c2acefe58fc8ee2249d951b386ae74feedbfe36a2d252850fa1a891b528ef716

Analysis

max time kernel
69s
max time network
72s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
23-05-2024 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xvirus-Tools-main/start.bat
Size

22B
MD5

439fcacf5dbd7675b272bf20a28ebd26
SHA1

567c60f881fe536d43f69973914cfa55ba3577a4
SHA256

93f20b2d08664ce038d6c18475c6a82f6304da012aa910ffc82aca3657fd0a76
SHA512

b4650e771dda5e29340867f73d5f5478e28ac3d17f00ea8d99f71e6d519faedf00e00aeba0cab889984a581adcde65a20c9bcb7e6ee818f0471de0dd6bbc1262

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
30	camo.githubusercontent.com
31	camo.githubusercontent.com
32	camo.githubusercontent.com
33	camo.githubusercontent.com
34	camo.githubusercontent.com
35	camo.githubusercontent.com
3	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609485860534549"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Xvirus-Tools-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 436	4548	cmd.exe	79
PID 4548 wrote to memory of 436	4548	cmd.exe	79
PID 4548 wrote to memory of 436	4548	cmd.exe	79
PID 4992 wrote to memory of 3556	4992	chrome.exe	83
PID 4992 wrote to memory of 3556	4992	chrome.exe	83
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 1832	4992	chrome.exe	84
PID 4992 wrote to memory of 804	4992	chrome.exe	85
PID 4992 wrote to memory of 804	4992	chrome.exe	85
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86
PID 4992 wrote to memory of 748	4992	chrome.exe	86

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-main\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python Xvirus.py
  2⤵
  PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7fff1e79ab58,0x7fff1e79ab68,0x7fff1e79ab78
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:2
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3476 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3788 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3308
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff7aa67ae48,0x7ff7aa67ae58,0x7ff7aa67ae68
    3⤵
    PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4380 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4640 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1736,i,16023557127649705939,10815844901188970163,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1388

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Xvirus-Tools-main\Xvirus-Tools-main\setup.bat" "
1⤵
PID:5004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K start.bat
  2⤵
  PID:1884
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python Xvirus.py
    3⤵
    PID:2212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Xvirus-Tools-main\Xvirus-Tools-main\start.bat" "
1⤵
PID:3476
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python Xvirus.py
  2⤵
  PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
006feea3bee7330c5c61a025c5b74268

SHA1
aafefecb474eea66d8612c6bbe9b5629bbe0c29a

SHA256
3682961800d1eb764d8cacc076ddbf10acf4d50893c68e91ea8540f723917db4

SHA512
0ad3c4b4079a3822465d1d2a4de86a620e0602de95bb37fed55ecd5b9772b507b7ff22a33a290a25e317e4d96061f6832070cc0f1ebedefa0516d162d8cd5ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
166cbd6c9147daf6129aad0a8a25abc3

SHA1
d8eda4960eea0cf36f7a4d6448d820ae8396c440

SHA256
794d1bd4cdfb462235cc7f511a7c7cb318670bbb0faa89d4f50286fe36161aae

SHA512
499315f1c96e5b754144d0a0fb610cf654bb223c00ac58178b57102688dbe6589586f85398adb3e1aaa47672a15e092f9a9df5ff4dae9bcd9d1eecde21adf271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bd0e1c6cba2f92f345a16e23db239909

SHA1
93c82fcf2525c0d0fd32bbd264e2110d7178b8e1

SHA256
5ffb8cbd211be747f79f2f832f390214fdb4f134c14c8ff36227c2b6064f5ede

SHA512
6594e5b13736fce9db6a4c6030feda47d17e66c162dbda61d3c8f579eb2cba11f894bc08c5333f7a9258f4c1a64032ad5c7c848611a9a734bfdf8feb50f61552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b57ea941086fa8d91099c06519bd69c6

SHA1
96717bfccdb3a5d9f11921e448835fc23c87a5d5

SHA256
0aadc11f984013504522d1c815f153f84f0831824ad0600597f9f87967eb6d99

SHA512
5dda654e86b8d36fe952acd869008627b6c3d1cb28ccfab699aa3b42727137490de7fd35abd033d4d638b6756d8b6ffa4810b6b2c952a15f1e4a5f1b831b3ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c5dd3571e9aee04a0671bd54758d8263

