834f619892c0750f58ca3166a252077749c6

SHA512
8e2275b4b074ecb34669ca102dd4c448961360f57e3feec3f4b0d3b9077359a2e02a40698da80335f2f7e03c3779ca34aaa4c5e5d34527a791386c3a1d3da914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e3ad2bdd508845aa187230ac8f902edf

SHA1
ec702621a10fa89a473bbe3e9f0c68ee4027ecba

SHA256
15fe2b8ab657a7ae167dda36dd7eee118f3536cee60deb2403638c82f9a4f6a3

SHA512
ce635e0b6d0204702d384df57febf1ff3d3faf60aa4d269edce8f6d8d4158c478a8f21ea2bbb58b8294ded19cb28a7d755963959bb08816e27ba372e5161204f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
eccd8ff1b055269a0e39b1686b2ce18a

SHA1
e9a05d974e621c3f1ff19707e6443bcbdfd7f8e2

SHA256
8b4ec34c143727605fbf5b476c2a38bd05b5d56e8a978988607bc01e1c22fc72

SHA512
78f303c752d1a6ba4d62acfaf8e1f5bb8f2e7456e36ae90a60fa23b5e5e9986ee5799ba256ae2841baa6e1b0f9269abcef73d335359bb0fb7f2a0067f13725af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9326e6932da3d2cb68e0504778cab81

SHA1
18dc64003aa6c7afd4e38692ce987c2a77fa4a37

SHA256
8e2b07e3e3dc717710e6ccb6536c0e4245fbe1ceea474e723fd2a344b7f13242

SHA512
c19336e1b676012cc45a226cde06d821780cb4aa85adcadf67bbd9ea037fac36f64884e70cde7dff2f350149bbf2a882700813a4e2bcdc8e4cd68721f67a226f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
71e12318c6e37d4443c1110d9a255071

SHA1
15b8f4584d519584ee0c5428c8902f4493a87d17

SHA256
e5e0197d4c41829acaab18f298c7982a5661e2d511239e9f0cdd3fa994d6a9c2

SHA512
70c32ffcc7e0c8192b607bfb7839f7d0df44dd035ea22f92842bb119c7bac04b6a8c2a0d7379e4bfae4f12bc9c46ae32dd837da29e3d7f6305f43355b787ed77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f29084c3ac79da328d0d8b4308a3852b

SHA1
ce2aa95ea534ed7aaca73a70f230b5390facb819

SHA256
e982fd49779bc09976258972f36564b08c2d60e05fa6e7b3fad83e49ecbb171a

SHA512
62e7a54d703a3bbd91ceaac883f3aed6e449d5fa81a497cbdd621032c29e8070d025f02162958ef6510aac4a2bbe905a7e8e3c6c29f885a7eaf0b23bd7b94920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5b170917ac4e855ffc53b1b25eccdc5b

SHA1
90a4ca42e75cab5ddb6f58c17fde8f86fc3b131d

SHA256
ea413d62c0470d45899b81ab1714fecb8d2fdf6314aa2c6cd4c4a05bd41a95f0

SHA512
a3b34d213e80ffa7f2ce342c586b21fc9c1e9af4f1a639facb9e4da1ca7720e88286ea7e695bf2bcd9740b932b339c1a6b5f2fce3c77eb49357c5bee2b4927c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3fba2bea55e9974a75fff37735c62804

SHA1
e8ea1b41b20a97e2e338cdb54cd08b5e8377a300

SHA256
faceedda498fc347a5a2fb00e0c54d3cc84d73672dbb2a70d0561d9e27526437

SHA512
618b84cafc1602a80d6a31c1cba079d5c244c67ddacf9d12272b3426032a324842dada5215cc4f8d4c82c7255b6caa1ca5d056a987635db3d2f0824edc04571a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9e3ddceefebd8dbf792f0ba60a07ae37

SHA1
95d52aa1b5b64e1c5142a5001d75efb7550262d7

SHA256
88048c46216ac5dd48c521a678057c6575ed5aa8d49215fc2b7e18eadc3148a4

SHA512
caa733069745d88dd4d3ed161efb17f2a3201d6cb6e72f72cfe6dc20da89e8c9c11f55d353b8fd77d514348b591b7448f8dd70c5520ce4201bd39f15de0612d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ba250cb6f0db50b90c84330ae10b0bc6

