stormkitty | 7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf

Resubmissions

11-11-2024 18:26

241111-w3hm1ssmd1 10

11-11-2024 17:59

241111-wk5ptstamb 10

11-11-2024 00:19

241111-al9vaaxnev 10

Analysis

max time kernel
1799s
max time network
1748s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2024 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.6.zip
Size

24.5MB
MD5

27065dd8016564f65a5444d70a9daad1
SHA1

1be1151330b7b0f12c486e9e36a1fa682adcac50
SHA256

7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf
SHA512

fcf41ba034133fcb7f91936fb16a6b59503a9016a78079c61fd692edec24a7e3daadf8ae2459d36ecd6c72dff9f8835355ea8cc7d20455d3e0922d74f7337435
SSDEEP

393216:VyavqxXFeuBc9Q+Fdt6ieJS9xCZGb7kjjJ6AKbKrbdcjXo50Ko+Y2ToxYv:Vy5xXDBYQwn63qkjBKego5Ho+R

Score

10^/10

stormkitty xworm discovery rat stealer trojan

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

Ojtj1wtOi1NUsFwl

Attributes

install_file
USB.exe

aes.plain

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral2/files/0x000a000000023b83-314.dat	disable_win_def

Detect Xworm Payload 5 IoCs

resource	yara_rule
behavioral2/files/0x000300000000071b-258.dat	family_xworm
behavioral2/files/0x000a00000001e08c-268.dat	family_xworm
behavioral2/files/0x000400000000071b-273.dat	family_xworm
behavioral2/files/0x001600000001e0af-284.dat	family_xworm
behavioral2/memory/3800-286-0x00000000001D0000-0x00000000001DE000-memory.dmp	family_xworm

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
behavioral2/files/0x000e000000023b96-320.dat	family_stormkitty

Stormkitty family
stormkitty
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Executes dropped EXE 2 IoCs

pid	Process
3008	Xworm V5.6.exe
3800	aaa.exe

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133757585146078870"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 60003100000000006b593903100058574f524d567e312e360000460009000400efbe6b5926036b5939032e0000004b0700000000040000000000000000000000000000001c8c6a00580057006f0072006d002000560035002e00360000001a000000	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "3"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0400000001000000030000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\NodeSlot = "10"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
2088	chrome.exe
2088	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3008	Xworm V5.6.exe
3800	aaa.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2444	7zFM.exe
Token: 35	2444	7zFM.exe
Token: SeSecurityPrivilege	2444	7zFM.exe
Token: 33	2004	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2004	AUDIODG.EXE
Token: SeDebugPrivilege	3800	aaa.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2444	7zFM.exe
2444	7zFM.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3008	Xworm V5.6.exe
3008	Xworm V5.6.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2804	3008	Xworm V5.6.exe	126
PID 3008 wrote to memory of 2804	3008	Xworm V5.6.exe	126
PID 2804 wrote to memory of 4148	2804	vbc.exe	128
PID 2804 wrote to memory of 4148	2804	vbc.exe	128
PID 3008 wrote to memory of 4564	3008	Xworm V5.6.exe	129
PID 3008 wrote to memory of 4564	3008	Xworm V5.6.exe	129
PID 4564 wrote to memory of 3520	4564	vbc.exe	131
PID 4564 wrote to memory of 3520	4564	vbc.exe	131
PID 2088 wrote to memory of 3968	2088	chrome.exe	140
PID 2088 wrote to memory of 3968	2088	chrome.exe	140
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 1196	2088	chrome.exe	141
PID 2088 wrote to memory of 4832	2088	chrome.exe	142
PID 2088 wrote to memory of 4832	2088	chrome.exe	142
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143
PID 2088 wrote to memory of 3816	2088	chrome.exe	143

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4456

C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cyarl3f3\cyarl3f3.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC634.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCA61953A6E43455B82F6CACA23CD5C6D.TMP"
    3⤵
    PID:4148
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yngobp5e\yngobp5e.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF5D0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc42280000E6184B7E9D6F6385EE8079F6.TMP"
    3⤵
    PID:3520

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2448

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2004

C:\Users\Admin\Desktop\aaa.exe
"C:\Users\Admin\Desktop\aaa.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3800

C:\Users\Admin\Desktop\-63gkj.exe
"C:\Users\Admin\Desktop\-63gkj.exe"
1⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff989cdcc40,0x7ff989cdcc4c,0x7ff989cdcc58
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2012,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3312,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4068,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4416,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5128,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2560
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff6f3c84698,0x7ff6f3c846a4,0x7ff6f3c846b0
    3⤵
    - Drops file in Program Files directory
    PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4448,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4700,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3252,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4500,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3196,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5052,i,14334567364954165846,11860341349661517331,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1444

C:\Users\Admin\Desktop\-63gkj.exe
"C:\Users\Admin\Desktop\-63gkj.exe"
1⤵
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\13af910e-bf22-4e5a-af3e-9486aa7a18db.tmp

Filesize
10KB

MD5
73f12cb3aca16ca59319b8eb0518b784

SHA1
fc07c7d355c274636ceb66b13aa119364006686b

SHA256
0643ecf7fd0296c3889edf845012707cf2f5c2abbba3a05eb53e65c0e7fbfa0e

SHA512
a9c2267d0ab08898e400bb0079805e64bfb53ff6ee6d2c9205daeb5d815d1d5dfb0eac1042f3588ff4bcf89ceec69c76704d80f3c64a09b3c941fd1f62408e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\21e05334-048b-409c-b6a6-81d3f8e3d723.tmp

Filesize
10KB

MD5
b361a1ff2ca342860ba9c93120e425b9

SHA1
c87eb0171e7ce194ea0f7113ac7ddcdf70bd4ca2

SHA256
d0ba442efbeb1784611564bedb723b012072fb76d30984b4f738ea1ad8162109

SHA512
ef195569abdf15b996e6b378f13097ff5230d12603c6c6481b3d46f5ddcf860f49591bfbfd0e0e7d4b12ba8a7c6a56349c439f37b80c0febd98431e814675e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\27d9e985-7d7e-4927-88c6-af1a1d547e98.tmp

Filesize
10KB

MD5
4ffd08c95df9ad7179a34ec048bc2337

SHA1
275c7f1e96498bf57d55eb0996c384d5be8e9395

SHA256
19835b5918783581c3ac62d28be428d95d11d8296ed1db3f9fe8d8cdacab47a0

SHA512
10cd5d6be78975576b78c0fd86891717d2218238bc610c09f4c5638ba739ef34a2f5accccf4e57a2a4be3555f32bdf467726416e9d1bf44cc1e3e217be9c0a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\586adc71-a76f-48d3-bbd8-a1144be0b1ac.tmp

Filesize
10KB

MD5
729c0614772a2f453c098e2710e94add

SHA1
d96f64e2cae1e0eebf76b5e79962b4f4fa603ce7

SHA256
1f2f5eb284e15499bf923e5e4f7226438b21fdb50d6b34540c2c0225c9bcb56b

SHA512
c8bf00a88a7d95197372a98159bc165daf8b88c8eba9cd038f938695a1fcd9bc164c3816f706f946917cf5192f202c2b92291c0ecb2f0346c8151df1e90c05fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6255dc34-a554-483f-a1d0-500da7ac4267.tmp

Filesize
10KB

MD5
36394209d0ce3f21c14652e2f068c6aa

SHA1
12872c06f07b42bdb24dbf17d535ef1cf70d764b

SHA256
e8d6b22c1b846cc89d793386113b4dedcf7cd598be593dc4f313ed177f5685e6

SHA512
271a62134aaaa3512044fd19438edc4e655e03d995edc26944023024bee6ce8e17e12100feb47eaaaed451c60c5d0a5e37b4269b406eb63671f79463b88b97a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2d6e07d9238c4e2718091e62ac7dafe9

