xworm | hxxps://gofile[.]io/d/6jyrN1

Analysis

max time kernel
300s
max time network
249s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
09/03/2025, 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/6jyrN1

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

23.84.85.170:1738

127.0.0.1:1738

Attributes

Install_directory
%Temp%

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral3/files/0x0009000000027d94-106.dat	family_xworm
behavioral3/memory/4916-121-0x0000000000220000-0x0000000000236000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Downloads MZ/PE file 1 IoCs

flow	pid	Process
49	1556	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
4916	justDOIT.exe
4972	justDOIT.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	api.gofile.io
13	api.gofile.io

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
51	ip-api.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133860012291232735"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
904	chrome.exe
904	chrome.exe
904	chrome.exe
904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 3552	3664	chrome.exe	84
PID 3664 wrote to memory of 3552	3664	chrome.exe	84
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1580	3664	chrome.exe	85
PID 3664 wrote to memory of 1556	3664	chrome.exe	86
PID 3664 wrote to memory of 1556	3664	chrome.exe	86
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87
PID 3664 wrote to memory of 2512	3664	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/6jyrN1
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffd0b0ccc40,0x7ffd0b0ccc4c,0x7ffd0b0ccc58
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2268 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3300,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4384,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5192,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5188,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5184,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:3280
- C:\Users\Admin\Downloads\justDOIT.exe
  "C:\Users\Admin\Downloads\justDOIT.exe"
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Users\Admin\Downloads\justDOIT.exe
  "C:\Users\Admin\Downloads\justDOIT.exe"
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4548,i,10710078069793751607,7026398759356184120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:904

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f25a0be5c74421e6342cfa19bb4ec75f

SHA1
0cf349e5bc922055aa5de8ae3258c4798a324961

SHA256
dd8b258b4ff9ae7518b8e8857f642d33c372161217dfcf50edb12204d89c67f4

SHA512
0f638dee9d12188408c90e4da6c340adbb8394c264b1c25d3a864752d06395df1d7776d798628fd230bb527136d9bddb74182acc607404ab256d2553eb18d184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5ae01283f00c0e0bfed7863c9f7a72b9

SHA1
a976f6970fbc30dcafc7331b88f927bd8c00b2bf

SHA256
9a9cbf27571b178033a92b45d42c465137d053b7d01f3fc6efa023cfb8bf576a

SHA512
9c084b4d4e9d977aa4cf8c516cff86f3f0564ac8b0fd8c3fe9a38ad42f7ab798d5a3a2d23f48812f78decc20003df6c7fba64af1bebbc23c437a7e42ab4137a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3e986766d82fb6143a94193b1a1f8b16

SHA1
2b3ef532230f31518c704537f7d7a2ca43ab6d4a

SHA256
a03e9adebdbf2b22efc1b71a7a12c252a9c36b6810f3e2c1b2e5e24f6132b0f1

SHA512
bb82979558d64483883e5caf565053c89dce040e123fc6b55487c6969760c59dc468bf3bbd4e43c67dd7949d5a437af03ffb317fed7b97a42b14cffb5c5a2b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
e97b60da78b45148c925028f80b08143

SHA1
8d2ee44d90f6aa75ffc590064e6d9d1e883ca106

SHA256
c2f2c9e89be035b21a77b083c425df22b84fd94476a679bca307653352f3e299

SHA512
aa563e288f9686db174e3fe11e5e19310ecf3edbe824761c00de5ccc91ba583f980ac58da4d78fa236ce1155b23784e6411d22345a996aef7397ea99b1f08055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcc7e30afc05755c747195dcc2c7b87f

SHA1
552aae6181633ce2ec7e87095cbde6004354bcce

SHA256
39307a64577399c4f0c2a3263b58b9d7e8a818c6e8b17ba7d78aa8a97e39c203

SHA512
cd316447679d4502c64cca2e4b9a52cf7cb6371e66c39ad86a16e520b4f9b882fc2bb10691ea516eefdf8c3ecb8506fb73683a26b560efdba44bbc8794cf3baf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b18438dd7f5dbbdc228c7096cf71b11

SHA1
e397de48328a4cb51369a46326dc9d43cba450a2

SHA256
15ac728645c46df87a8a547da1b9993ffc42086444e8b4d9b9f507186a4d2454

SHA512
64a75a00542e18a2d0c5496f471e00730079f30a545db115995d37bee5cc7bd61fd2e5b1c55bf9872949cfed5619e6223dfb3be6921fe8424167d06094279fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b31275c612d06e10483eebbe28c9cf22

SHA1
b89a89a905eaf0e24cdb9dfc47818a3f1858e994

SHA256
ad99e0dd3d1b21226b4ad08a41c2d7112a7e7afd6ade2a82d4b4b196f02d53ee

SHA512
2aab09b380f995fec3fdc6c56ae507a38e5d3c562420d2c9a4229a176290b7a519de42ff23008e322f89a674a62e71718b583cd358a8eb179a728756743d7ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b99545a1358798890372d22aeb18881c

