Analysis Overview
SHA256
31890493973af1dbe3ecd33a59536cc24fa753ccb603372e17a05eafa5378746
Threat Level: Known bad
The file D3STR0YCOMPUT3RS.bat was found to be: Known bad.
Malicious Activity Summary
ToxicEye
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Enumerates processes with tasklist
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Delays execution with timeout.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-12-16 15:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-16 15:35
Reported
2023-12-16 15:40
Platform
win11-20231215-en
Max time kernel
183s
Max time network
216s
Command Line
Signatures
ToxicEye
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe | N/A |
| N/A | N/A | C:\Users\Static\Update.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133472145604207199" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D3STR0YCOMPUT3RS.bat"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffac2d89758,0x7ffac2d89768,0x7ffac2d89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4072 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4656 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5436 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5468 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5088 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3712 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1796,i,4604541175577442372,7306838798204724890,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe
"C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe"
C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe
"C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe"
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe
"C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp4DE3.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp4DE3.tmp.bat
C:\Windows\system32\tasklist.exe
Tasklist /fi "PID eq 5264"
C:\Windows\system32\find.exe
find ":"
C:\Windows\system32\timeout.exe
Timeout /T 1 /Nobreak
C:\Users\Static\Update.exe
"Update.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1.181.190.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| FR | 216.58.204.78:443 | clients2.google.com | udp |
| FR | 216.58.204.78:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | consent.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.110.133:443 | repository-images.githubusercontent.com | tcp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 142.250.27.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.250.27.94:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.78:443 | google.com | tcp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
Files
\??\pipe\crashpad_2676_ADMVQEQPRAICKWEO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9ef656e3bf0a7acefc81177b13626993 |
| SHA1 | dd78ed027b5b49ef679c8f034485748cf68a6b19 |
| SHA256 | 6028875420ba438b0f5b928a28011e0888f168567e9f832a32bbed92af49e056 |
| SHA512 | 17e7f1561524b9417df585a9eb4fc7bf4031211fd53f7fbe0601c9cd59d228d2f7bf12d0afb4d66fc322ef00b334953a1159ad82d236a8e90b1cd5d1196c758c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4eca32dbff57f65e9f7d0349b6f8423c |
| SHA1 | b23f738d0afde42946722028867916896087b062 |
| SHA256 | 8deba224ff780b78e4bf8375b5809a5bd9242ce4bdcade65125995e7c526e1a8 |
