xworm | hxxps://cdn[.]discordapp[.]com/attachments/1337991571500568716/1347929751221833809/TESTT[.]exe?ex=67cd9ce8&is=67cc4b68&hm=ddb1e26b0afd306f4ffaf8a5ab670be3407a8bb8f599ebd5896c9466c18de40c&

Analysis

max time kernel
300s
max time network
273s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08/03/2025, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1337991571500568716/1347929751221833809/TESTT.exe?ex=67cd9ce8&is=67cc4b68&hm=ddb1e26b0afd306f4ffaf8a5ab670be3407a8bb8f599ebd5896c9466c18de40c&

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%port%
install_file
USB.exe
pastebin_url
https://pastebin.com/raw/cSnNDAPb

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0011000000027d91-41.dat	family_xworm
behavioral1/memory/3480-56-0x0000000000CD0000-0x0000000000CF6000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Downloads MZ/PE file 1 IoCs

flow	pid	Process
7	4740	chrome.exe

Executes dropped EXE 1 IoCs

pid	Process
3480	TESTT.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
23	ip-api.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133859155451173584"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeDebugPrivilege	3480	TESTT.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 3060	1224	chrome.exe	80
PID 1224 wrote to memory of 3060	1224	chrome.exe	80
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4484	1224	chrome.exe	81
PID 1224 wrote to memory of 4740	1224	chrome.exe	82
PID 1224 wrote to memory of 4740	1224	chrome.exe	82
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83
PID 1224 wrote to memory of 2652	1224	chrome.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1337991571500568716/1347929751221833809/TESTT.exe?ex=67cd9ce8&is=67cc4b68&hm=ddb1e26b0afd306f4ffaf8a5ab670be3407a8bb8f599ebd5896c9466c18de40c&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffa0d36cc40,0x7ffa0d36cc4c,0x7ffa0d36cc58
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1864,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4948,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4980,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5004,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5016,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5024,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5476,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2472
- C:\Users\Admin\Downloads\TESTT.exe
  "C:\Users\Admin\Downloads\TESTT.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4372,i,9867291654053525718,17635525433771256709,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1304

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4672

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c08ddb2b5685fc1670f1b3096ccbbbf9

SHA1
69a8a06cebb692fbf48255670923c53c607a534d

SHA256
aaa8cdfbd9f0de34f0f6dcd675f71cd73266bd2d98ddda0a82913bfa47fc756a

SHA512
9f2a0e51afc94610eac4722090ef11082f1016e8d2c07335087d1656b84c67d862a8db2ced01d73a4434a0783ef129a85d242825f358eadfef84bb448e6b06c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
87ee8e06c092d93fb7e321b4859fe1a9

SHA1
53976f6afc60d12d124dc4358b8fc7418848f9b0

SHA256
f34920e650d3101bee122b22e229ef56159cc97738223fd8caf3967910912e94

SHA512
310df522698dd407b6e1ba9e089dc7834302708c0e096cbc4432589403420b34ce8caad90d14f2120b8211af416f729343fbbc27565324f7817fee2951162999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2066988df2eb307fcc2853018d798c41

SHA1
4674c94b187638f01b7c14c8b1afc43bc5bcf1e3

SHA256
c71c9c3732cec99f745e70a7c0255bda17c802f3e9c50d8889f1de4618b267b8

SHA512
7cc87070b9ca051e0ae1f09c4217bc805aaaae8304878fb277f6d732acc68e6404b598f28cfed578fdbb7ec59617257cfbd15db1ca196df21463b65d328d5fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8489640dca998af2f00b105d23ffef75

SHA1
bcb91e9bac8fdcce77d742ed262d279c98b2c814

SHA256
c520fb00ae23cc75839e1143f88799218fccc6aa045489225d814909b94af2a6

SHA512
414935b5cbb78aab0a0ba41a3db8fd390850935215bfcdc9bd51c91a6e243b519d74d8b3c31ca4f6a3bdf0a2f10ee1d2341947b3b32f844de1f541d539b5993f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2dac1744a366c6f26c97debdfcf1df75

SHA1
5613b727df279331c2ba581e3e84ed8943d1dc80

SHA256
2a70719bb131b3753cdc8ed7e5396459750fc87e4aac403b5051b9352d6bc4af

SHA512
d2d51454c4a45da5136942b235810cd77a5d512ad9b50cc1c42c630467334bc8d60e039361037f9b9d832f8e33986b84df8bd4f7696ecc7e2447d6b3e36054ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c6f5e24240a0e8e819110391c1884b8

SHA1
d852ee76358828e06645395cf694dce7909e8247

SHA256
7178b36efae5fa4c417d1b04a572a3e6705d955eff68baf47c6a7b9f5e96d535

SHA512
5edf29f3d3f42163fb58a3b16a5aebc4503ac6e4e6d547a8060eb54a8caae4d16786a435927b3cf5d08860bd64155c6e523e936bbeb200c18a7c1ebd1d6305ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
072bfa1268b839aa582512ec0a20f590

SHA1
ac849bb9bb845024535bc355878ada18ff99639f

SHA256
b27f001933989ba28df2b70859866be3e147f5aec00f079b04cc69fd0b6995f2

SHA512
70f8c951229326dfeea658610f5353a8feadba46f61abf3385e4613da328b04db30d127c30b7b7b1acaaf4a2d73d1004ae5af62d5e10b40ef339dea322e115c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bbdca184745f61ce70b443affd013735