SHA1
011ba8295ecbc65b3640a3c710eabdde4dd6b3fb

SHA256
ae47540ef2898d5a1ab358ce435a641d78b3840787f44de35e0805217786369d

SHA512
085f27e449735053e7ebd56d562afd4151a781f739accf65eabf0a9a2fb5e38eea40a51e8e33ce32d585f36dce3ffdd47eb1d8cd74329e66c8c39c68e445d53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b08451fda78fbbab3913bd4163a0f3cf

SHA1
e1fc12546f68375a31072412cbf96def2adcf4a3

SHA256
c8a475c8ba7ad23970acafc9fa3cd88a8be6bc25307bbfe6e2c89af635b639bd

SHA512
37db56cdde41c5f2d602e818f6c950bc6cea2e97e5e4a3ba750e83f3fc2e28bc01087f92dc9e38504da958ce790cc57a0b65b72b1e3bc8944c9fa496b832ee2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b0a4a8f654c479dedf2116f4d9bf6598

SHA1
c200d3d097a5ea6adb9ccf163f9a88df50952393

SHA256
0548b89cfd70813e496bb1e5263d0005221b59968ce240ad674513b80993ade4

SHA512
c8eb0363c66e43551a00dcfc2d9f182578b33f8ec9d7112a917a416880abc54b3cd637d5d09e6ddb16ff2c98702d19e80f7a3afab1931b0d2683f0bc03cdea26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
519B

MD5
a1135b3488df562fcab4b75bb3a7a64d

SHA1
38295a3e23937d7ee7ae7486b008c98e5aa91316

SHA256
98fba1723247e61f09e0cc36d1ff2d3470f94f00d828698404c005bc8b97dbd6

SHA512
b85e8f2e5a8c513ea788420a967911fd9a77119e424e0f326703aebe482696ed9a2a250d4bad7f7d47098e309b8fdcf9e2013a96ac9ac94b52890fac9458b796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
0b815080fbdfb63346ef674d813b89cd

SHA1
a3133da84fe5f4040bff4571ea3e51ed5ad1721f

SHA256
9efda788a354fdb6e29bb6ccf696600ea6de7b86c116f54d13ef4fe6c3f79aa6

SHA512
081e39e6f6652c1b95d2c29f453ba18939292db86c347a6f0727bdbb603fdc06de05f7562d73f5b23772dff9a4c9ec653ce2067c1977f4df8bd17c5811189aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2eda0aeadcf446364e5f680ac6a6f511

SHA1
6fb4a0c49d3df87969e82ede052e5426f46c0fe9

SHA256
cbe4eea11c567cfc30c757174d8427c4a02495bf26ef9e9d5825b3f3de95b044

SHA512
0498d8482f093c66b13d2540e0b4c7c9826ffdf9252dba9cbe3d2375a6f3463d92deb3c2e0f077e63d99c976dfb884eb2656b59ef17247d608d6a6d077ab088b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58cf2eecb427c450fa4afe18d0ff887a

SHA1
b1db5eae80cd21587663534fd0d8e44398bcbca5

SHA256
80008e799089d0b341a8e9d0a6de5f29ed82f83a4238e190aa4740ca0c01637b

SHA512
b9beab918b4a23c8d5b457673449aa919304ca50e8d53242be6ec4663ae542f9bf4333010374598be0c0d7b6fb00703f654bd34f096f6b7283490c02b733d099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53ab4dbbf6de8c50ce7e252ce2ed4398

SHA1
440cb6d3fa0fb89b2dd0a4fe1db1a9a65d9889c4

SHA256
7e9a4969d0338058a6ba652a097abf8c9e3ff0f09f58aef18ddf86ff6b0cecb4

SHA512
618bfc70f0323cee0fc4396e539eff24908cbc6313f1a8c5e59bec6c2820b6bcc049b1cf644b7ec2ca60aa1a94271ef6309c2ffa6b5ea1f5a67764b502422dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86f88f06c7898498a87b7fbcbd08d867

SHA1
15c69132d5328d4657869237eb076fb8a8eda531

SHA256
fbc3a657a51f50b8bc608565bbbef25249fdafaf9b53e55ae528526eea69b879

SHA512
033aab9c49431c8d0b05572eb917bfe8bfab7c3fa9ce1be981941fffceb8323f0d54dbf3e3f94fd63c99388f897ae748952dfaf109c76ec7e34544b9c2e5f163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
951c8d5f80e953db80f7c5c3b0ae00a0

SHA1
822f823376e4788c05b345a35fab7701fc25d90d

SHA256
256b1fd48b72a06f20d84a64b95f41b49c9b4d8731eff1ce75a142e919bed637

SHA512
627293e278b2ac246e1554d1110439a7b298eda390abc744ef76d9c0d6e423c42fd4d6ea9646c922708372b5d3558ee3fa567d922ea9049220c750b0c9af0e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
57d9a4418bdd7ad95c76c0ba3d2d3d1b

SHA1
cf6dcfcfe53a7becfefaf7ba0803180ae54ad7ad

SHA256
20263e96cf3d59b24e2e0066ff08b29a8333f6024fef8a21505d5c9d685bcb68

SHA512
4841fb885080423cec4a61436d6fa822057f3b99a3515ba3ef7233449f19aa42599cc83e15e661dda79f7de5208c367e94b9a95c9d016b57312345f3486c5302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
731da60d032cbf420c97dc0e63619b77

SHA1
effa25bca70901027637a1f2886902589bc2905e

SHA256
107df8b2291d1cd0fc4b299f8ad3dcad937131447de1e0a8f0249aee73ff62a2

SHA512
4f0f3f02d41d6ca1a337b6206cba91eb894b89ed80b671b136e4e279312f7c3e44576ccd6f38a4bb4441b0d159a66c69a1cf7c131737da964778b2e6bcf112cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca224605502518db055a1cabed56f7c2

SHA1
7d6887776def875a6722e5409b82f51dd8f9f7de

SHA256
edb22abbd1e06d005e4588853c86262c879f96107e5dce19a90eb8079ee2f49b

SHA512
8882530f8136b4f38b654e42025a9fc2526b03ad5254e7b14227f76b28269926a34a73bc0777c3c678135c44f32516335f8a4efe63705312b1c8614cf0dbc194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee5c0c258335aaaca2ccb57267f40789

SHA1
0982c1f76b7b618fe58bc4b8aae58b934f2afad3

SHA256
deec4446948daed529f8b1e99063873a8db9d99d25341fc55910d30c61885407

SHA512
80ebbd74da7732f436fa18fde7ad1c31620a18a2ae4602da212955d5577eeb72c116f38bde12f36e340e9d76b2d0a46f612cd0155fd9341dd2d71e9d7c1f4aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1af17b4022408cd47d87ead475fc49c7

SHA1
ec8714d1095ff7ca714858eeb4fc24ef80fdd869

SHA256
95cebd9687944026bf0dffe7b5fff13504c7963f0b53f21083f0a52a8045a142

SHA512
b575ba87ccc2e5cad81cd85726e57c2cfeb0c04b5e8b1dd5cc2558097fd3b4d85658455be794fec066410d4b5a1bfa8fb0090e309f7e8d630344169be7f82b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2eb48b81ec169bd1518d5211f65c7cd0

SHA1
4d099a88c7ff57210fd0eb7418dd11f44f1bbefd

SHA256
6d154d58aa821d67489f8f3fcc84581492e86924acdb7748e6eb82fee695abf0

SHA512
829f5f80167cf98516ae7264324ed104220c682385528933bfa6fc70130c092d091a2be2eb57b3c2c47ff302a4eb92d549aa7c9f2dad2330fa2e7571d62273b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
04b1607d91ce58002106f2adcd991576

SHA1
a63d9ec34fbaf66581a344fe805cd94fb525045b

SHA256
6e250f6fe59d106ed37ad48f146ee9aeb236099d5aec2b6b3cfa28731132fc09

SHA512
ed4c58bd71cee40392356e61611cd1f7306210aa1491e8edb4ad9abd5f921c50a4b163d850b6db24f7d2bd68326455f5791acddecf24c617a38716c77b436f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2319969ade2d7d9289cfedf954186ee3