| SHA512 | 95e16c1aac872b45bd6451d67e5461fabcb3d8a05b10709531f0c96650e4edf471c77e58b0387bba41073e3fda66dd614eb6f5c25afc3346d6d49637b53d2e60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ad6bd43116718e0d08d96e8d86758493 |
| SHA1 | 3b06c8fec22603926fdf31f1a4ffc745360b09d6 |
| SHA256 | 221b1a33b31c33172bf20c690ef3defb65dc9cb3ce2bfd8e3eae293764043c16 |
| SHA512 | c87228cc6204715cd8cf96682e15bcc731d35f6b9dcb022bbac27ff5faff025dec492e5c5d7e55a3ed32b374c97c2a262294f92fe5c8a9decd324b66a789c871 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d79175e7279f0325f0b33bc1674bb8c9 |
| SHA1 | 692e8db839c728e10730626bd460cc058c89c061 |
| SHA256 | 777a100a302c84e969af975784ad12cf4cf41b62c344ea9c15c6250da4f12a9f |
| SHA512 | 1aa777184e0dcdf46410fd664246b4adbb9db9d2bbfcb9bcb3fa4864c99f833a18eb926e11af4871e47f101adf5a88a1f5b25271886860ceeadb21afb3b9c429 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9e9a466ca407301e33d88f33a437c7e9 |
| SHA1 | f1b56c81f2e1b66af9be2357d6ac26d2eee2b414 |
| SHA256 | 92aea8b9c9c616da4c6f4ace8e73c6825ed33028506ff2371036ece001a7a397 |
| SHA512 | 60b88353d77ac2e58dda17c59526d2af4af4caa09c04739ec05119a4ac3d0fc3d13dc08f62e2160de313dfcdf3a0d9152519a6b6eb50223e474012a1ebc7c8de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b93ad736fb07795788e76aad6dff282f |
| SHA1 | 63b9fc06f7eaf1c83a1dea92ceec7befd0452e75 |
| SHA256 | 2ee420cfb730a8990b4f4258158e75a6c9277f806ebdb58c1c8d8b8f3af7ae25 |
| SHA512 | 14467198f69207b05af944cfbe63b7d385f43c387568a2bb546dacbbbfcda68f74fb7ffb4d39bf6bb76860133ed98dadeebcf33fa93b941fa62bea97759b93e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9f81cfeae3abe36678b1f664ff751e6b |
| SHA1 | 66de24b62af2838459acd8acc1452264c36fcbd8 |
| SHA256 | fc226faa22ad30fd6874006b2e8341fbddc2f7d85dab00cfdef407cc92039e6b |
| SHA512 | 540c302ab0d1844b7ce7c2d9c8c375394f0b03975961aac927623c1a1680e9d9ba968fcb3e8ab4dfd653cacce1a94aec37279befe910ac4a184f441829adf95d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
| MD5 | 1a23246992b12b0ba5332bf2125bd04d |
| SHA1 | 72e3af6bc33c8360037775d35d1d842e921d513d |
| SHA256 | bbcbbf6f6a4d95084367b8f3cf3edd3b43893990065ecb228079a6e2df10c431 |
| SHA512 | 3407bbb6237729997aa7ab5ec0dc9f826819d753a20a4be1beaa132e4d6a4ed80b0d8cd9bd8bd1441642b7fd1ffa4d96733d221a0a47add00410e31b4b1e9ce7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 8384f38c6913c0610cad73b3537b8851 |
| SHA1 | 1466845b97f434237c38337ae931521d75af9221 |
| SHA256 | c8a85bfac6d5987025b53961bf6384f4e9172bfc68ac8e52f7b25e77cb51b4e1 |
| SHA512 | bf20522aa360084280cc18e2eaa01c3cb8b696165074871f768c6737de5a529c8513dbc69dd10ecc2902a4e03e9af42d58f2b818a1376bd3ddaaeddd90d031d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | 398e3eeb22294331220ddf1adc60c79f |
| SHA1 | 924f71b09190e9a010826ab7d794cc8d68f1a1e2 |
| SHA256 | c2de2f9e804a2030ef9430bfaa8ae2905b56c49fe9362ed133ed49db5d65fe38 |
| SHA512 | 02eabc06f8766f07cfd2a23fb29365e34c57f3a8cfe935589db38edd6d83769ada61b82bd93d36576925c3459f95d90c663a322567513712af438bc2f1b74e92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 929729aa7cff46b3dad2f748a57af24c |
| SHA1 | 81aa5db7dd63c79e23ccd23bf2520ab994295f2e |
| SHA256 | 3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f |