SHA1
68b4e437a5787c6d75f572e6048c3819d2aaa0d4

SHA256
6149d5666a7eb8e7b4b6e9211db21827c7358f9a23f05a03f551533e7dd022d0

SHA512
45b8ec59d80089bf2689e59d7a42dc1a4c0b37656036912f2de96ae6046ae11b7125b70b298e1de8b74f2279c9ac0ad15f5b271bdfd19b2f6747ba4fb8c52d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
14a7c829c427ce00cf607cf54cef8f42

SHA1
62672a48e8ba22a59977cf2a5731256e7a578efb

SHA256
0f0ae5c5f3eab30699ff162eba15931e3c7c40e0b20743bf538797bbd1adbfa4

SHA512
3fe2e8b4a1b8ff731c87375849ca3938aed02e10350d33fa9c8781597a9ea53d6e29fd6a74f8ae96e5717053743014651f571f8824c982a1bfb99149d3a400ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
edfda8e139286308f278c8cedba64806

SHA1
e23c8ea9958a16006c7a5b08f30dc57e741715d8

SHA256
a8bf2d26c57982139b8e5c5e9607f95f4baca5f72290d0d5495a45a0eccb6e65

SHA512
d27acea616e1c23874cddb1b1e6dc54cf4300116ee2c638aed1be7c859ce38dceb0708f5c0ccfe8d981261249c6717429500976f6eee6073c2bdce767cf34255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
968679200caf3824ad9126ed629a763e

SHA1
018906f1d2cf056e57e215eeebbb0ac483ff2751

SHA256
a638b177734068cd69feb1bd69780a6ea0dbd3a509f3880ceeb308aa04a33dc7

SHA512
05fd28848751d8799b9f9ee428a6ecaa977aa7aa8ba9c209b05d1d720331dae8d5ad4e888f605151d0f5dbc0be4fd697ad769a52c3c755e5cddcac0b52d5cbb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1aba58c48e7437478c133016eea87bf8

SHA1
ca41f6c0ccbfffac4ed4293535ccd5712dbf3b7e

SHA256
6f9fd8cd50d7d1b733d7733fd6528aa2a3498177c2f8b3a08463a4f9e7a09aa1

SHA512
742a9690c75ff875a3bc5428168a3cbb8fe97c0b088a114381d4d14d1c2ff6dd591325a417a9c1009751170da6f8d58dcc78ed5ea30a2622a7213eb52d0b3930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e50d3dd9fdcee86f89ef717cd2935996

SHA1
fcb5e5df5365b62402b969d56b4a2eebeff094bf

SHA256
0807304c1d3342da6d1551a150a9b862f16ac248c884f4203eb283795560243a

SHA512
5198205cc912201b523ed10cdf7415a102904aba051c1e05a33454161bd47af394828a35a876088e77047eddcc66aead54865d8a8788e64bf5a5be3a3fdbf42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\adaf53ca-9cc5-4845-b136-9aeb8d191160.tmp

Filesize
9KB

MD5
432fb32b570ce820315de275d58bd5ed

SHA1
0ac26d331c3715015f1e744f5f0d4f4e52b358fc

SHA256
137397bd15b8a532322ad0983af85024242414a7174d6c34dbd129ca8f7b722a

SHA512
7e9b61b24425843690e65c88f0f4b62d7129dcd83717417db42bd769b24cbb72b3ba57425b13cae371da547432bd43483769ee7693c952cc119019e231c702e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
961d845327eca39bf99867bc9e204be4

SHA1
3d98cdd36a2a734750f876ef7a91cf0a47e8886d

SHA256
e4d6b47d83ffeca4f5a785686b5fa7634bf6229fe3262bd9ea5b306d86cad6a3

SHA512
2036f287736913374d523560f33dc9c3e7f393a0b1642f109fa718e6c42c5dbfecd6280ee6629cd39badc0ac513b9120330b98859ae7da6da48f8949ec272be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
5998262f3b2af3c64cdfa4e45bd5cae5

SHA1
7ac1821683a19b7176bdc2d446e17f14b12daefd

SHA256
3c675745e6ae5c5cbf32e79c50930686c513833208f054e4e6e0d5085a14a675

SHA512
7ce55e64fca7d55eff263d20ef81a9c14eec4e5793c67ba934b6019dd8d4273141ceaee98674d25795639c949927e7926fb8dbb99b6791ee5e3b8517c5f5ee8a

Download Submit
C:\Users\Admin\Downloads\TESTT.exe

Filesize
126KB

MD5
3152485c8f8e70d3aa4da4cc09bfcef7

SHA1
8fa98936d90ba86e76c292fa46d38c4d3ac880b8

SHA256
7368f029495da34dfd908a07f0ccdf5665a0f6d072cc9ff161051da15bd138f9

SHA512
a23eaae609985e34c594d29e3e74491c779b20ad2f3a7c123be6ff1b3b1ffedff58884e8c699cbc0d0755f3b4b493dbc8226adc42c18f6e8c6aded86285ba359

Download Submit
memory/3480-55-0x00007FF9F9903000-0x00007FF9F9905000-memory.dmp

Filesize
8KB

Download
memory/3480-56-0x0000000000CD0000-0x0000000000CF6000-memory.dmp

Filesize
152KB

Download
memory/3480-68-0x00007FF9F9900000-0x00007FF9FA3C2000-memory.dmp

Filesize
10.8MB

Download
memory/3480-57-0x00007FF9F9900000-0x00007FF9FA3C2000-memory.dmp

Filesize
10.8MB

Download