4c68fc7cfea0b998be9ebc730f6fb64453111463cc97a05832f826bd5c95c70a

Resubmissions

11-11-2024 22:32

241111-2f212axldw 10

11-11-2024 22:25

241111-2b6hnaybkd 10

11-11-2024 22:10

241111-13dfhsxhkh 10

Analysis

max time kernel
152s
max time network
150s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
11-11-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.6.7z
Size

18.5MB
MD5

6df23ee40cdb76bcbaf9debadabadd54
SHA1

98113a1537411c368d33691af4d7b03b4019b828
SHA256

4c68fc7cfea0b998be9ebc730f6fb64453111463cc97a05832f826bd5c95c70a
SHA512

198472da9d16717d5607541b26951c113e821cca95a204c8973b3b3f92ed42eba35dc42ab2a4efa193c404319a64c34c90b35837ab4c924c1dba3a3fcce55292
SSDEEP

393216:CipL2GD+ki9oXFJan9qqBYpusMUO8hEx2sidgNwVgs5517:CiF2k+f9oXFmq9pusMX8axD6355F

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
388	Xworm V5.6.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758379694842004"	chrome.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
440	7zFM.exe
388	Xworm V5.6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	440	7zFM.exe
Token: 35	440	7zFM.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
440	7zFM.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
440	7zFM.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe

Suspicious use of SendNotifyMessage 47 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
4580	firefox.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe
388	Xworm V5.6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4580	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 4920	1968	chrome.exe	87
PID 1968 wrote to memory of 4920	1968	chrome.exe	87
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 2120	1968	chrome.exe	88
PID 1968 wrote to memory of 1328	1968	chrome.exe	89
PID 1968 wrote to memory of 1328	1968	chrome.exe	89
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90
PID 1968 wrote to memory of 2612	1968	chrome.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fface70cc40,0x7fface70cc4c,0x7fface70cc58
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2208,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5032,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5148,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5256,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=500,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4664,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3324,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5400,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5508,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5636,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5676,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6000,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6016,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6240,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6320,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6104,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6268,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3364,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4604,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5728,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3780,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5288,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1136,i,18342557275293385912,5972459289007046305,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3208
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1944 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {692da004-a835-4acc-a1ab-54effde41dac} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" gpu
    3⤵
    PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {155d2df4-caf8-4bdc-b261-df9fddde7622} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" socket
    3⤵
    - Checks processor information in registry
    PID:1960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 1552 -prefMapHandle 3160 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {000fade1-98a7-453c-b6e8-b2918f9e9a92} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:1292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3688 -childID 2 -isForBrowser -prefsHandle 2684 -prefMapHandle 3660 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9e65d21-1567-414b-91db-7d941dee41b6} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:1092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4760 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4752 -prefMapHandle 4576 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {859feb0d-d0ef-4756-922b-4ac865a86fca} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" utility
    3⤵
    - Checks processor information in registry
    PID:5604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5412 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c451df8-c8aa-4de6-93cb-fcd9ef258079} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:3400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40061d9-7c93-434c-8a76-38af14402d6a} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5776 -childID 5 -isForBrowser -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9ab1397-8d67-401a-a654-5b453bd2579e} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:5648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6328 -childID 6 -isForBrowser -prefsHandle 6320 -prefMapHandle 6316 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4035d753-e771-431d-819f-828606a6f044} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:5788

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x514
1⤵
PID:5836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3748

C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:388

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
714453c0b5dd034231856d2285780e36

SHA1
c30902b8b225cc798bbde1841fc859ea5f15cc77

SHA256
69b2eadaecca78001811de951ced3c1c1b39cdd5792077423494e0f0118aa478

SHA512
45faa0ce82f40cf210e561b7498605df9a68d1e5480a9c5a66a9d70e3c5ad62febd0508652f3e429318958abebd348d7b4ceb1a37a2601b9a9a164c45cb8486e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
105056ffb4c26117b6821d1f1e36e311

SHA1
50375572b9f8456e961c6de249008d6cb0d4bf02

SHA256
f742b3401635ef01b2997d7ebc85860ca2eb6a02febff7aafe0dae274646c64e

SHA512
92e8f8d1bc718eff5a05bbd2be0a0aa0cdff93cf97dc6554a499457c817064b25ea9909d27ca439095cbd5b286a91365f6a6e14d7c2fb5dd0698b49363db0705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3b651b775a00857d999fa8aee6516630