| SHA512 | a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 23e5481a0a83b8bebdcbe2b37f717834 |
| SHA1 | 09f1dc6cebbff5e6a25e86906e0db41af676c2b2 |
| SHA256 | fcef94b0608a7a2c3103bf1a75842863f5d498e0d8a726ac7ab0a21eb1ae9a00 |
| SHA512 | 7127dd3fbea7634ffade300dde9c9e5baf082d33652b60533b2488e849d7f83b9d087e5c54abd30b76df17170c50d21b57e5f5fa7817f8138e45b3290b8ea767 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 938f435fda04b6c64635696ce62e40e7 |
| SHA1 | 96094509d19aa313e0e826a9d02ce4aafe35506e |
| SHA256 | d2c99639ed1d4a19c04f336f088d9b56bf5070802914001415a4ef2ea2b51495 |
| SHA512 | a0080aec00f7f9eacb5376cc1dc50cf5ed6d6664aaa074e0859000b45f36d1345cbe65ab51a488dd7f56e339553184c27fba1173c4bac5169837cd8198b06e52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 066361721d2dd51aeffee3722a6f5ac0 |
| SHA1 | 327ec5e654a439b2fa890ab88b257f2f610e95b1 |
| SHA256 | 64dee31a04dd3aae8888b9bb8355cb27f210f013d056d427511f8d60aa611880 |
| SHA512 | 0ebc154b559d91ee2181721e605fd778b16b27f18e84a1fa54fcd288638c16f4a6cf1df9c52f96adac73f336f0244c82bdd7da96d2ef34aa359059154d9095e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c441be3123b48d54611ff2c7b05d8a45 |
| SHA1 | 78bb07cd39a48ac9e920cc0cebd61ec7c4100a76 |
| SHA256 | a5ae074e7b060e68ab1f97820c30380d1d9aec7aaefdf6aed683a9deac3157da |
| SHA512 | efa9f6042537874a204ba82ceb6e8272f3e53ef79336366eadc974b28ebf6d45d4932c114f197341d5afd7da734f192ec1e7ad2611828f0137912780fa21100d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f9bfcad34d9d99caf9f4ea8ea0675e4b |
| SHA1 | c375e7d1d225af4068be9e197fe70e997a0106d4 |
| SHA256 | c5595eb48e8e4a531f8ba3aab898d99bcd416e4020a0d5c55f423fcb25594af3 |
| SHA512 | a57a9b4ac079b89c00428b75a04be0c7d598e6eaa7ba945b5e8a84e06284ccd939576dfb838d6764c321277846b2eb4bf836a530cfae6daf72a081071204eff7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 74cb1e958cc5b54164592d6a1a69b770 |
| SHA1 | 1fe8cc15d85da8eb60e95d35de87ae7dd83a8e48 |
| SHA256 | 3968212b4793a39727f0a92b64ac22bc8740d732e751752f9b5e9e501922f0b2 |
| SHA512 | 0cd7f66a54a3361e7410a39d5afc8e7904130f9e3390ae90f033388b9de7d6a2f106d5cc8a1c6e59fbb28c11345b6e7fdc9558a098399401eb16198c5ffb5e1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | d0e2d82a108f12dee9a4b4b4fe3170e3 |
| SHA1 | cd90a159dd3215d705ae6631ae2a9f71d38b56b3 |
| SHA256 | 517f0425c755fe6ca4e7e4726c2061f1d3c415239bc383afb1e50f36268e6892 |
| SHA512 | 77270c8396fb8d67397a1db31a6b2aa9e4855a49f51a731938a932704cecda7b5e41132393ba3319c9fa4b7355e7698d73a43df8fc706bac70e8019a2a6ab5c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 4a39d7679905e2864f7960abb5c3d2e4 |
| SHA1 | 51a171140ccb0000a6b85be6c5c58f83435cbbf5 |
| SHA256 | 73e087e129e8f7e663ec1ba4381df94bc46ddeb2e4e49cc61eb071c71d729dc6 |
| SHA512 | bee6897b3c8825281ff2f6d6709fb3c8c2c8dfff135ad05264e8974cf395a204092c03dcc13aff6c13d2019ae64b053b6079a2b284d8af5fa27c8db61d3eaa2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 80fdffa43780196ea28a74c01b4b6c69 |
| SHA1 | 02d48ccb6691284117e6477650c988028fe1f483 |
| SHA256 | a31e7c91ba7ccb3b68ff10ee4e1e9303bcedcf0a19f7a603e532492910f970e7 |
| SHA512 | 3614a56b38b6a21deb156f8d09facdb6618c6afbc3436f3e083f4c1b0b3163a0f8560f71fb8838a6519eb2d314c0a7123b05ed169236e569a6d771efc2a9ca17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 4e90f58db53da2207a34d1cdd04b56b3 |