SHA1
d89ccb4a560afe8c865b1062fca1308122afac48

SHA256
55bf6f4d3475aaffe2965a493d3864cf71e259810df5d6b57d8965ff3f0a0e02

SHA512
1e9916d7f90096b3e1feff9f462f82f52106b00f72dd050dcf313c9c6d55b37785b0497b5adf1e24ef9451d14ecf476bb86803b4d1daed6d25a7ec1afc24cd21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
ff826d3e39f7796ddc45844ea06fb887

SHA1
156441427b070644b7d6c6687d14997bed7122f6

SHA256
9ec33963d1f905e949786fa3896d895a554512f5964b770f360a7d4628d8bd03

SHA512
ecf66a0afc98681eee487b353567e927eca57a82f4defcd48627a843541bcddd2f950e137373bed822db88cdeb87849c4c58ca1d90e5ce7cc6e3f68ca2b02de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
5bc7876be2f25b832c51fa53d9d26ec9

SHA1
3e50277126394908d450e79d43f10d6070a43d78

SHA256
f6dac6a413ed9f79481f38cbbec36355e6328bb88fc15835de7ed2b0303de592

SHA512
2a4e22d80aaacca44ec438f001babe7b71cb1b3107a2e699ca3bc906156a15784a1d25029344738c90c6834dc076f31b1e507d465d027fef615281f3a97699d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
a4761c1fd69c505de580c9a4c7cca8ae

SHA1
63e1d491aec027ab1da338daac73577cce3cea99

SHA256
40975605913f8215b947eed5e0bbb89cab165cc3df39069da916ca84b8766791

SHA512
b8256f58a4df1ff161fa04cb5a39d34f83444f8984443ddc093e00976133acd698342b98c8913f007d974888c196d067c02f4b5f710e5552c9c9a03f7a97e9ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e2fd.TMP

Filesize
83KB

MD5
c1ce467a99ff57e067812289c91d6e90

SHA1
599a5900bda6016b72647cca9e538211635ca85e

SHA256
5a80057e682b49a58d7c3c88eb3be594d925725e75194034400f698fee960491

SHA512
c30e5471972111fc7c5c624496ee3cc4b3c17f46a61708c3e987af82ef4a9fa03ce71467940c16d710ea772a742fc596671d98c7e61ceedc2e818afc7e2bffe1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
975B

MD5
297839311575e94b64f36aa6ec6990de

SHA1
2e0d5daa6449d57528be23ceb267578f6ae054e7

SHA256
8e22152dd8fe0f67a73d6dceed8c1b3c68273fc743e82a99bacf307fa567e10f

SHA512
398c234bd5b46c56f518e33f24bc21e80bc8ab8415636162f24b264929d7b1b275458a933771e655270b9ca0daa8be08e090115e21136444054ff55e3de70d79

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
e7b1c98d071c4ae3bd110cb98dc2eceb

SHA1
66868ad1a86b227249f8afbd84578d08337bc4be

SHA256
4d5602ee43ab0dcc4b59eb44b73ab479dec8e94ecdef2a635e5226ea4849daa8

SHA512
c6989c4c4aff0ee05e673c0701bac593e87a3c8b07f7984429e03028e04cf22b2839307d8e3a5bd3a5b8f054424cfb58e1d9f730afef916772b688c0c3ee7f6a

Download Submit
C:\Users\Admin\Downloads\Xvirus-Tools-main.zip.crdownload

Filesize
41KB

MD5
c0bc3ac40c3d0cc192c1e5c724ef47f6

SHA1
2d13212fefe3d2b1a4289d0d397820a32f656f30

SHA256
c2acefe58fc8ee2249d951b386ae74feedbfe36a2d252850fa1a891b528ef716

SHA512
374a7b7596522100c92050579654e3ea573be9bb6b8200e59428a3f7ea7b60289f73f412b9511db8779360217a84063762d5230a3db74c32c1d4d556319337e7

Download Submit
C:\Users\Admin\Downloads\Xvirus-Tools-main.zip:Zone.Identifier

Filesize
155B

MD5
e2fe7300da54f55c491bc987fe65d26e

SHA1
2bd82db0acfa9e3d799c23924537d4f8e57c3f50

SHA256
7cd0c245f31e160e6d65fd042085e6a98ece8c19111d0146a67666ca24d886e1

SHA512
2724fc6208efa68fb6aa97af7568693c95e354209883f81437573abb552f4f43a7ae0efc3033893d3022d002d51786ebd1d2b0977055f82451149164358d91a1

Download Submit