SHA1
38220f074af3c7a944890e97416c49da54153e0c

SHA256
ed13a0c5d2fcd2215a4f014db1941bc609918eb5317b2fda390e110828b0a29a

SHA512
0a251a9085c9116a7a6d01316b96e27221fd1474e113811aeff365e3d81871c9fef7b376bd81d9f25b9c6d88b0059ccff1ce94699776e26b8e800b5ba7bd55fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fd0c7510709fbb390c0730ad6b9aaa7b

SHA1
a56a2802ea0663a07343276df68d3fc4bb839e3c

SHA256
f3d3614d2cb70b6894a585818d82f0d331bc55e8d12969bf295c359f70ed2475

SHA512
d1840744d304df0edd1c0dae967de597d87cc7468c005e849e7a9860539f88bd1182f8acee6be2c862f6eee939f8464190cd769f40e0e7a500830d79b455482f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d58a9b8b2ca102fbd7056138df83ccad

SHA1
14cd965fdf9ca1515d6f0e9db8e4d05c60ebd4c3

SHA256
4b1d19cc02436269b3f9d25551b248b4e8bcacc312be12eb0a9072625bdb5c1e

SHA512
4de4c29b92400f14fe664161c5dd9f549b5b5e22460c59a9e4c6629be59b77fe7816706cae2c841bed4986fbcee0020e1f140eb15ce11d8779aaa1aa856005db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
53b49712a4dffc42cedc9eeb7670ae09

SHA1
c5847d23a3a4a2126688823ecc7b9ba03179051b

SHA256
60879a907491c83321795fc53e1604e9be819bb2037f5a7fbd7f7ccb6af05f16

SHA512
d4ea939d8f9e5a1e93c6a364360ad94823066e727053145f226e897ec8c8eab38ed75b2974ef66f9195cb17aba1cf795b8fe0118cac3cd1024941e34204002fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5094a4de02b8d20231ec932c590290dc

SHA1
763d0ac0126f463ce173b9d3370f2e33ad64ad3a

SHA256
546ad8630cde8b33937dd1a4384f003823b02eacb62f94657e9163322e217885

SHA512
6513fcadc2ed89d6b8d6570f2c12782baf47c54286f52207bf37cbd9a5b2a3a06014a9da11e26691547dca317e3e743f121f93b75570e9e2cf3094a7d95f1ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81892025aa7170d031e882bc323f70a0

SHA1
7b68f06844bee1f15d1472167562dc0a39bf6cc6

SHA256
15a7f0ee8478839c713c2a35003ca6f884539c9ab88ab28299bc2dfb4786909f

SHA512
16354232a4162c73293a6bb7b8c0a249a93e3782a81b2e08250cd6ddda85d532b75b4022f2e88a4332401d3aa29e36a44c08341dc406adc6c1c9754112e6b19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6d6742b7a7546d0d52ba183e9988d0bb

SHA1
7d07e677316870f399edc750901d2e993adae159

SHA256
57e3187b9ac6ca3082a1f5e78fa5a8b1a6b9bf6dc19d9294b5de9c2780709657

SHA512
a1d733ba5b5b4cf99a66977df1d80e8165452dec534c7843a91cb5a5a147a24b95a4e2e394577530823a709fbc54674277f9c021699f747d5478a3943983548a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9471dfa9f62a54f45038ab6c4061bb13

SHA1
ad7a28e23ea851dab48ea0aceb8ff9f5b3f38e70

SHA256
5507bc240aa92c0b66e84a3902ae6c5e8e555ebe7106dbea927a4f85d9c0bcce

SHA512
c3ba77ecb96822e54ad742c31a8a83bec3d74ba94c2380a2d623f49d3bda623e8909c657385586eb559e2650ce4897cc0df19099240e6a5eaec8eb5dee59d779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e5a4b8248cb440f73556f27db66c263e

SHA1
571ff4af2c5eb9aea43f71ad68379ef373e953bf

SHA256
e506a1272859018e99db7f5e2f930c57e197f0cec2e781c075470e45dd94625e

SHA512
7ca060b506f0a134a6807426f1dac1e91b96b842416701ead0112bed3c1fc5aebec1ecd1a6b208e392d0d1c581c9fdf78fffe0622ff0b3d2cfd678a25e5f5eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
60d08f0c744bad7a32a6fd5b458a3739