SHA1
47a322f513ae81ea2f7660875d148e7e7d87836b

SHA256
e72edccf7a065232d57b5bd7d9b02c4d56752eb520098ad7f20e3251bc3f9444

SHA512
59a1a5a1998e4c6346eba59e7a1d6fc5572238583f86bc0a86851144bb23b91ca3e6c4f91e23070a75990cc44ed217ab72c5bdd157e23d09384a3cd3a4258ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
df66e8c05b3dc2865bdc4636db42eb75

SHA1
a8d19144bfd3a8f0d52c9aad1e68e139e2e92535

SHA256
391f01afbd3b0db6e2c484ca7e4eb27c25410cbabcefd47b33e4f27cff3575c2

SHA512
3e97ba50526a5c4b5c4a46ca87f2cb6213b6dc80e1d1b4a93fb4a8ec4f6a6f84d2b61148c71a232b137946e392ca15fd537923e2fb20af648d7f27417a6506e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
cfff0b08bc5fd6a0fb9e7a5e3f01ea4c

SHA1
5ad6a3b3272b6f5800a1ab889168fb3dc9053b28

SHA256
40de2889c51a5e3884fe7ee9bcc8a357a60322fb9fcac4a154d19e3ab3306dc7

SHA512
fd1d730bffeb32f25a23469c1e1bc9b6bc30b63bb2eefca742fd47160c8fbac1d0c1f181cce9be806b045539acd47bab28031707050db52c9b9ee4bef47e28ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
a01808d7e849ef07a86b64e89621fa38

SHA1
a9728c6bcbbccee1317d5e8ef6625f43746be2b2

SHA256
e317b57cf6d968f80ff1b652e91f234859fe34d4a6cdcf880aabdf722d844ade

SHA512
96b5ae82c02019558fd0e3bed225f227878c3a5d5a2cda34ae69286c594d7de02fa38d2ea2f7809cce7cc08f8aca557ccb673d682aab2a9cb2472d782b24d469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1d1e146c98a44c32a6f3fe9c8948abbb

SHA1
4c8ca330599daaeebf4072d608a4c1634fdde686

SHA256
a0d71a60b22e2eef8ecb2f11002868902d8e7b2d8a3e42bb961124e85913dd4d

SHA512
58f9e2768894b6a39d0868c895b3be84b00ecbdeba01450adcb4d6a1a840ad40980e5a9372c48f9eb71c34cf5a98cb37fafed39d0530607486d48b2e27982f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
56e529d4bb1aab870d3ce122d9b16501

SHA1
16a72171c2a155f5c02aad63bb6a79d708f25561

SHA256
39cf87bde434954f9489c6c36a88e1fc5251dfad8ceeb704373c31a2063fafd5

SHA512
81bcb2ec31f8f9270ed0c891c5cc2490692e763b6de42a10ae06a21a85b746dc0c881802df548fc1612db72d671a372b0e8b4ba80b52f0cfd9d2853db0f2759e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
32bf2091eda8fb6109703bcc5cfb51d0

SHA1
bad1b0d687ee3e5873e5302e8bd4d019074cbc69

SHA256
9537937d24cd608a0ad5c5237a35c506412211470faaf83e808394dc068c9eda

SHA512
2ddbd1ab4c6b910d178af295c878bf39d3f5648feedcad24ee3ff9878b866767b56d513fb988f9d4e5b5db9da0e4c58a5f9f0c22c5cad22c62286fe98b67d3e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
dad345de7b6f510251fb749116c7b12e

SHA1
ffe67376b67f276c4d1428dd9e13900040a2c802

SHA256
424573aa2a423001ec446507a2f39bb4bb6aeebcba47c973b2d3a1ed7e790298

SHA512
9fea570517e575fb45fe2148b71490ca449757ce4bb93d7ef59886e2c1e9e0893688692d7d30b6afa8fed8041d2d8e4b06d884273e60c073fa77aa2985e19b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
641e549cb4b119ec423e21b1ff68f33e