| SHA1 | 0d7a983f93c72a186369900e36c1f69472292679 |
| SHA256 | d4dba762aa70749391513700e4716939bdeefec33c825eecd6c26e97a40ec35a |
| SHA512 | af63d4b2a5b75f45ea41fabd5cc6d259821e24da37cc3f4c2c4714065579f1e51e87450fa669cc4399eb724d7c0af17eed599229b2e338a86af6085cdcad419b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8bc1de9a3abca984e58ba21d87e0ccf4 |
| SHA1 | e8985756b74c1c2692b24008b155fa976f1bad76 |
| SHA256 | 6bb3bc8f6f8cc4cede91fb496dbdda65a1740e86f612735afdbc525b9c913f06 |
| SHA512 | dc56332a0e241c0e62d204c5f9d1212d0903d7d44063fa503cbb40bb45c193b7b4542c71a40b1f053e6cf8d2a33ebcd6bf6c376cfd6a815673bf9a6717d90e12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4693fddf3aeee1a4ff366b370908d76a |
| SHA1 | 18593de0597029cb40ccec91c13e57e955fc4078 |
| SHA256 | c920d93c3bb655967fcff23dfbb01a20735298834b4333e1a4732cdd6e4fb950 |
| SHA512 | 9d3bc9efb958cf6a392ffde2ea4b3d9cd16171a96df46e87a719021a9ca3504df1c1602d44c5201055c03dfc345d8eda3d34702e256e9ac1b445197fe5f90767 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 72a1a40ed3ecb93c614c50f8e884ecb9 |
| SHA1 | 04813ca13eb7a6141930b74624c5c2518e3cf901 |
| SHA256 | 281ab545faef22c71fd6a8437f05593840fc56820f51458be6703b0002b33fc1 |
| SHA512 | a4c215fa16d94883df21057061c09bf12efee3e7f85dd2194acf502d9b8c52812999ad8986bfc434c8a00658372373ccccfb61ff2b155ec9be9081d7a8db18a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cb758cade3318573a877e1f8744e0ada |
| SHA1 | fad1abeace86e7c38ce56045280a116b2334ce19 |
| SHA256 | 81c31d8193e5c120f92354dce3989fbcc16c6dfc300832cb2f6a8244413fb841 |
| SHA512 | 71e9c8481859cdc46f2b99ab2fce5120d24f29b55c364558b9dcc8e3f0ada30a3977b8c607f22a0909c58a1d664ac5f2b7ea3c7e237004adfa9767eea875d92b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | db089d27b21315ed06c3a5074ef4ed89 |
| SHA1 | 00e290ce6c6ffd4d72e548029644b1d3389137b8 |
| SHA256 | 725b23ee114a9674c1554d74a3404babc5b14393bb32efc76fb81fafe37ea92f |
| SHA512 | 04c2e3d9b085a5ef114cab512e018e59b359972b0229c66dad0c0ae7a954f199b27677979d0f1134b754e5254ff8038a5de952c865aa4e23b9638ac8a4608a1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 217a00423f11a12f9155c6f20fd55d8a |
| SHA1 | f9da76a490b4c636e91301c2d2eda92f9370bb80 |
| SHA256 | 490af9601ea97f40b9e39d17d41bffd36c64d84b712401e013e1bcaf9d83c0ec |
| SHA512 | abb4588a0643c4b763a0876c7d1b5ea36f9c560a0a898520c9f529183a0eea1895fa3a3a6f1fd2b2487274139afb9b51fa7ddfb23d2e8efe4e7104c86217c3e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a9b5d1cce95f6f2342f066c59fc1dde5 |
| SHA1 | f8104065b27ae6d73bc1aa408ed54637b3ee051c |
| SHA256 | 6320b4533d8ec846db3cb1fa03586a007e555d48d0da7906760ce669aa6f4bbc |
| SHA512 | d07a0b0fec58746924cb7a1a42a473912455bc1b55ce164cca99ad69bded3075ce3d6f9a5c46f37ae87724b92964992c432be8d4e57eed292f79d47b01d1d09b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a0773.TMP
| MD5 | be6fac1d039daa856b1abe9c27274496 |
| SHA1 | 8890e660f666d82f3b0b89bc46848d6f863e7bcc |
| SHA256 | 88597eaeab44f8012c4d63733dd2fa328edf40d1cb091d301d51b29849d72d62 |
| SHA512 | 21dbe26f78d6db0601b1e9f2237df82cb4d56db24f410fae78eaa3fe23a951776cf94605d8a2c4ca06d0553921217667074377518500383ae684cd90b95c4050 |
