8fe4688532e1464bb2dd2aebfef787f46a9533ef428083d808e26f866c40004a

Analysis

max time kernel
137s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-11-2024 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-5.6-main.zip
Size

36.8MB
MD5

cf5c53af8f76619cadc3081d01e467f2
SHA1

cf03ab38346371eb4b99bba49ab857e164bf3603
SHA256

8fe4688532e1464bb2dd2aebfef787f46a9533ef428083d808e26f866c40004a
SHA512

97a4c1c743a41dcf8dfaba2338142a8c567c778ac31ac0c9bab7bf15c07b68ce93c76516c496c4d8bced42f2a42d9dc191ad72484635a13799abeafa01dca7ed
SSDEEP

786432:Ty5jMDNnx2+4NYobtH8VVtKqi9+i514XZ/pjYlpJ5tMwvT3L+diVu:MMDNnxV4iobxibiIi5MpjYvJYwTwL

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5008	Xworm V5.6.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751986562898545"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
5008	Xworm V5.6.exe
2600	chrome.exe
2600	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5008	Xworm V5.6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of AdjustPrivilegeToken 45 IoCs

description	pid	Process
Token: SeRestorePrivilege	2168	7zFM.exe
Token: 35	2168	7zFM.exe
Token: SeSecurityPrivilege	2168	7zFM.exe
Token: 33	2120	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2120	AUDIODG.EXE
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2168	7zFM.exe
2168	7zFM.exe
5008	Xworm V5.6.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
5008	Xworm V5.6.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1572	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 1664	2600	chrome.exe	97
PID 2600 wrote to memory of 1664	2600	chrome.exe	97
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 2548	2600	chrome.exe	98
PID 2600 wrote to memory of 1588	2600	chrome.exe	99
PID 2600 wrote to memory of 1588	2600	chrome.exe	99
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100
PID 2600 wrote to memory of 4592	2600	chrome.exe	100

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2168

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3764

C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5008

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4092

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2120

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff969b0cc40,0x7ff969b0cc4c,0x7ff969b0cc58
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4380,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4444,i,14047820320092916511,7296491509485074118,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:1732

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7cb8ecdcb5fc1a413cf6375a8645164d

SHA1
c8adcd7ac723a61bb672ec89a1fe22466ae15c77

SHA256
e79d6ec8f5eba09cbc07c6e8daf9a055b9ee813b502bbf42e450793c293ac1b3

SHA512
e7c352063abaf3ef07a15d8dd008f7a11690d45568cc2c8098a1a5dc8b14698d6c6c7bb0d8124b241bfa85aa266f91ebd874231b5d02e721e2bb08aeb352c2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
f8ae80f17f54d828666ec3596f70b30d

SHA1
16caea0206da00e5372027ac9d9100a383088851

SHA256
b2f2823f388ad3634c253bc98c90ec1d3757146dabede9e6827dbb14189270c5

SHA512
fd952c73e4b729abceabcf8d1ee6913612ce5a2f17fa50d779c20deb1cc155d3405bf1d53267f5e58a0e553587e7e8f7034a819a7072612dc51f854aa4ad63a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51a5ffb0f0aed04511e828551dd7edd2

SHA1
a3bea4cf475d6548db27bbfa919f6d659b0251f5

SHA256
0aba8207ab7fe480e8a0f33e91dab9959935ce22bf6b2abd0d247e3a207c51d6

SHA512
cdb89bb33a95cd005c3f7f2747c050b44a91a65641d2510aec346831d1045833a8f5e7ecf4f206416fa276a090a7105da0f60d83217bc00eee698d42d0bf2d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
31e3ccc7b0ddc51b429a73c53eafbbfe

SHA1
01493d491d6a69d03e1cd743349b48deeab2eed7

SHA256
d1a34df62772836fa40b00888f2ee57d18c20c10342038fd2d7b5eb5ec4b0a53

SHA512
4b71c7fbc6bc31251ccda6d87b0401059f3793378240f824887cac62c7d395365c675ebb0cddedb7af67385918cdf22f2b979be5d3ad285eedd565e004c6374d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
64de3e6c3d4c96e8aba1af45dcc22144

SHA1
e73cff277a9003b6a3d683186588e6fc6336b916

SHA256
95d5b77f51fcf6616a0f4b6afc04524bb8a20baccc5d72da8d4a86272e6ff34c

SHA512
7c13597400c94144f7f833dc95f6f6bf25b083b13876417d098e1ee50f7099f64dc424db3491ff5b5e4f1ea8645560a7572dfb59ab73cf26a222bc78539cfebb

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c0004822-28ed-41c4-8051-992656b680af.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE87815B97\XWorm-5.6-main\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Desktop\XWorm-5.6-main\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\XWorm-5.6-main\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\XWorm-5.6-main\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
memory/5008-248-0x0000017C9F740000-0x0000017CA0628000-memory.dmp

Filesize
14.9MB

Download
memory/5008-252-0x00007FF98F7F0000-0x00007FF98FB64000-memory.dmp

Filesize
3.5MB

Download
memory/5008-251-0x0000017CBCAD0000-0x0000017CBCCC4000-memory.dmp

Filesize
2.0MB

Download
memory/5008-249-0x00007FF98F7F0000-0x00007FF98FB64000-memory.dmp

Filesize
3.5MB

Download
memory/5008-247-0x00007FF98F7F0000-0x00007FF98FB64000-memory.dmp

Filesize
3.5MB

Download