SHA1
f5c2d43e414568f47c9ef92150e8fa60c9c96bf2

SHA256
c2e239d83e7c585d731dbf745579e1a5b1121f258113372c7746fda6735ef18d

SHA512
54aeb2e6f618ac8e982d9b22c22b1562aa0bef4f77c49e7129215a3f457dc305bc65de873ae6f4972a4b622c057332f80bdd6a9d06f22d90896ec19b22933eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
594bb64ccb24119d8f6a7d827f71b1f0

SHA1
0080e861af3c89612b3eafbc6bd32f7a68c9d26b

SHA256
9ba1f6d16a86e656709b1c657867b10aeabf1afe4260095467fd287e99f38f11

SHA512
c44fd84ede966bb70201935f7a2d81f01caf95ffa08b47911d69ea6a2f6c49b82592f93b6153927be16bc5abefde1191ec2db8b805ac7be4d12cb7fd6292a743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
319999e2cc492e94b1536067b285493d

SHA1
4a5406dd0203577b632752dcbe890c84b4fb3edd

SHA256
c3900ef1231ebe6bc2097c5ae8b0120d80dd57539717928ae5c4cf346605251f

SHA512
1393bed5d7dccc50c060cc0f4a196b058deb6fa0a6edfa55e5748ab483d2a50f28327fccdae2d38762f03332a000f9061282aabc44706c188cf9ba8804dfb1d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9adae03ff604036c61b1f64271c512e7

SHA1
a85ac0ce3d1c82af77849c68ea523cf8edd96743

SHA256
7d607bbae65d8d6da53ff490585fbf4f41416c3892c25ba3cfb6edbd5b4ae524

SHA512
e8e4419c8a137f2bdfe7f042b6963222d1126369686ab58f118284e1c485bfd4362dd3a20ba708463a29217fcf940ea6ad1f195f1188963af87762b8d56a5286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f1f91edf3f8cf3c0b559a7c6a596854f

SHA1
7f83b70f49716f2a3bb9fcf145764d7c772bb360

SHA256
8f41cfe8a92764602d2b6737304a45456dc029d89674628ab9d3164a046e8cdd

SHA512
ffeb35745b3b02dcb7cf945944b60e9658492a36a02c86ed19854f701d0310e47e871e764e09a1771bf901fd623038585dcad8a31a33a2a4d1a70dec5b1e9b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ccc6ce0dcd11ff76e6883f73c53ce0c0

SHA1
5ef62949771e810231b68f6e0718d3e53625a393

SHA256
017d4b5ea4a4934e6f3a249112470b245af906513f72ceddd8e52d7d37241525

SHA512
39f239a899d63da9e8b6efd39fe5570b85f7cc857a05c857ac346b136a0e1da13e0a2c5dde6844f7782c8203ae02651acbb7f932eaa3e2870f62a6e8c243cbc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5d3e162165407085258fb15feb832104

SHA1
cda72821348d30a9bff00256ccedc104b58e1621

SHA256
ca13b34a479621ea79c4a3ee87e728fa50ae3a6441ff0e0abc65c14971e59fac

SHA512
92a1d37e9a9b882bc14ebee78d56f8da06af4ad3d9c086fedfd3c9dd5978b4dca705cf1b8fb9b0d80f08b9b470a3ba5600d7f7871beac2aea5ed12a264f0730a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8ab51ea239744c28589767efb9f51c8

SHA1
6cff1efd29bd135df4457dae3554d32a360a4ab6

SHA256
a50c3d821c1a4af202deaabe5cb4943494514b78260e8a88d2ebd1ae6c74c574

SHA512
8a4d21bbc764385ce3569e6093d7783232dedb7ef4aa4873acd649da3966cc2d3d24597e73ed88a4eccade2846a208a7d4c076d0dfba4349544b6a39aadf7b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f64aa24ea84f04a41c5f3ff3e24b30f

SHA1
dd01321704bedbf7d55ceeb66a28546f9c1b4b90

SHA256
14403201303953988b8159d69fcad0b3a41f26df1bce1f2bbbc68d00aa92939d

SHA512
6b27cf955f8531ab3fd0fbc81ab74285a94d250ee1cea15e68bd0790b7639c0f5e1df231325acb0f5d6fe474b5eca934fb89648212e0c73c7fc750c0556fccec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b67be7afcc6d31f5ec6aeabdece87c69

SHA1
357a0d322c6d24b8e68946d1b225db653bb509c4

SHA256
916ed362a0e15de76741f86a1f24d4d83c6c96ad740da9e285bbde1f1ca01c4d

SHA512
da2efb6be1b6c0afe118737c875a2774831678fafd9f2eb519833ae36af0af0f4cac8fade3cf4149c9f4d4319c8fb770d4e9c401bf630cfeee0404ad4cb359b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d43eaf27d60b31ebf0bfffd34faafdc

SHA1
9cf583a06eca4c8748f45e59aaceeca835bd700b

SHA256
25d340fe59316fd708abe072348d1bbae3a4cea0c72af07b1cc4bc0b17241d6f

SHA512
cc60777a1965cc154b7f1418918c5bdc4477094b8e636957444240336854cb8ccd811861b6297c1a30765dc1dbeb1d7699e2d57c3d99dd15ece4d5c6ca25255e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a6045004cf2e898663733ad01be26b5

SHA1
5b1b50062769f971bb9901269e3548e445186c0c

SHA256
3208ad40b72adaf5c96109eca76ebe0e4a739c3e6b644d087c77c7dee07ccf76

SHA512
c721dc541fd6f68c9b24109409ae39e72181c305384f2b4989cabd73fb65a97200db7b72e5ac034c8043d708ce0e88e049d0313452a294bafa01543bf21a1503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6aaaa0b5ab2ef812eb58a8d999703f83

SHA1
9a6d0f011a01b505c7942d427ba4a0e03a55d350

SHA256
4184c129163b88b9cbd193f788fdb3bf235edcbd1e0f31312cab46fb8d41936a

SHA512
326d6a1b165fdff2de10dce9c28473f4a01afb08745890e6b6e22ff48eda6717217c26003707080555f60c85bd658a97d62c448980f6543cfaa0ed489ce4f69b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f8daef0b2ab424feae2f0d3feae318a6

SHA1
9373199a5ba47092c23353572f40ae8bb9eb9bff

SHA256
83508468c42203de923c5815a21bd8e7216a7cd8b191ec4bcd54ef975b751f5e

SHA512
b0b5134aadf820e782f096e78bf52fc4e1f0f12fe3fc33353fc05e03eacb9a913564d3c412832666f6d8c45620795baf104085c9a61e14389a9e4bc3b45966fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9362a9db28e4fdf8f65d0b63d0f1e33f

SHA1
ef514580e39e568f980fb91763a3ef81afc1e801

SHA256
da0a5cf95802925d97e58fe1948a36fbdc119bf42ab3efaf333252f88ea962ee

SHA512
8960c754e4e66f5c1d17731cb106b2a2ee2a9270d2f96b82f73bab8cd92d124ffff16cad75b6559efbf275c47437b264b775419decfa6a0e1c3bc7560f832d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d68992a3f318549866e35922244d635f

SHA1
1e6a5b3aa40fa2889d5db751b2cb12baf0821790

SHA256
9d1f10606a8b5133a09d03a7e92701f098b99c1b42a1f6f4fce15834d1e5169e

SHA512
4902c8e6b405d5d39e0530633714ac636b5b5e88da5d3cff08b06007b64d5d12c7fcfa600a1112165261e360d118b8bcdcce6b801c2095eb8b88ba52afec4127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8fb4bb8d87c8cf473b1fd7e608fef0f4