SHA1
601f79a24316b13be7877ceb56d7f3bde00ff6e1

SHA256
1f390e8dfded9683ba879cf5bf165d9c8f88f7a5d5542f1191eb1d2ececca9bd

SHA512
a76702f8544501b960549a0631aca0ee939b8c3e361a316a717a81eb8242224e9abbdd639dfa9bc6d482845105179b42f2ff3d4029f25db9bf73f373fcee3a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bac05aa7d0388948e724e7eb9c05f3e0

SHA1
fe49234acf96adb96f1889e1f16be72e6cf49860

SHA256
3b3441495c25282bc6e597c25f5f9024e2df1532f08ceb6d501aad2fe8d0fb29

SHA512
55ff37dbd76faff1a4639094ebcfda8a7fc215290bf1ac3f47bf2c10ce085cb0539fd75f658c4120ad52f6f2cf4fda8d33463a20cfa578d3d479affc8e0ac7d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c35575e28d8ac4d63e9e1e8141b66407

SHA1
68aa7231a146617bbdf4ccf6019ebed2a52c01b3

SHA256
6d67a125ba5a24fa949bfd2ceb6929568d3951e6c6b4e7649c3581e3c39ca394

SHA512
e0b2b060f757189649dc181ca8b874b71e3794ad5c5588844250749010e00c3056ec2a8866ae77a8b975f84e8004172017d88374d1c334a36292da3b6b1d6688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b5b21306c8cf62079c6ee0877def3a8

SHA1
0fbb30ff3599d7689039edb40f16fee9d38c0afb

SHA256
0dfd49ade8caed179cdf829e85749f62c368b87bf27d8654d6b54516ddba69f9

SHA512
18c7bfb56a08750ca28d863e9f093864d28c6269adcc75718d5fef4c6324db34afa814f1c7978bbfb72dbda1c932ca200ad818bfa3725332ead6c17322c67034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0cb32fe3f84c7de0350e294cea394685

SHA1
b67510c90f2ad5c48289fdf2e95807bd56c32ce7

SHA256
c4d84b5c605ea3b38130005947ae0c08d0391c0c3e47cbf3a6fa04d50b925d77

SHA512
202a29052260b0292ba4d24fa6ad406ac70572a4914e38603368503290d6d4f65aafc9b81795de70de25ea153ebc3d63b39c1a2ed30afa9843749b697a46c1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
091b7212d8198351da0fa47e85ade066

SHA1
0742d7ff573e1d0ac289ee44838d1a6d36e6ef89

SHA256
1230bf35e264ca03a38dbcd465aee936dcf91c03c17a8ec227d0671ed9cb2f45

SHA512
33fb9dfa25b685f09810652321ad46dee739b67387935bbfd395198696ded641e1acefd910e372c49f8e421271d2976ed396d4d63f1f33965ba39fe4d69cef0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
238bc73303b9c99a07717d1ee91059a2

SHA1
540a592e81a6d529ab84c9651850628622c7edd1

SHA256
bcb0f98f2b30abe499dd8fd37a6ce90aa7606a328c86ff1be57d1a0cdee6ce35

SHA512
e7772655ea68d46897b96258e4fea4c0319ffe9a5f018d42278a42ec385800f2e196dbc1577dfbca127959bcc687c52deffdb67486575453cf1f3cb81c3b5142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a02dea6c7e52a0305ca25748d08e9b67

SHA1
bbbbf2ce7a3c55c471cd1e288d1e5d25da8c6b40

SHA256
b282abc64d74dec169ba83e3d10c2e3cdc307e51f0124807092b166dd525d93a

SHA512
7f1eb026169a36cb065fe1eb416646ef03ae3885a9bf821f2c336b8501e8e23726ee2752b1ebaa8363257e5ac416bc7d447b1b9059b020d62a7aa68406fcf152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fbb33ad6f21cb9fa1eb096812c73598

SHA1
e21a9192f423434c2e00720faacde6ad5ac1c7d3

SHA256
f50aabb04537a494bba888c21334b88362d4f21ccac79268b48f814270b92115

SHA512
6c6314aceddefbfa08bd671b38245471988df3a5cef7d9a6dd69b342c2db03d2b2d2b500ae869c06d4e9f7b162df811cf2b45727257fc2d10ba3df1c54c4d70e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0f2e4338e7d81a979f99f1e1e22bca54