SHA1
c2eeffa540308db1c2fe7949ec4f8576865bed09

SHA256
602985b2d7d6002e312d8a845441ba65122c8cc899d41d50a8e522d28b0c7a8e

SHA512
0cf9ad2eede39b21ad8298e89cff4a9f6ce2cc9fddc15eea2dc4cd2c8149738f35f26667c945fe9161937a4da42a73ec4309afb0520968beb0818064ca0aad78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b46c51453d15f011e2e99b338e9b2597

SHA1
e2903bde10a5763d7f6c7d941199123566ca5139

SHA256
b37dcdbcff3bf645f810ecfafdb6fa4af3039d0d8b3c92331c74ad2159c18c90

SHA512
587823cabd938566bf90d64611fa9fb140025b9f3f6ca0c92f2eb31e0123e598cc998c221a8a51885ecfae41999947c5384d6c5412bc977baf702159c4b5f916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4e5fb6cdd22a7e95f0bf01acdbce6515

SHA1
d7c301009445f40d42c6f2d300d99a58450e4309

SHA256
c7fdf961721e41f91a1bed06b5c26156b4d9d2e70e22eb85b48337fe8bcb137d

SHA512
0cb5ca746078114e80eddb7fbafdee93a6020c4eaa3082a6e127afeb9ddd42a686383c1bcf6bf2105b380d34e2f91cc296e6838efab2f851b514c172c6696ad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
85345ee7d4a0976469e2f85e7578fc72

SHA1
7d52c9dd88c7e30d3e14017f192d921c71152409

SHA256
903f5467d28a2e8dc158aef99d67e3dadf536708d3080263bb2ec614cb308716

SHA512
69b7591f479ec743d448984da3c34b849272507c109cadb9d37841d5286218c55afea48de09ff18a5797b493a82fadbcbc3bcd2c4918dadb934ca9d13f172430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc1264574490e529961299fc16f05d1a

SHA1
da3d7fc4ae7b82fe54176bcc07e2f9633075dc15

SHA256
2c7256bfa87722a66d2c031adab6b6bdde813f50474afe6c1c7dfcaa42331200

SHA512
ad3006a0f81a84398998603d2d641640642741a6b317ffa20720a7afa421a6f96861f9c3ec4e1a4ee798889cd2973c562584587d0e305dfacc2e46e8cc6629dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a5c6da15db2324b6c26c9cfc9cf5bd7f

SHA1
94ec9db2761c099ac45ecb51a58fea100f3e56f1

SHA256
e90407ce85d0de747226e8eadfe6eeca089c04a1bf1110a1d2f15f957c383cfe

SHA512
864ce161a5d55f3888fd30c4c26ad04376a014ce0ff49a9705b99df06c58ee155076952287df89bde013c4f540d2acc6014e85e8248ca25f978949acba8be0d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
58f3621976c642641f30d7be9a490103

SHA1
35337f88ed5a358ca56944e0c7b3e6bac894d2aa

SHA256
8c9d82c56e6c40948b1d04edcd06178e4d48ebb5e82c8646311d879f5e33072c

SHA512
b4268d633786738a4d8f3982400f4832bdb5165eef1d702f7167875524bd213c607d14d21896773dddb4801d097097e4c6f7928a695f6b93911c72abfd455936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
62607a5c91e953f2aeb77391ac7a977d

SHA1
209bbab7194bcfc563352fe33d044003e4f4d454

SHA256
8b0c3d41dd6522e0e547151dbc574b077202083e223aaf5887c90f29f923f647

SHA512
7d12b4a43ba3e6546f085c87112439427334b471805e7cfd50aff6e97d2a28a010ce69de10245bb4464ea676c1cabe7cfedcbef764f24050346f520397ef5c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46849d796249d30470d345028c33b8d8

SHA1
4671fdc80cf8db6d5100b25de16c2cd9dcb65a4e

SHA256
498bba1ae87c45af88c15b98e3a23ed31be142639de23abac481115e211486c3

SHA512
de664bd109890857dbf9f79b9b2002c21bf78485834ac696c2ee70820d04357724f0af5aa062d847c757f51ec327abfc533e6c17c21ad928b1f12ed835d590b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3638f6454ef40a9441f30f798a1f4d79