SHA1
f047695916648e4c3708cf9f0971cd3b87dd3aa9

SHA256
0ab99b18456f29e101fa19187f1f1991fefef53ebaefac5088980c7ca913afde

SHA512
06fb9b61140d91c294a7e452e8974f2a2e07dd1a0c960a7daf8b1476337885fd892e3db54856fd5c11fe46116e1019e288c4990af9a7427aa5df55d8b600178c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de6b5bba0bacd532f74e790440da734b

SHA1
0de2523a2c3bc6674c4aee89ebea988cb49a7996

SHA256
bd24c071bf3be16a2afe59910632411eee79d729a4f317e7734250650a1122fa

SHA512
dfb20c6e6a8dbaee2ad4865deea1893ccebe1366571bc34bb20bb6b905f09fe166cb96d54aca1566280a936885147e581af0cfec0f02b56bef5f1e200fa06684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9fdb3a27b477ddfc7fcc2a84927174c5

SHA1
fe4d880f6d97d56b6696e351b108da89364dde41

SHA256
41a777e773f9ece36993f9238f4184b1cce02ce44f20c500ff5f154794ab88a4

SHA512
d3fb6fc4862062b7660ca89bddad6ad386110757591e6bfadf0da8c055313d65e407cc07546c838774cd4cbe9f257dcfd1b791e08063250092dc1096b7a0d39a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea8dfe7dae100e637a090a29c1d96d07

SHA1
21905c25e27bc4dd8ceeaa3b4b4286ad099fb86b

SHA256
8fde81ed117084322df1881b0087634c8e58ad283d9279f4f0a43c2583fea338

SHA512
af5f55d7c25e71a27ff5aaf05b0cd2e48624082e5b813600418ac4674b8e8f65e88a8264bcfdbfcc22a79e92abc45a5be2cd025319897bc08dce9955ec7ad745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
071c2ee81d00128f162a719c22882d1b

SHA1
1f3ae5247182c3d808f0aa9d97064b4e9faf0b37

SHA256
9db4b0a42c26ff27efe1b3ba168bc9e580c652911a951b615b343912e7ae589c

SHA512
0186ade63110db24478cb737e68121d8f88cab69fddd55a931c98a5be0f2abbabf96866c2211b6cc7eae251acae06d97d975e4214317ed117a42a5b207f9f107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c53d955a905de7e09a002d0006d3ddc8

SHA1
d813dd205c25233b1c6d979bcd8fbfb33d097064

SHA256
7ecc6d4fbc2af9871b8d66acc1af6ff1e587b37dcd6446964e7e2939280b7a8f

SHA512
a6e043610050db834553acee6fac06d3921b37b4580a52e5f9a868f493c8712710a5bb3a084e8868f29c8230cb92f8676685e59d74c5156b7774b1c8e5c08e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7067dd695af572a8f0a7d52e12d40574

SHA1
41b3ffa72e96446386d003f7f2a8afa8ec290dde

SHA256
38be32f93bef47c64f16bcd85191cd16bef901e6dd1814ab7f1498ca03f14cb4

SHA512
942520765471240e7859c0002c66f28111342b6d6897fe82fcaf9bc207243c26fd3c3a64749bace11af5d88e49a66f523e1822c2d3f6ac02502901b1403a2e3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9072bb5de2587414e36ad106c226457a

SHA1
ebd05e352bedde0f044b5f20b60791768fc0abdd

SHA256
fdbd8bdfdce3e0ae5f82bf83bab5b071440daba0bbe3690799c4a2360b4bb3d8

SHA512
f920b9e691a83740ae2ba8381ecd04f633c7a06fe396f0046465b360ae734fe99efa40a40cd72c5c8968059382f2b0ab53dcef5f41cc9b200657396a41b01d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b9fb90f9bd5d0bfd4851cea9c24c3d6

SHA1
d9615d53cca5448f94c8cc6a1910dc453f46fc3e

SHA256
526b4e00077b3611373f57eada382eac16f68cced5ac4646f05e09984dce80ec

SHA512
03a539a21478078f5c570b661008eb00c544144656d83702e69174846709e6ea2f0c552dc60099863480ed63d76480b3d7ce4c009fa73efdba5651e9b46b1d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
163e0525bd2251eb89a78e88f1e95027

SHA1
412689b42cf3ed018934cc9e5ea83cbcf630c8b9

SHA256
f1cf28b3ef3d5ffa98ccfb44fccb11212afaf9d5f1aa59528ec1c2d31724b674

SHA512
6c0f057d3d84cee5e81d21e514acec46a7e7b50d39934cc6d1b1274d8d87b1ca79575c1a8066c641efcf341ec12ae5a5c14a41c10f61aba4d2651cd36840044a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ab75a79fcacc131824960cd3fcfe624

SHA1
560afe72bd48e4d61dd8d4a2bf3a802615cd6643

SHA256
34cab97346ab3ca9d31e83b671294ea7becf328a60274fab1952f45fb199bfa8

SHA512
15248c4032a944bd9a71f4c468d4a9806117f7f10d6e110bed09b32cdac4c8147edb306cc7c3b2626655452a22e68908a49111e835200612183e7aaf4bae99ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4bef67fadffc94d8c68e8eeb0e5a4ac3

SHA1
484f29345d6bacd71b7224505c1b4daf10b28fd2

SHA256
83abd55c5875874e69eb25985564a1b4e78ae622007641d31e27a4fcab48821a

SHA512
5baafe357ab829ba59b90aaf220bdd6c17443f5c48afeab25bfef18c1a28feb4a2db956f700de5e9dc5ea26129afd85c6eb19761d6e103756caec1be19696b53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6b8b39ea29e8e5f3dea969a9190a392

SHA1
b0250bb48d487e74f743d3655804ffa871526482

SHA256
fa01fc4c2e039e0311fb15772f80887e36030cb2807e14d38a5e68233cc401ec

SHA512
f31c0962670b987b62cfc64c2920b490d368d8be76ff66fcc8f337e98b62befecd6afbee17c94c96a8a3111b6d6c25142f1f4db425ef43a282032cf1fa9657d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
073067d7df151eac6a0bfc56e14766a4

SHA1
05971c103cb2db45a41f1c995f188e0ff585a72e

SHA256
724339d05d7508cb8ff61212562c19b7afd25455b95a063618c4611e49cc137b

SHA512
6bafa211bccc6db84a3855bb79420e8064699a702d44cd80f758fba18ea2d94724df1f9b8d83d4ffa04cfe52422f2dd3bd1ab17ed688adb470b4fcbd62bed675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
582580f1232dd3b0d1433f8f300592db

SHA1
95d77abd85dcd3c55a659f35212c671fb2fde8a2

SHA256
a526797626b69f95fe256d9ffe5a649b24e0d1d5621e7097943fa8f6fa5d6ede

SHA512
e6fd9cde57249ce81a2785b3cc47486a7492aa98302e5e03c7a62e79d073975aba386879820bc7411d8d46296c2740c442151c3a859549d2d745d473f0a691ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cdc8b031048e2c8addcc5b9793667426

SHA1
6493f5e1d8cbcdff6b2531a080351d2b0f316fb7

SHA256
b4ee7b83fb2768f8720cedd7d396975289bded3c6a371db3ac606bb08bb851b9

SHA512
eca843e05916d3c029b7584c872c0e625bfa18cb6af1335441609f5d1acd0746504dbb4b64ef0633bf63f75b55c25767505f3c3f2d96e5433ce9003d78ef2c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
965cee2a4899d54ce1ec1afe921225ab

SHA1
7547201e5c1eddfcb7dfab41eb9986a2705a2421

SHA256
bd40291bc3f45377fdfe982d63533dee649f12063b481d5333c21e2bfaa5db02

SHA512
fe030fdd72db9e1bb4224bc07d955b18dad99bca43cef5f70c14f7ca27f8604c4d3d08079475cf2577b5b5964d52712f317212a55dabc42a0aa7bd7af22cccd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
41dc86ac74280afdda4cd005df8801eb