SHA1
6e4bea89c29f8e54e488c0c2c609da661ac95041

SHA256
7cfc99d8fa1866ede816c38ffe2f42ccbc6832c0624d03cb86651d91dafaef3e

SHA512
06e704b734f1443c47b3505b595a73f630c36cc2ea35727e80cf45ef8548747f54c5060c5441044b0e829b572a9276b916ee0afb9468445671004f026b5cad55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddc8606e43472d30ba1a5c0826003d3e

SHA1
9b68f53dd949e37ef835b50775f89b531d2e024d

SHA256
be4866aa078ec7ad6c72b809a02c48f3ed297aa9686e4229be211d491a8d4c07

SHA512
e9dcff2e21b3d483f14ba799a619903d67e0406e2f5b3bc44476a70c4f3421b6592fdaa6d073c8f19b397d89eca5398ee5f7590101236282fe9346ee529ee845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c45047cf739297bbeb683380a4d8230

SHA1
8f033ed89c93ae48b83a8ea46f1265ee3c9a6523

SHA256
7d758509f8063d0927277124e97e7c825a0f1647bbd874abded4945141c00e95

SHA512
5ca3961595744dd7854101dcf6cde9a739d0ea75de600d9e42d83f070a126fbda1f98b14a78205e9bec9ae2e7f6852735d8368cf164e32d21d11b5448b38d524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80fa2afdd7a3f82bf8fc05f05cd03809

SHA1
c4b3a56130e05c86b6f182e995440d1f0a43535c

SHA256
ca41e9c4d240c75a132a65b21386b6d609ece10e7f9215374e6a2baf791d5c2c

SHA512
fc12dd5773e6a784628692e36c4e6c5248d668b8a41f6c4c2016d3105f79f676be7a1774cce6341f9e2ad889f769155160e3cb7ed68d8a24cfe1be49a4affa33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0eaf79e790af6f14deb50ee34e765d39

SHA1
7420a4f6e9cf5ce7a3bc4d2928e4ce35950d5647

SHA256
74f23f263acb9ffe8473dd0c3368132b7e5f41cbbbb3838055a8b126a60bb12e

SHA512
3a78a6f16d91e8e2522e04312ffaea0ea71ca7b6fd867a61bfc166826f18f9488f3db63ba0c15d6395e025217aafc78f262bcf2ac308e8ae6aa01f0aa3846999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
861c4d9a0d6bffbfcd54523550049e5a

SHA1
4b9833c87280614bc09930fe44528db8f0cf63e2

SHA256
f3df7e25dbce0e9aa4ff4d9aa4bae0d38aaaefd9aae34d948b46b95fb1b8cd19

SHA512
ba95849c52c0e50ceec612dbcb85be12f70bdf64b9c58dc95d5497ffd5441975a5cc5bbc2e31e3ac468eca326518717638ec0c76217085a619c0e0dd03ea48ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eab450d35b7aa51cf24c13a1fe50a8f2

SHA1
f47d8c0d1a1ee7bbc95557da05624750ac9e9379

SHA256
f77ba0b62a4ef3d4200798300404888c88c76f2618535718a0d766c5423c242b

SHA512
ce4cd3d4d57fe756f87ce4c585474c61f3ee115f79a120365d7a1309ed11c60de9b1c3487425dc09da2f363c6d4855bb975b9e7b04b519a2b29119880154fdaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
188037e741c120ebcbd52bd5f428b2a6

SHA1
ec2ffa19482742f6e8b6d97b311360a7dff96f46

SHA256
b2d6f02385539e28fdb2959773966753919b453bbff190675f661443d93ee368

SHA512
efa3e9f3bc7da0d5a1a980d08c7b72622f3ae7653a09b6ea3218613439c17537fd9f1eb5ea108298ad6a6fd748c17de5ee5d9b38d6e13ff831f2c87fd19333e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38a6f68a80da420a8440caf532543722

SHA1
3fe9070baff0ba445f282fac02970f5961acbad4

SHA256
55c718d8430c820011758ed22cb66b4b7ac95481336a174097dbdd6c7fd629c3

SHA512
01cdd45c1fba0ab447a2b19b2210bf1f1fb7a9fd0e94665b6bfe6e49b808755d412cfff7ec65754d13aa5dfa46c25529cd71de3f573872c89eb78dddadadd430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f04100cadb3fadd11a0386fa32d1dfd

SHA1
7406026edf2c8402f3fb04a9e84e08132ffaa53b

SHA256
75fdeccd823f4ed4fad83dc8b7474db75a8423925679a63bbe5e8a6651eabf04

SHA512
c147d00633947e86e2d50d9aa73a60b9753140474bd197a106223cd74cbd9398c253e0460898e85af97ce70eff5fa3977b25faccd18b0c2ace3edd463609862b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e2b4ea972a52b7d5ac710e5a1f2e225