SHA1
d072f73140eee3ddc50273f19164e9efd8232d1b

SHA256
30b20b0e1e65a3a34b41d131f19ca4e48f588937d5c520811527f6c11c55acaa

SHA512
e57fa0e6bac88dd8f653f3f1a8459d744bb9c0b8dcef119bab57f7bb760f7097f0dda01f04fc796021d94391586eb2e663d1628e17863610dac3eb5e6e6870a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9d6c3162def1e00b33f47ca6a442cfe3

SHA1
13357ef4212a7e1789c2550e99a3613f93c80f3d

SHA256
025548e940ad9ffddfca49849735774b8fa50d3f6472757ac5a228f18faa65f2

SHA512
51e23af0144432a5cedef8e9f5be36296bb5c024eab8758f750cb342c274b50fe9323ff56ce5d7f5f9c92778ca7ddf6d70ee1b0de397a95a583e3c501ffa2045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cba71d7aee0f449dc65186e9ccb1a1ec

SHA1
81d4753741de6327ede04ff9c560389579377ecc

SHA256
4bfc522bbd1a385d2ae940111a1eb0e6b3e9b774e9ec3b7a462804dd44f824d4

SHA512
c163185929e29310e406ef138d62afc2384538c15e59248c97f824219c64f22f7f8a63396a41db0a81ca896c776c5ad4856ee0ab3a202955b19e2fbebce662b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ed6210326877d7820ebee9e71e3c963d

SHA1
ad17ea39737ec11d5c848d8c9d9ad36713f92936

SHA256
b06a902b51e472ce29c3a63e145b344a068b8d870d267139ba39cbef1fff69a3

SHA512
91098a63f6e9a9c141473c6479dff76477dbc1d40691388f8f0569b96534f9e5981c80550d17aa895c838f957dc3a854d5f0d7fd94bef76b98d99da0bf326ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23e07b2b29eb8c61070b003098840a9b

SHA1
e307eff69927768b3f2e2d1328dea5694758b3a9

SHA256
5080e8aa59f8dfe023293632e478237e8082fe81cd8253dc09523175fc962d41

SHA512
552732e74870ab99cb9f18e6d290978a67fd2c369fe297abb478194dabbb5275f39fd387dd418586383834981cbad593f5f6d39a7cccf49521abedda5e7dc09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a83109303d449b0f559e93bf018f0141

SHA1
2bb2c865c4a9d7b21e1a01b0a9648725c9f2aa01

SHA256
a9b669b2f6744b03aaf964a3003cb1d463e075d53b0b87187c2824a779e2e8cc

SHA512
86085e5c78cebc903094d21b5e49e006c822ffb882031400f09f58de3b9ecf0114eaa85044a57011db0ffcf92b693bb65fc1b35a7e10c37b4520794fcceb805b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
714f021866a8db3d28981b5c7ba519f7

SHA1
fd5022b1f04496a5c7b379a73f39dc0b9e0add3f

SHA256
00a40e2e57fecf0315f96dfcde5236d8af7a354b7f93e2cb10175ef707ea3f31

SHA512
84ce9fdc4cf11ce95cab83d2650cccbb8bdb00e6254b95e78e0dc6ffd28d8ced21f1bac64a66384418ef1e1ca18e3820e0722d2cf1195598412c70fed7580315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a9f45dec8abc83dbe97893d3334636ad

SHA1
5eeb3aa19c4c6f84e24eaadfbe21cde2632fc4af

SHA256
41c62bd717ceb41fb550ff33238e93a0a2719e42c19704d759f044250ac1d989

SHA512
f39b92e6258ebb5355906256bf2b2042fbcf8b22b2df2926d7baf3e4314cc1af86a9c7c57b43f73b6f53f4c520b78c930c57a9fe4ce54974348d3cd647f340c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f08ac8bf14a09d07b853c7e887ed810

SHA1
c852f56822689a3026210b2b781feceb2126b6ce

SHA256
a3b45ab9e75a2d330a848a5bce511f705f98ebb6edeb67039e48284333d54369

SHA512
1ce8def1965c5b9a87cc5f154cbab202d7d55b699edfdbe14172c5b9ea4d72bbb86f63b800d3b91ebc73590661deb3f3e0efdd47a274e9e1c5afca0fe959676b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3727dba4c5f407c3f70b6c2e85177dbb