SHA1
e937f6f6e9b7a35aedd67f78e59825105c8b052c

SHA256
c5a7cf87760e20c08bd881a2b5464e2988a2eebde56fc0a755a51c5e3ee5e087

SHA512
95a24c66febd2b556109db6d793dab1c8c630eb7e1d25a871a90240b2dffcb86a4320c188583cb07d44ffe31f74a2f015f45442a6d74db42e750e09d643ae2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93e0376af3b09b62b63d2091a6cdd156

SHA1
cbbc5877ccdee826bc5681e9e90722c7fc33da4f

SHA256
d149e9a41cac7fffcec771a3e8349f831db0343e045f375cfd7bc61f204cef55

SHA512
55b8bcd50592dcc5d196b10e5c1b90e152ef038e2c42f2fecb197f626cbcbabf3b33fa8c240125b3a2b68b7bd9c5aabb62443ffc4b2e259f0fb18c9481b1c83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9cb64835335df0779c81f3e01a1fe718

SHA1
3f3a31312cb2d2abef66302e38353b16919532d1

SHA256
5e1d3f82f13683a15b3330a7a75589c9c3c29b904449bd19276ceb447f72d1db

SHA512
065efba929ae626416522e2fc5f94d7b173aecb677ca46b20af3a32bd60be80add5b17c48abc3fb2fd209339559b314ff97c0f251d76d74a7592782e9229cf4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d11a7bd926b39ec1cdc8438e04a9ffdd

SHA1
d3b46b7bb925717a3c36fa954aa71cd33c09e6fa

SHA256
83a3ef7ca2d2412fbb74748d99cab33dc54698748ed56da25059b82be1894e5e

SHA512
d183d9d0ac6a1ccfbb11efe39e197ddaad87bd302042e4344b541af00e5fb0fa34c755783aca34f3937aaff79b729dc6af9090bfeb91f8d775df6ea948a13d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
febbf92c80be328d819ea8da7d5a1092

SHA1
e6d190d69b6496856cf1f9e3914cc9d365a71212

SHA256
c3dcd1e2b020aea105e1993bd98c52bdf338f891ed7cf8e4856c86d35cb1602f

SHA512
ccb7c45c4f94884fad427953d1be1bbc2ce964ce04ef4ac6665907990706a88988476880a9e5899b9794dddb21258822c3f27448e99a278b57e5adf5d29f3c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
01928ac6976c06b56b0288cd3f7175f7

SHA1
791d1184293bd9847e9e9a022dfde4c36d3fd224

SHA256
f80d682900164d804bde8968df1f174b5f944fceccfbbe1ee0b0eca7bd4e158e

SHA512
00b876941cb311939494eede5a0385045aaf7b6fdc3219052017e173eb07775cda8cb16daca7b1e00d7446fd127d77b8fc4a1fa6c5a389cdd9fecca185fc668b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a6e9b1373217cdab21ea3dddb6e26ef

SHA1
815046b4f0ea956ab13a1eff6d2a724b364fa6bb

SHA256
51b0c720c635c883987ade099fb58ae627ea3055896c2454cbfaa86de86393a0

SHA512
a4add3ca5c21f2fd1d75b74ad2d43d0a3a4fe533ecc1d5fba33da8a5f62d7b3243f893cbea50764f00b1846acdbe9e2f7d93b5fde1d480bcd9ebeed5a61f106f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a5c639b17d6d25c9814454df283fac05

SHA1
ddb555b89a4e201388eb3e6f1173f6a59b831cd3

SHA256
89f489454c57f5bf744503a04626965bb9db7283eaffd7e73c54a6076391159f

SHA512
905ace8b29a458ed4a25c8a90553025d5407c46deeac243ec30c32826f1c018e469f2e86722a7165aa9d56a3e4d358efa0206ac4ebc443bd31f2f8b4a5d60d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
033c2f16bd7ad12c285cd009c2cb9bbd

SHA1
baa4702375601c6b71eda85c4645366bcadee7aa

SHA256
db489977b9fc61d9d4752c510434fa90c64b5b5869e6eca49ee70fd3a2c191c5

SHA512
c2a743ff17ff967734c048dca1c8737a81fa2e0d17eea7f928cc4ab55b857cc2f076c6a848bc8dc1b32acc3ab1d200137b36d6d7cd699ac403e3283ddaf36078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b024a599a047481ace00952b889988f8

SHA1
a51bd1c89619d0748bf6b400e70276df8dd0cd62

SHA256
4a92f91b4653dc3ba5d732fd7feac5bfd1eb5a4689467bd41115b19c6914c9d0

SHA512
06ee7512ec173ab50e35957f601baf78981ee389df6c4a52453d58802464742562687d4d559fe62c86297d3724655742cd107db4fec532846407349426e09d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84e85acf2d4a06afa9220fd424cc77d4

SHA1
f8a899c411af552894a4815ecc9cc3d8ec9c8717

SHA256
d814fdb34a07c07446c4e7ddfe103da62332f624b643a7622ecc6a5ce69cf57f

SHA512
5f87003d3cba7d1fb6d65258db446ce444af23c855ca362e5a3385c3fb8a4a06da4a00e547ec6768ad17c1c8e1c71bbbbc0ed4d5f9022f84bf270d0bc59790d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f64c23b9133e97cd8ebc81bc942882d7

SHA1
b8cf41a874f221cab95802caf9e6219106ed2cc2

SHA256
edf4c1288f72ee2f2cbf4e698e99c96458e88e108e5828417a385d4cfdddae0e

SHA512
cf761ee427e04861b08c7255ed02bf71c710f5c86d75a942508b938549d36514c2a0fa974f6727f44439fec8df5a2740484759dd89aeafe7338be8e48f83e877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76c62275ac6940c5250f217855065750

SHA1
04ed74709bd5c38fe3f1132ef3fc31abf35daec8

SHA256
1dc37b036fa08cbb1d7a6cdb86b7a374d1d291ce83552deb1d8957a872b946cc

SHA512
321b31e9fd70526cf914219b464ace731ca53c228de4d34be97e119dae8602ca17a7fd8d5882c0cd02c2d3c6587f11caa3a8bd8ae6e9880746234df3ff255a5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e306bdc7f97eea9c55de4a27fa2dbada

SHA1
d3c7786ec04eddaca82d4b3031aedabc2dd3fe9a

SHA256
71c85f1f938c3cb825d4d0eab0ecdabab6638535e997688d660f4b8965c27d38

SHA512
1d413f2fd9b7e3d1ce29ead2d305a033ebe2afa205521f712580ac6c3c379197ab13c3932fde38e9c4f6169944e8a4739a6c009612216f756a21c265767853b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc7c6ec350264bf33aeb43540669df7b

SHA1
c28291be0f19d9fed0519a79b0e8d75ef0c8291b

SHA256
336fc35745dd3580b8fd4235cc86bf55050e998aaaa8dd034f3d0a2c9f693d7f

SHA512
e3bc3bbe838a0e11aba1ea57c2e691b629500eb26847b9a7431d6cea00f7785ff9aa21469470235d40465477316fb32143912846c85f54a30617bb751f29f1c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b723c4c372d4b70cc1032de8ccc7627

SHA1
cecfcd2d819570b4f03362f66208bd71eba835e3

SHA256
eb8f9e3c66a0a74fbc2e7f4d5e2f229bb5b9c1b577d52f73a9b7e1ee619a2962

SHA512
95adda525b33aa2e16a572fe0c1be8a6baed6deb9e6fe835d36be7c21a29efceadb44c15c51b73bcd26ad7eeab6e5c782ba68d681566aadc234b965f3281e9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0802792a75de814e978265e945514aae