SHA1
17a5b343f2f31288ec335f7949bffbba3ed8e88e

SHA256
4aee62493321b1a228bbfddd4fafed2d482f9ca13da3278da5211cf9b2eb8bf7

SHA512
5f2a54b8e48a7eeb1a220be7bae2a39c01cd1e694ec837bb7bbab527f49b55e1f09d36d18884a4cd9349198f11b1cb961cbb72cad9b3d2ce861bf45f0dcaec02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38d2a5cfb285159caa24b8edc23f51eb

SHA1
cbb294bfdca68ed641c6a90f89c1a8acc86a264a

SHA256
60578fbce62282adfe46679be682e100696182545ffa15359122156be16e13dd

SHA512
9864fc4ab41f3a7b5489221d7febdab6e3da94ebd46319c7016a7039552a212e4deb7ae2ad03c6c30c40012e8e12aac3ab823b99aa33439446dd2009459374f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8b3722bfa0b8a9a44a124e0c72c22b6

SHA1
3014c6dc761608058dfd405d304994b0d102fb07

SHA256
5485d8d223f93e32984027ee91187098e78cf915d13ed71a19263e5ac30e78cb

SHA512
dbb14f11a374e69d3be1d31b32672b5d2750b833821c16c61fcccf5caa1b15523cc3770f5ac15b7986ee63a0c84cb005c94f3f7089f033fe07b32db310a08a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9529b2fcd3166a886191953b2a369e95

SHA1
17349e5abf432a6be43aa3723f5d9c3be3e06e85

SHA256
f62546da80b5d115e3f76efde3a9a960e8669acca206f76f62fcf606fc59ccf2

SHA512
9ceddba5411f78444a44e6c5e41866025e2684084f8e32750fece60864e6291927548ecb99a9f9bc90f0833f84ff66a022aff5943bc786b0b2fd6022f00a75cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
022f74d66eb77425c940eb6e09829013

SHA1
a3d6f360fc56eed956de1058f24653c71f72c58e

SHA256
551aafad98f6bb5d2211dc4dbb8b57276242d71c6a87bc17f91925e28946d635

SHA512
9d0108d8d514244f5beeafe11e8a9fca062876f1d5783ca6ed862793b721be46685f291b237eaf2cb4d7a0eb3d2827365e62f393c20bcdd9a879dbeb2845d8b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
49de1ed665e35e6f55cf951100066c09

SHA1
16810baec9e55f1e25ba96385609f07725683e56

SHA256
c5d53bcee8a307ef8ad00b96f8cbff0dbb9099e82948d513d83173cc1623a513

SHA512
a080f7a50cc148c8a00c39d6f6f7dc126215b6778ba0d7cb5c2d5f330b594b30b7b397c4524f3728767497df6cbbc2df7e4b4b0279e136d5200f6e6a2d344a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
623a247e69b013e75b8c2da2feee3114

SHA1
53cc8c74008bd61fcfa433a4c01aee1da44e9c3a

SHA256
d4879df205ab000a2a117f8e56c36bcd1eea7b6f509decfbb5c1048b8699ff9e

SHA512
c0cc4c92f7537ce5743287bf4009f4435293d7736d3eb0ee9bf2fbf26bc5f820ae1dde615cf06930c5eac38133721783c95f9be0b87e94194cf115583be76f0c

Download Submit
C:\Users\Admin\Downloads\justDOIT.exe

Filesize
62KB

MD5
35e5280c8dc2c7e86c79c4e7f38b15b3

SHA1
e311343c16334a8e0aaa301733cf951e5cd948d6

SHA256
3cfacf4f838a6bdcd48192e33526b940d5f25e639fa2ce080c0fc48666b8d923

SHA512
897e5620c36438e888ff1bd6b20d8e1a0880dcd6cf28677e6bb7d1a51e4b81b8cd06a392988f3b0afdfce03d38abaa8ad2981dbc76380cdd2c7d2cedd004476a

Download Submit
memory/4916-120-0x00007FFCF70F3000-0x00007FFCF70F5000-memory.dmp

Filesize
8KB

Download
memory/4916-123-0x00007FFCF70F0000-0x00007FFCF7BB2000-memory.dmp

Filesize
10.8MB

Download
memory/4916-121-0x0000000000220000-0x0000000000236000-memory.dmp

Filesize
88KB

Download
memory/4916-122-0x00007FFCF70F0000-0x00007FFCF7BB2000-memory.dmp

Filesize
10.8MB

Download
memory/4972-149-0x00007FFCF7213000-0x00007FFCF7215000-memory.dmp

Filesize
8KB

Download