SHA1
48b5b9f8321b02df3e4c73584e7f2cc561b3ca54

SHA256
d4d99ebf916eb3de79e62658a63cb8930a70b00de72eab5bba57191c8b742931

SHA512
b12242d6c78ac205d74272387561dba46b169d9b6c888bf2a92ab3dd016e89c567b2fe20cccfb2e8456cd895a4fd1162690fa8d2ad649c19e98a8bdfc98c5a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
529abe57fa1396c2637dcd98a4fd1200

SHA1
f935a062025eda90c837faf1aebe68e83f607b79

SHA256
31fa39ec6a9ad1fd0ec1394b076ed55834df8ab6fdc45c0de682a5d71129ee2e

SHA512
89b1a20316d15a99c000446c88ca3b9484ffdb20420f7286d9a1be1439c91682de195c9e5898411e3da7dc6eeb95cfc791678c8255f611fd17d96c2e896f3af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
7a10570fc8a458b115b70a14684b4f4f

SHA1
85d65d2689e8cca353c77cebf1f7ed3b3a7ede4a

SHA256
8f9ff9e4511989d7b0034926cfb418b6e25e5719348c37d54cdaaa72e08beee7

SHA512
b3b2c8fdb7ddf0bb4f2434acbc9a2cc4b1adcd2f58d795c954c35be1bff0cd1efbc4a87d6c86179ad1e85366e2a5542d7af7c218c9c96bfaeeb54cf38262980d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
e4cc2a4b4e063bda181533c51d32b25e

SHA1
ac64ffbb05b4a3a0beabcc32b94dd8936c1af6e7

SHA256
202bc342bcceada98af1a52dfc7851ecdc2c55d35801867ab0f7595ecfac8458

SHA512
8104a181f45e7a8a741c9456ca5a8c6a4fdfc1ae128f562700191a02cd11bad7742c16c7c1543ecfb297fd1b3777eca4c553ecab283e56ad35a92333d482128f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Generator_64.exe.log

Filesize
654B

MD5
11c6e74f0561678d2cf7fc075a6cc00c

SHA1
535ee79ba978554abcb98c566235805e7ea18490

SHA256
d39a78fabca39532fcb85ce908781a75132e1bd01cc50a3b290dd87127837d63

SHA512
32c63d67bf512b42e7f57f71287b354200126cb417ef9d869c72e0b9388a7c2f5e3b61f303f1353baa1bf482d0f17e06e23c9f50b2f1babd4d958b6da19c40b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3BC8.tmp.bat

Filesize
199B

MD5
752475219920d4259aa9a71e6aa8f504

SHA1
3f8af7465376a527544576559244c276c5c2959c

SHA256
503ebdc9d243c814958e631514c11d4703dfd0dfd6ee52199c39ffb94940969b

SHA512
3f7229ff3fc9e8f8e4c8e67fd3bbed9b7d1878e61adfeceda86400f6ddbc99a2a4f46f034d62ed464b377c7906933e8205027ae762b662550ba6d5041db3697f

Download Submit
C:\Users\Admin\Downloads\Vortex Gen PATCHED.rar

Filesize
33KB

MD5
2a3199451cd2485f7ac52df84fec6d73

SHA1
2a2df5a6cc94cccb5252019697f1e6b8d6d62e79

SHA256
372f980743e904582bebbdda64a34338a7feec78fc6a6c2b7822daf45f3cb4de

SHA512
7f0f2bb7ca49c58bc18fc63a0359e272718c0fa451330b9a35eefde666c2ffd12140dddba8f98fe0f85605db1429d3e6282f62c57373b608dca27b19c4d32ff9

Download Submit
C:\Users\Admin\Downloads\Vortex Gen PATCHED\Vortex Gen PATCHED\Vortex Gen\XClient.exe

Filesize
55KB

MD5
d594da5a29c18d9d3799962b04803f4b

SHA1
fe84855f06339934102402f6d751c73b55e6df7a

SHA256
0c8b706722352a78044acfdcbf87c06cec68308e03a7f6a3716609414456356c

SHA512
970320556d006f3cfb2eb13edeb96ccfb71029a6b340f038f4520bea1e4d018b50588954a4e68b5b1e8e3e6825b9ba6aeceb7227d878d48b66717574a0e99090

Download Submit
memory/1984-543-0x0000000000910000-0x000000000091C000-memory.dmp

Filesize
48KB

Download
memory/1984-67-0x0000000000130000-0x0000000000144000-memory.dmp

Filesize
80KB

Download