memory/244-647-0x000001DD03580000-0x000001DD0366E000-memory.dmp
memory/244-656-0x00007FFABF320000-0x00007FFABFDE2000-memory.dmp
memory/244-658-0x000001DD1DCB0000-0x000001DD1DCC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe
| MD5 | f6f686df785d0abdc66d1f90fa508c4b |
| SHA1 | 75f348132001df30cbad9c7cae2e2072fcaca38e |
| SHA256 | 61b52af14fc66126a4e7f09b3cff7d3c09e5ad35acf23fb9ba43293fac0c995f |
| SHA512 | 7daa425723caade3ec747fbe6e425e26bc419e1a7dccd6253770fe1a118a8b90e0f40f6cf4bdac259e68a0198a384ed1b5de7515958f5e17e4e35219b9077d77 |
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe
| MD5 | cd23ce40767e112e721f1ca9413ad5fe |
| SHA1 | 1cc153580734f48db34bd90a5934fb8523a269c0 |
| SHA256 | 9e5dd3591ddec14e4c4c7a5173662663c6c81a10987ca106eb3d4a99344587c7 |
| SHA512 | 4dd48c127fd7c936b6fae6ce1cc65e855aeaf99b9a38a2d6c756afb797631d4fc13d8f539ed6b656bdc3fa7ee2ae9314d4dc527e45d7701dcbebaf0abedec98f |
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe
| MD5 | 9d2e896d8247b4100425addf532bb416 |
| SHA1 | b4998b3c9c23507f6260468c47e6326ce63f718f |
| SHA256 | aab7799172be71f4ce4682725ad2a395cc3180fa0be9650085ca216b46dbccfb |
| SHA512 | 4e9d7957b413eeeac93ea1974014e62e906e082cf3fd2bb29fb324aabbd14b3fd2c252500bba99a793dd88906c2cef12e4d28b8c6e7be675e66ce4a4610d6843 |
memory/5264-673-0x00007FFABF320000-0x00007FFABFDE2000-memory.dmp
memory/244-671-0x000001DD1DCE0000-0x000001DD1DD00000-memory.dmp
C:\Users\Admin\Downloads\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe
| MD5 | a21db5b6e09c3ec82f048fd7f1c4bb3a |
| SHA1 | e7ffb13176d60b79d0b3f60eaea641827f30df64 |
| SHA256 | 67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5 |
| SHA512 | 7caab4f21c33ef90c1104aa7256504ee40ff0a36525b15eb3d48940862346ccf90a16eef87c06d79b0ffd920beb103ed380eae45df8c9286768890b15ed1067c |
memory/5264-669-0x000002D0E1040000-0x000002D0E1066000-memory.dmp
memory/5264-675-0x000002D0E2D70000-0x000002D0E2D80000-memory.dmp
memory/4816-676-0x0000000074F30000-0x00000000756E1000-memory.dmp
memory/244-677-0x000001DD1DDC0000-0x000001DD1DDCA000-memory.dmp
memory/4816-678-0x0000000000BC0000-0x0000000001252000-memory.dmp
memory/4816-679-0x0000000005CA0000-0x0000000005D3C000-memory.dmp
memory/4816-680-0x00000000062F0000-0x0000000006896000-memory.dmp
memory/4816-681-0x0000000005DE0000-0x0000000005E72000-memory.dmp
memory/4816-682-0x0000000005DC0000-0x0000000005DD0000-memory.dmp
memory/4816-683-0x0000000005DA0000-0x0000000005DAA000-memory.dmp
memory/4816-684-0x0000000005FD0000-0x0000000006026000-memory.dmp
memory/244-685-0x00007FFABF320000-0x00007FFABFDE2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp4DE3.tmp.bat
| MD5 | 84c98f637d42fc7dcf07d10a2564f2b7 |
| SHA1 | b5cfe1dae2ebe73f2c3b367eaf210fbd97930c5b |
| SHA256 | b044ff48ce45b00c69fec601f214a175c48bf20e93868e4a15f5caf86c0761d0 |
| SHA512 | 4478127fba79ae627c35ed223d9663472c9793b4982492b146584bef40580d4b5675ec56d3284de6216e6b3c119c53ce5d73253850815df75c5c5faaaa30fb6f |
memory/5264-690-0x00007FFABF320000-0x00007FFABFDE2000-memory.dmp
memory/4816-691-0x0000000007AD0000-0x0000000007B36000-memory.dmp
memory/4816-692-0x0000000005DC0000-0x0000000005DD0000-memory.dmp
memory/2848-697-0x0000023B7FD00000-0x0000023B7FD10000-memory.dmp
memory/2848-696-0x00007FFABF3D0000-0x00007FFABFE92000-memory.dmp