SHA1
ed626eb8c0d9a161b9ea208a2a66fe627ef7c8cd

SHA256
a97c7bb4ac62a7fed91688c0a0e32694c1aea78af4aca3f31b6a2aa0d716d491

SHA512
8e733665763c01c5f00f2b5bc373f4f9a43c3d57d3105b416ecb00cbff10bf2e7c37d9d3aeab0083620b93a9d5227c0106eb6e4f30d69e795bddf63c942e878f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
449ae41b5ba4771c60c0ee7af6fb7314

SHA1
a4f4d695846ed91201c3fc1a3a7258ae42426dee

SHA256
e845ad1eac533ab80f327024bcfc90e76c0edf1416011463069efd91f85ff3a0

SHA512
23f612eac981c53bc5f52f94647856cc4dbea1499e74adddd7cfc26ad08dc446402dcfca0a827ad9c71dbdf783602c7dbf5b962a25ba1fc2285371b0776fe827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe8f7587fbc1f318f7590bd87e483ff1

SHA1
83c92943006176e475b32f43d3aef4d1725caafe

SHA256
0b02dd7bfa7e00250918228dec5c44b654b1255c716af84d99424ba41a55e94e

SHA512
a3fa678c690f9171494eb485eaceaac5d00f40e7aabb1b6b9276b505e9df24f28ef2ebaabf8839d5bfcd1864733b6b1e90cd3c28cd6a8c0d43e7cf5c0d713216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
64391f640dfad6b64db181178516779b

SHA1
5edb712761e268eb813cd26cb44fe8c41a3a7b90

SHA256
561bc44f19decb6938fb2ef692d027703da023888f2cbbbe0e410e9a186919f9

SHA512
440bb74f86f13c9c1fcd9e89268391ea8aa64c6f99f5aa79fcffa17f6346a7dde292c315068d04c31f001d773a31a3eb19cb33b1c969de74a3d3ce9146754f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43090bffa8d682e67303c269d96d9fe9

SHA1
f219ed5d20e06ddc5a1516cf6a3b08b2ae963f01

SHA256
0e06c1637e7e3a7d64e1581e50f61296b3b5d9258c18f67e994458d5bce266b5

SHA512
65ef6c7abcb4aac53f1f54033dc79cabe04b54571f08e59ebb6593711cd32892f78bddc89a663c6c18ed36bf1a8a515f72e318a03a8b50ea87197e4d5cbbb15e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b457e7a30162c36721eafd3a3d3e618c

SHA1
b20952a79f674c794583c8cee31eca2dec1b1260

SHA256
02a403abb8e7bd6996019c068de3197e61209a05939e4a824a9f6a8c9bc1aeb5

SHA512
ab5c7749f1060b9132f26637ef405a89ba0c26082614b7aed525e910c8f022f888e74cdee354939bcdebb7979e863df89210f2edb5974cd1cc3b3b109f1c7b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a346c8a87de1027f2e4504077bd281ac

SHA1
1ef3ac259843d539e1d4fca3310020aa6e5c400f

SHA256
fc68d4de815c887824c50a61164f7c12ec9ef02cd9071910e9cc727c435aa9a6

SHA512
56303c917b8ad6902180c27e068ccff7537bf47d586a48ff9521401759ac9e97ec8fb8379f84c549a5c238ba2febd2f02cd640d43e80e4cfded1ed9812fcfdee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5730eccefd4697d2d2d7f515a0891fc

SHA1
2933fcf3556f014f01b14cb3bcbade476a267733

SHA256
aa8bfdab106dce0ed7c8d2941744c2b7bb4a5290cabe61aad9b10f0f9dab55c9

SHA512
e58003d56ce42d4683c3b8b80d65d772b3af337743303bb72e6e067b6ed1f9997dff7ebde0c340baffaabadf30cb709e4227ac63baee7b5da67bc2b0ab6ee2c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b1cbe9a7c471577060b266c90b2d8682

SHA1
482ff3cf479a2d7440fae30615598f5506dfdbde

SHA256
46f08eeb21b9bd63835f580255ceba07d672b2b36d28e1683d6e453d0d489aa5

SHA512
f260bb2168679561b82074bd052c48f21e92109f9c954517c2f2e72d73161009128484eb4c1dd462d491d7a0f31422df1db0ea60a97e5e9488079cdf3b4cfd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bd4659ebce1a2a16ae51918491932eb6

SHA1
38166a0785b2c383e3b78ba7c6898df044505f3e

SHA256
6e0812b9f18dcf3a0a569e1b7dd73c5589ffba0598d9976087175ac5eb2f3df1

SHA512
a45dbd92ea920180ffffca3c9e2687c77e2eaa4bcb7ac58d0361ec769f890897b89e1d26a786a5761742e9a3e6f100d83d88230dfc9e8494b7b7af706dfbf742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
731ec65427ec0dc9bfa1c43205c279c0

SHA1
a058de6386c856c7fc0870244097082f88738227

SHA256
f1153567cf2eac890b954be5affb7edee5dafb63ed7cfb4345e3b51e07e25ebc

SHA512
25faf2827fac41126c984943693dfedf49912b469f781b0ca48cd22ae2403b826887b0db91e0d1ba345268a5ed31bc0542ef8accc0f680b3c29bb780a7f1cf6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f516dcddbeb523e831d8990b27bfae7f

SHA1
658fd212bcc38f6a085f1840495e4eec0a383e3c

SHA256
c86a6acf22403442121bcdf3aea732c92738d5b35b79dcc6df2ec5875f06e8a3

SHA512
8277fa4268d904cccd63e695a6915732acab01609551b1934efd1812e36e171d77741ba78693f2c6c8c2d16436f05cd332e721b04a034d304177e0cb7dc26d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be61b4c8b8f8359cb44a4cf9880d4f26

SHA1
0e6297f37d7c83289a26eeefb00ba2648adab0b2

SHA256
f8d046e7428a97a0e4fe45cf0c6e0f03aca24ddb9a1deb1faa0323402fcd8a65

SHA512
3719d163fab5b2bf4bd3ff5e54bd03c02e58679d8fee95f147bdfcf9950a6bcfefa7630b8faab8be85eef77892fd868aff8d3dbb1ac04211621cb4e11c7718d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f9bdfdc713cdcaf503214c4f35b2891b

SHA1
91cbe5a02fa256407e7236d86f4fb1d0b1605011

SHA256
33c45cd4ee9ac524d77be799da97ce798fee18764a50cd8bdf4afdccf1f26085

SHA512
7468cf60df3889ca6e5ebb0623489a808a82fbfc00fbb2e6618bc2f536c398c34219f2fcec8c5fe4cf2791274bdf86b6a6d26b322d2388f3752bea6eabaea720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d65cac7eabc9a43fa683a62aa0a52adb

SHA1
c40ce26a9dbed8a559f6a22c19dac839b712725d

SHA256
c56dfb8181cecd353d68643c313db5d6b3fdb644888213a1991201ee0bf9ebdf

SHA512
e6a95b78cc6dc106ab57b660f57662267f4dedaef16dfe542351836c9948f4bfaa753b95f00a871b36932f0faad8f4e9824e2b696ce9ab8c5d5b3e9fe19e945f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
373baf6ddd367a8b4758db56860a5a42

SHA1
6e095c1e807a53c82861dd00958e6c14aa364dc2

SHA256
5feaec020acbd106cc601e6d7416e838f00ba5a445bd38b3fd28c5c7700c1e72

SHA512
f8e8a9172f6d58048b80d03301aab85afd8a800b49a21aec9c3d315b51f4392904c40dc3dbbe419164321ae4fdaeba09354e4be88a6aa50123e5f749fedb4df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
89f4f84141b60c9490c2fd3eb06fce98

SHA1
8d9ea1cc6f87c1a30ce0c04280277f4470c35ada

SHA256
c183f77c14f624eff8235719f690253c59ac09d3557fa3876a951dd9caf8b155

SHA512
defaf6bf14bcf91f8932acf9f98923fc7b3cf6f49942044cad4540a05b77f217d6a6e0f2d34031415273ea1cd86555bb3146a41d54ce9e786062015e4f31bdd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1fa4164cf4669f550dfe3fcf02997879