SHA1
92e453c0090c3d6e22cd12e30165c091620c6b3f

SHA256
661f7729ae8481efb6708df14cc6ead832533bf7c4e0eff3570ba79ecac22c06

SHA512
09f96eaef0477f2e2b28597e26de987eccd37b59069c9c6fbd06ad411649d10786efccd2890bf43d4d63f9b85a219a12270ecf51053168f6274206d7540a080c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5da8fdcc113d2ad2748822bb7300280f

SHA1
0dcf5df3630f30ce73eaef08f93f700aae3a6e66

SHA256
cf9da6384aad7382c47aa129e03ef8872e716e99a45f71f42296e6e91a7124a0

SHA512
05a1c709f350764e1c80757721579d2ce99037b0e6279173970d2c7dec1dff40bb30f23fb9b8936a707cb3bc97862f8cbea1dd6b248356f13d1686f189694049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c4e1b5ba-63c6-4836-ae65-c15db0054283.tmp

Filesize
10KB

MD5
7445a3861156794827b43c3538382839

SHA1
33fd388bc205543a485842907eca85bc0c829f75

SHA256
726395517aa634e043250d6439ee60f1e94b14fe90d3d6f359fdc0baed3921ed

SHA512
184e5f15993a8105befca5934f4e997acf88580814b5ca17f1e34c22c329a708e374306f158f7739b929f8a58d1e454d8196152c8e13ec817a0672f1324656da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
fd8bc42352ce297cfc8c7c314f5ac743

SHA1
cae8bcebee0f9cb743b22efd66a9991ca062d428

SHA256
8b1ee4aafc717b62f3be6f157bea21a490026d0349b2219534aa36d0799abff2

SHA512
e382f34404f2ba669cac2560e9b2fc02d3b789436b1c9f49dfcc4370736c9a665f6c852a06a2ee00f517a94224fb7a9078dde5b34a3fad5d6838558f4b3542c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
6edaca97c72971524861d12f75cae91a

SHA1
4e7ec59d656e0e64bcd1b1e0df9b8bfb00a3d50e

SHA256
5c47cb41b4fb39608cc992310302423d9ae1437747aa94fd8b9c81005a5872de

SHA512
9bf97ae7b08d4084be9e18d44ceb29b3e7c909e5a5e636d19325d2fd59cf7f56a9cd58c6d1ac649e71e90eb961358f2b91994403b54fbbd9173e58bb7613269d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
83604aa3ad7a071a27b4fb3bf2b5e559

SHA1
30b8bfc4e68e0b958ec576ff62a3513782c28968

SHA256
6039840d229d096ff9745e652d6ed25726414ef84e601959daef1d5fe9ffef51

SHA512
660408907f07fe377511a51c8e66179f3d37507c9000780b5cb893229f4d317a07039976f28be6498bfec14862e2e8a8f4687a116930b08aeb576a80188518be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\cache2\entries\AE6C91A7A94F8219B78F6FB4AEBCFA5DD3A78D91

Filesize
49KB

MD5
47582b9c8ae9122d8fbc39fe502841db

SHA1
373c1c35507c5bba64bb8ea4a70ff4574edadcc0

SHA256
14c7dff0047f4fcf284def15a1b95d7f8ff4ac7ae9e4b3c21567814ee18ca7a9

SHA512
6fa04af24c543fe93bfc6cc8383df7897f73c8ac4d990e5002a8aa49ef3a9febc61202ae2f8276b83bedef07b6cf9c7e1a7cce483248059cbed6ddf1773354f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8B1131A8\XWorm V5.6\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin

Filesize
8KB

MD5
9050a946a3bec55fe60eaa9782ab2d56

SHA1
be41befa098bc83e5d9b5d679cecdf3b3a1046ef

SHA256
85e0e3de336b2b3db2d9efd15e1d0b240170b9f1750dcd901cbacc8fb94670e9

SHA512
f33a474ab58641b7e6dbbc95a97a81b30b200c7287343b8140591f06a63c436f400e4eb638de86e9d38333ef81ae56bf083d0db4a1e935232aa2fa7ecd5748e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
65a5f42cc8ce18f98303f52a4da7d8d6

SHA1
650d4474ee851707ce440539f5a41ce5cacefad6

SHA256
5b9d9cb29acbdf8681fceb7713a2a1b8ade2450d57a0cde5cba51d4547ea0e88

SHA512
91c0ef8c2455936c5cb33978aa085a37060780faf1250cbca8054694f2a6d9368cf023616febcda43de9b2242febc983103c591c5cad16ed1be6173e276d4c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8b3f38441681717eb632f83dc9cdec4a

