rhadamanthys | hxxps://github[.]com/koyaxZ/XWorm-v5-Remote-Access-Tool

Analysis

max time kernel
40s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool

Score

10^/10

rhadamanthys stealer

Malware Config

Signatures

Detect rhadamanthys stealer shellcode 4 IoCs

resource	yara_rule
behavioral1/memory/4968-219-0x00000000023A0000-0x00000000027A0000-memory.dmp	family_rhadamanthys
behavioral1/memory/4968-221-0x00000000023A0000-0x00000000027A0000-memory.dmp	family_rhadamanthys
behavioral1/memory/4968-220-0x00000000023A0000-0x00000000027A0000-memory.dmp	family_rhadamanthys
behavioral1/memory/4968-222-0x00000000023A0000-0x00000000027A0000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
24	camo.githubusercontent.com
27	camo.githubusercontent.com
28	camo.githubusercontent.com
29	camo.githubusercontent.com
30	camo.githubusercontent.com

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	XWorm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	XWorm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	XWorm.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	XWorm.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	XWorm.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651909116477164"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
4968	XWorm.exe
4968	XWorm.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
452	chrome.exe
452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4384	452	chrome.exe	84
PID 452 wrote to memory of 4384	452	chrome.exe	84
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 4820	452	chrome.exe	86
PID 452 wrote to memory of 2184	452	chrome.exe	87
PID 452 wrote to memory of 2184	452	chrome.exe	87
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88
PID 452 wrote to memory of 2728	452	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb758cc40,0x7ffdb758cc4c,0x7ffdb758cc58
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,9025927883744509817,9829302063304809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,9025927883744509817,9829302063304809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1596,i,9025927883744509817,9829302063304809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,9025927883744509817,9829302063304809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,9025927883744509817,9829302063304809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,9025927883744509817,9829302063304809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,9025927883744509817,9829302063304809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  PID:1520

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:888

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4804

C:\Users\Admin\Downloads\XWorm-v5-Remote-Access-Tool-main\XWorm-v5-Remote-Access-Tool-main\XWorm.exe
"C:\Users\Admin\Downloads\XWorm-v5-Remote-Access-Tool-main\XWorm-v5-Remote-Access-Tool-main\XWorm.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d7fd1d52e5680d2ff971abf6daedf085

SHA1
5501240c8d7798164b1ed3aabf8e64e88f8fcc3c

SHA256
56fecb0ea329e82dd1230bb3ee92abfd4ca2344e244d9a0d924072d5736d00d5

SHA512
23069b86d50e6ad3fc77b3eaa0249ada8cfe364d1e7b48a65aa0dde48e57f749d865f755053f58f6e07f9c91617f2edf0e301278647c2585da9c35b119bfe3d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
43b5071826643f0f837f8745c45b3489

SHA1
d5ae05f3866bf0d20f79aa4ec5520aaf5a3c1836

SHA256
644c66b0f6b42a6907f0e3631ad76e2a3972af0f9d507061388275c0856bcec3

SHA512
a08d74035ae22358a5dc376a347c9135ba03e6b10ce1fa2254185822ab837165476b8825b43f0f9d8f036b182d10bb9bdd746118d0ccf0c5cd94eca52c25e690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1ac6028bc24984388715c3b3b94ce757

SHA1
969da7462e456ad96a32c8fc20b016b69800918e

SHA256
eb26c3cdae01e14f8d4e2f3f7fd3d7e5d2a793e5746bb6385b91e5f696406550

SHA512
83ac800fa566aaa3338c5fbcc70ed81e3306c34824a3a38ec8615d2ec36afd5e0649e28300e0a61143b698f051847f7ece1a044e7090c549f652ef2ae49e56f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a38e44bc20be45ed3255c100c650486a

SHA1
d5865b8c6bf9a8f4a90d73c1c46469269d92c657

SHA256
d09592053da90ef1f4db4c95eb7f21989702da79b04b0394447b380f31b3be05

SHA512
f4239afe2a7e91c1f0152f1563b3b0dbda8c81094187a164661fe1f25480159a44df061f7913f75f2bcc88bc9a56ec77838282682f8d1ff695e1a2e8e1f55a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d2cc495522f87c9d83429878b441e1f

SHA1
d4a8a78892b008eacb5a56741e579d96feec09bf

SHA256
7b6a97037527569e2c197c7653a411cd25dbb91641d596467c7b77e330429949

SHA512
da7119f7afe04c1be044904b47c8b80a759dda069c2359c4eb2c7b931cdc2937a5dea3d917c61821eafc500ea3a2d906530fcd63b274dbc4a280242f1b9fe5eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0709c2e21374a618a289471d10144b24

SHA1
de464f6b308b878863ee6d5976bbf972875fe745

SHA256
d9cfc4c2c70519fc79e0344622020551694c25189ffa2590fa8c662f972837fc

SHA512
c23d5998d9b2d62b76274d853be1fb69407b4bd979968e9e250a58762f4fc5c35d2ab6dac028ce3cb8dce46246f26d0a5ec2048ca2fb0c38b11a1ff7c82ba2c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
4ac608682d2560d9cae29a50e435ad84

SHA1
e39654fffb81474f223aa41c91c8121a659a1520

SHA256
b14e0b6f2dd433f82a2c0cf9ec18dda525dad2f4c8c5a47f2b26a64082026e18

SHA512
1f150521773625794b8922cf71be7197d6cec222a64963fd93dfb257d5180dec2692e7b4a9d4660a48d3163784cd1eb2fe351346a235760acd82bc35b16bf62a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
40b574252f10a37fced82d5f9df6661e

SHA1
aefdecc013225462bd31a9b8edc33061235d0950

SHA256
7b9bce7bd14b68c451a3efd4e30e76593a361b883bd019014ec85cdd9a3868f5

SHA512
76a602a46db2061e9909b9b03532a2bb2d98b5bed131d317953b4cf6417fab39d6bc799a7b91ef8c18f1b492f38ce43c0675e55c384d002b4e6e717424c309a0

Download Submit
C:\Users\Admin\Downloads\XWorm-v5-Remote-Access-Tool-main.zip.crdownload

Filesize
5.0MB

MD5
4009932a7e44d607b529598df00ff375

SHA1
ff8bff1c6f707101215aee8d7ff315cba991001d

SHA256
50505aa9a36faa076b8a6894297bc8fed02269938e6592b7b7be7c9c809897dd

SHA512
b77816e1aaaf9a09155f91aa91070a099fcd09acec92c28ac6afa4bdf2abcec3d4e1eaa028efc4ff9b0999fc6b90ceaa71146d9023aaecc074a49945364c38de

Download Submit
memory/4968-218-0x0000000000570000-0x0000000000577000-memory.dmp

Filesize
28KB

Download
memory/4968-220-0x00000000023A0000-0x00000000027A0000-memory.dmp

Filesize
4.0MB

Download
memory/4968-222-0x00000000023A0000-0x00000000027A0000-memory.dmp

Filesize
4.0MB

Download
memory/4968-221-0x00000000023A0000-0x00000000027A0000-memory.dmp

Filesize
4.0MB

Download
memory/4968-219-0x00000000023A0000-0x00000000027A0000-memory.dmp

Filesize
4.0MB

Download