SHA1
03ccc60dcd93a686f3791dfde94dd41ce92ab16a

SHA256
d449be5f2bd859ceb5d1f5e63408bb1600a8a59ed8dd7c28fb275697eb8d7d90

SHA512
2831836c0f0a0cb35eb9c51e4ba283d1ecb33dd84bc9f165e8fba89b919fede8aa068b521fd61f628e34f2ea3ca32a2f83d5077ad0245c79608f93807442c9d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
38328b81f79088e9d7bedfc142f4e007

SHA1
21c05febd8b9ef53ad0fc5d08763d7bb0a625e03

SHA256
fad8cd2238aa6034e3abe953183cfd1ee7088416310e073e9bb68c5a1a8310fd

SHA512
5d3b88035646762dbc7344bf67f7cd9e5626ff25eb6d097f9e669fafcee2728ef8de71f4f64fa3211d460a1533a9de0ba0bdc6457971840fb6fcd757d2773f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a114e37aabd06a6483b73390bee6c58

SHA1
073256e5631a85a3ee8755e75b5dd8d0a4b5fb1b

SHA256
d900f5b5e4099a94db034a946ba4e8f2b127aa968b5e225b1d403db5e5bfcfd4

SHA512
655a1dae6caa85828088eccffaaf97452056b87b19f00b9d4c331a3907116582bbc4db673be0c60148e9bddd7fba1879917b6adbfb03c5a840e9ff208580bebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea60bf4139e962233cde9efa2e8b5b99

SHA1
94ac66d8288b5b43b02d29a380372f95c7bb984b

SHA256
1f84d7dd5cc777b8e7440a4a44f08e370d2c905d87009298aa42513db73780ab

SHA512
0adb136aea4c1babd2cbefb97737fb96f9b5aa9cb56145ce75fcb09af54b83fbb012f882200901a37a0c6fe65c86baadfb6b5367bedfc5937e75f021d17ccbae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dba85fc90ef10bc446a9f794434f6e97

SHA1
11cbdef5018703dc16269ca44650ffefeebfe3b9

SHA256
6cb553fdefcfc6b6f082a820895c369f0d5a05952c2459bc3b3bdc75486dc21d

SHA512
b560fe501022674eea0542ed77df1aa71fe2ca70f538f074992b6f4b0e0f43ce887eb29adcf252bf1b1f9656b85fbdb59de58ac69b5265cd48e191c1bf06c122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fcb4483bc2693e71350b0f595c480d2e

SHA1
7ed63c3bfc18ea53b665c4f23e8820573e7b6dd2

SHA256
8e31ebc7cab2e2f49c3c242d982cd04716c345474d8b7c086d9160974e45264f

SHA512
9ac06e646986480dd58266e86f0243fef05fd0263e67c0b8db5fb6ced598e97216cb292eaf7e32989b519ffebe3dc26802ceb51fa58fdb356ef792fec70e72c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39d683c577064011ffe8cdd1454d91bd

SHA1
4884b4b8aa518731bee5c3130f85201ce920ffb6

SHA256
f30c4a7b27453aa747005d8eef6b7f17f818496202538565c49ecf82511862d0

SHA512
d6afc2f139d59e28d2e47f4e579e1478613b6142cbce387f870e2f8744c4b30c03ed2e092080abf9443e90046e7ccb6195158e624142d307096b4f0f362fd04d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ff40293f9a02abe69d024aa093e90fa

SHA1
b8bd53063054796bd79e0be2caa98efa10ca5b5d

SHA256
d76f799344522cad5cabfda4ed4b1cc113f5ee0622518165acb4668f46cb5b29

SHA512
0248c47690f776c985a62097df206705fbceac8da7b7e6280aed27b0739fd426f58ac7f4552809df28dd4e2326d3d532537549fe8fc2a4fb98a8b0211680c761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9467f2d87efe2793e3f39ba1e25d179b

SHA1
44fc211e5223fcf9452d6bab43e2e10bd5b0507d

SHA256
c879a7f61f766d0da186ca5ff9637e5d9882785ef64a12e7d9e860e961cf6708

SHA512
2a0e8a4fecd617dab32c9ffdcb74cff1291f042bc84f53f411934a07e3fd4b589a558d0f5e4ef4d943377849bff4600126d325105533d47ea20c6a968e5b04f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
989ccea1e42ed9e20bc23933494b204a

SHA1
fc2f2c9141fe944a3c0a0b8da65a436699fe19fe

SHA256
a9c2032f42a73dba8fe1f72f82f881c3e72edcc8359fc7552c7636514f1335e2

SHA512
7607592962c1e0dd21fcec8b1f4a6caee42cb4a5e3384b9e53862c3ac44fcbb76bac3f8be36b75060779dbc50d9788ba4bcad5bf28758230838befc1b431d5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e7d69d4d29825a86dfd587de58c4608e

SHA1
d53927bcbb598baf0a98b21ab2763cdda921f8e1

SHA256
ea7126c3ae2ce319096acf422d6a5223b4ee0e1cf5fa5b00066e3ec36b304329

SHA512
e910ac8a75b24ababf32e5c5ebe25d88c931dc70ca5dab2a1472f067bdf1a13d200fcc96aa2e63d74409f0ebeb19594968e70fd3c7abb20b9931429a727286da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
14065f3e4a6c9fea1341267f49d49a18

SHA1
7c32aadc8fe4d1fc9d3294cad1b5db870111bf4b

SHA256
424b712b2e3a5a89ca08577873504f3e4f9c32ff4168400fa127341fe2609ef2

SHA512
676ce3ddb2543e0120ec5b9b18d5d7b7c48fa808127401aab61d12d26ae596b5a03d7ffd5eac34aab1f50582705192849feeedb6ca9dcd76f20c39691d66226c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c02fc790-406e-42a5-8682-6198d1b59b64.tmp

Filesize
10KB

MD5
61f59019b8c593e5519a44d96d732852

SHA1
5be5d148b4117f36f6d05d4b6537a540881dcd61

SHA256
e7e9127bd1f8f5ccf3671e30422a2d53e727e7285a00cf864d5b44860db7bca2

SHA512
f35412937ef8f04e1342de0f049e8480667f9385805aa15f1ec97a3532ec984f4fddc0a134a84a4e214a97caef8b34e0a35961732ffe8267cdea3dfae36b76d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e12768d0-6667-4814-bb84-2b85dac371a9.tmp

Filesize
10KB

MD5
f586e34991307b69220aef6a7b4d1b47

SHA1
0e93c7002898d55cc54bf441c8b628ddfefdf645

SHA256
7442998ef44833a863a5d7733aa6ef3cac2106473ee0bffda9f4ec84f68cf662

SHA512
def8f1d517cf14de2ac5951eb805eda72dcb94a8cad2517696b505593a1c94050412a59a05b8a8ea0bf438d766e501eed5d39c644e8b6a5eb764c3857fb6f9a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
3ece39e225e475833906b005a85141f6

SHA1
e63dcdca656767cf4c08ae17b88e7109682388bc

SHA256
29cbe5a2aa20e2117d96f39882436f30f9ad3c22c3544bb6b5fa9ce479ded8fe

SHA512
7c32e0159df342388efb28322d6a7700eb9c92379d596ef7430070d8e84e16f5c4dab47ad7ae0bd9b8bfca494a83f0ae6a5594af72aeb8a4d31f67899864de61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
fb56d263628b7d34e0b68bf61d66f68f

SHA1
c2905d167bf9cd668385b39c598f1c663b7d99f2

SHA256
57ea788c773a557e82a344054b8784b3430e0ccbee052d612d2abdaa570964bc

SHA512
9324dc8acdc964482658c8f66d57fc66e99d0f70b8ac06f81116226f4af0dfb1bdd44ccecc957a0fbb837d55615454ab995ad27285758caa2480618abf853a9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC89D69B8\XWorm V5.6\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESC634.tmp