SHA1
f22578f01678a178f45e0f5c7c18c2b1cb540ddf

SHA256
14b1c72609048e3a96d13ae8b5ccb54cdb3aac01ea1ce2250291b218e015d033

SHA512
a512bf121f2e9d7af3461cde908f5acc12e65868e163c3b8016c71d5f6e442bcc4112b754a17ebbab3e5f374824074775a3174840c7f2976b22e626068241d69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8d8dcbbbb80fa85ea96a7b357a824d28

SHA1
561bbf876b8169d2671573474a7bb84e777c2945

SHA256
7357309b5a9e39e4fe5cc9902929c316dce3afc31d55053dac9016356128054f

SHA512
3bb9f9e6f4ec20c74b570217150b50eeda62fb7c840fa8cec91dc79dba55346cc76630b3d08ddabe55099ff5c5f20366d9aebff33464c50ed161d4c9fb2dbf43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\2ee2d0f5-d38f-4c60-9097-0c12dd6c9000

Filesize
671B

MD5
706409eaa0e345dd3b60c4a5a3f38f8d

SHA1
eee6c503d6b8dc84059947ce5f32517ff099073b

SHA256
fe8b0014444196897cf23f7d2da1a86ef8d894fef136276f39ffb5c2a7a3d16a

SHA512
434f398e86d73772b3ac29e61c330fe7787a35c53d19f403c689a72e8434aa8bbd9e85c7972fbec372920d48a130794d2dbf79d008c2706f8d02e50a9c5afb42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\a94d585b-9699-4833-b3a9-27d325ec0640

Filesize
25KB

MD5
c1f3aee1f596cb38751e5a165bfbdca0

SHA1
3ae3cbcd9f36cbe49d2fc888ce099295b702bda4

SHA256
d3c2b1731e8390a2fbf38195a0d8b4f766cdd66a03281ffb86bc260e97a5e739

SHA512
41bf2f5aa3db4b4208f47bf8544602f86c8541c69fdaf950e73eed357565febdc0c71346181f7b3204512415ee3a3c8e722eed0fd3f75c889c12d6a3b86bcd2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\cda1a57d-0502-46a5-843a-549e3a27f661

Filesize
4KB

MD5
b507e505620a2dc374843cc75d3bd86c

SHA1
cfb6f074ec9f983a50c67ef6834d4c1d37b6794b

SHA256
ab25fc227b29b2a7df62756ef4e6574d0991cb8e76a93ad95981a13dea8cc4cc

SHA512
e46ede435b296423f8f3511fac1bb0c7e745fbeeb5d53c564b6c0a757ae0f8399a6c94fb628f2f879d218aad593dbddf2812d560d9218e72bbf28bb8a0f764c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\f3b5b817-6de2-40da-881a-ce68d0d1e868

Filesize
982B

MD5
e73724063728909243eec4821ec5a345

SHA1
fbff4c2a1d786ec89fd745b1bc1cee3f1e27624e

SHA256
5f9483a800dc15d49234a5706bd2346b8b0f2b1e343599badd7083c02fe3c698

SHA512
a91e5b67c55b217c9592f164cf30c318faaf6aa7991dad65ed9bbf23617360fb3a3b11057cecbfe1e6d10cbbb45db2ebe960c23c941b2869669903d9887877c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs-1.js

Filesize
10KB

MD5
320e83e723174222c0ea16795a9be0d8

SHA1
4ebf0b97d8ebdf84c9616db409c5565c2ecca284

SHA256
5f9e580bde237b29af79d7f124f8eff36cb984b1c5e350f050048799c822b3cc

SHA512
a0124be7fd2d1105b9d162f7abd364dc571d184ebc92dfedbf99c4dc7c20a131ef4b503500ecc84c4b98c3b54b2e18c8fbf41ca8de29d436d8d0f3e907526d72

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
memory/388-1204-0x000002106F740000-0x000002106F934000-memory.dmp

Filesize
2.0MB

Download
memory/388-1202-0x00000210697B0000-0x000002106A698000-memory.dmp

Filesize
14.9MB

Download