Filesize
1KB

MD5
1f3c278a8e4b489aa2f66cfc8219c4d2

SHA1
4423653aa1c071aea19bd984701928dc8ac3de13

SHA256
6d87660ff2eb4db480efe9c800d3a7196d94d684e06625b5d4d919a9db8f3ccf

SHA512
a9730a839990a1db10abab633eb8d2da81778a3607bdf9f7ab77b48a50399bdd66cc0ba426c60d93fb22d1dd06c7b0ab9f95fbae2041ae4623635ce29cb70645

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESF5D0.tmp

Filesize
1KB

MD5
30243a3d3b5d7fa1abd4ae084588bca8

SHA1
46ba54b22b02733a2a717aea5670df45de891384

SHA256
eac55bca29552bf53ecf5ddc896e78ad08f005b64e98bbdd41c2939fc18ca2eb

SHA512
631cf395140711993faec8e5396be3b7fd31e4cc0b200569119468ae06bf25e68d623308b8e204ce3b4825e9c48e6ebee53bfc3f30c5c8d70a43cd3a90276e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\cyarl3f3\cyarl3f3.0.vb

Filesize
78KB

MD5
bbb7f988423ac00a7f2645435f521215

SHA1
3564442aea08255ad4766227d0924a8b03a209ad

SHA256
e71954975fd686a4436167ac5323a519931363cd83a1458b7bcc3308f72d523f

SHA512
644a5faac009c28a7b167b023791cd91ca1501591ba79282a450151bc142df47b588baf4a0be957798d72c27c9c7162354c11fb594fdd1e14249ae0a16473b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\cyarl3f3\cyarl3f3.cmdline

Filesize
290B

MD5
28353ab5e138f808adb42d8bdfb49308

SHA1
e91747d6d8971a126ea3d80041c058ef841caf22

SHA256
6bd8c035748f552bbdc72d4225e2f7c09dbae7cc842f6ef5a964e3c17565f94d

SHA512
d89c13fa507c689ae6430442496c3e357d38d53e53f651c7343ce668c1a4d1d6d6ed2524c435e1183163c2169dfe898815e0b2b03ea0e1aeb16584c2fd5f8b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2088_1236081148\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2088_1236081148\b9376b40-30fc-4771-887d-1e08dbe21813.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbc42280000E6184B7E9D6F6385EE8079F6.TMP

Filesize
1KB

MD5
a79c9d02323e0a152f023e613b6b8544

SHA1
96048f3e0c7685886aa61522ac6b6b880d40cf57

SHA256
c324869c54b93856319bcec8b7b2ab34e1931e4076e66038868d22c234c8ca6d

SHA512
26aab2593530ff040a24c784f29d6d4ecf30f546e8bcb505d2c5542ec324f95b0421db014ca73fea2f0226b1e33a3c9243aba6b56866553ac5d3242b5aee2f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcCA61953A6E43455B82F6CACA23CD5C6D.TMP

Filesize
1KB

MD5
d40c58bd46211e4ffcbfbdfac7c2bb69

SHA1
c5cf88224acc284a4e81bd612369f0e39f3ac604

SHA256
01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

SHA512
48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\yngobp5e\yngobp5e.0.vb

Filesize
78KB

MD5
bb51942a03f443f0c5f2b1febcd793df

SHA1
24a44db0f2c00739121dbd1874e334450f3f0514

SHA256
a1df34836add2e7fbde85f391a562ac837a0a687db48fab5a64585af2062696d

SHA512
6b86839849644ad655ca474d81ff0cdf7a006a873f35e15292eb62cbc46bc78e495bd2ab7ceef3ad16b55a3c0dafe3f252612ae29062714c8123779aa88535df

Download Submit
C:\Users\Admin\AppData\Local\Temp\yngobp5e\yngobp5e.cmdline

Filesize
286B

MD5
dbdd136073463b39088ee13f9b3eeaf3

SHA1
99356774fc4a27223933bcf200f0d264c3922c2a

SHA256
c5b73a007d1b6f85a43eacce0d699f0dd394e1660175b2da4734f5c78aae1df7

SHA512
2fe9649b81cdc3573bf5704e0fb9157538c9fe95fada5b83788480d6a18e026ad3539e9e27475e2d6793f635c0394153733e15a14a6561964939b6fa533132b0

Download Submit
C:\Users\Admin\Desktop\XClient.exe

Filesize
32KB

MD5
91a552e59e86612e3e6122332992d261

SHA1
5739121c8b86d1d0bb05eba668bffeda5b0388f8

SHA256
7522a7a17ee7fa9a4342a74786c70d7c8cd26f25a6cb35b8ed97f3f0a3908197

SHA512
90ebaab91d5ed1794c01758709eee9d6ac6adb561d3e228d6c908b6188410eec4aaa3c339bfda5d64fbbff3281b87b372e6c17affdd1179fa8bc216fdb21d319

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\GMap.NET.Core.dll

Filesize
2.9MB

MD5
819352ea9e832d24fc4cebb2757a462b

SHA1
aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

SHA256
58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

SHA512
6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\GMap.NET.WindowsForms.dll

Filesize
147KB

MD5
32a8742009ffdfd68b46fe8fd4794386

SHA1
de18190d77ae094b03d357abfa4a465058cd54e3

SHA256
741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

SHA512
22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\NAudio.dll

Filesize
502KB

MD5
3b87d1363a45ce9368e9baec32c69466

SHA1
70a9f4df01d17060ec17df9528fca7026cc42935

SHA256
81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451

SHA512
1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\ActiveWindows.dll

Filesize
14KB

MD5
5a766a4991515011983ceddf7714b70b

SHA1
4eb00ae7fe780fa4fe94cedbf6052983f5fd138b

SHA256
567b9861026a0dbc5947e7515dc7ab3f496153f6b3db57c27238129ec207fc52

SHA512
4bd6b24e236387ff58631207ea42cd09293c3664468e72cd887de3b3b912d3795a22a98dcf4548fb339444337722a81f8877abb22177606d765d78e48ec01fd8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Chat.dll

Filesize
18KB

MD5
59f75c7ffaccf9878a9d39e224a65adf

SHA1
46b0f61a07e85e3b54b728d9d7142ddc73c9d74b

SHA256
aab20f465955d77d6ec3b5c1c5f64402a925fb565dda5c8e38c296cb7406e492

SHA512
80056163b96ce7a8877874eaae559f75217c0a04b3e3d4c1283fe23badfc95fe4d587fd27127db4be459b8a3adf41900135ea12b0eeb4187adbcf796d9505cb8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Chromium.dll

Filesize
32KB

MD5
edb2f0d0eb08dcd78b3ddf87a847de01

SHA1
cc23d101f917cad3664f8c1fa0788a89e03a669c

SHA256
b6d8bccdf123ceac6b9642ad3500d4e0b3d30b9c9dd2d29499d38c02bd8f9982

SHA512
8f87da834649a21a908c95a9ea8e2d94726bd9f33d4b7786348f6371dfae983cc2b5b5d4f80a17a60ded17d4eb71771ec25a7c82e4f3a90273c46c8ee3b8f2c3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Clipboard.dll

Filesize
14KB

MD5
831eb0de839fc13de0abab64fe1e06e7

SHA1
53aad63a8b6fc9e35c814c55be9992abc92a1b54

SHA256
e31a1c2b1baa2aa2c36cabe3da17cd767c8fec4c206bd506e889341e5e0fa959

SHA512
2f61bcf972671d96e036b3c99546cd01e067bef15751a87c00ba6d656decb6b69a628415e5363e650b55610cf9f237585ada7ce51523e6efc0e27d7338966bee

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Cmstp-Bypass.dll

Filesize
11KB

MD5
cf15259e22b58a0dfd1156ab71cbd690

SHA1
3614f4e469d28d6e65471099e2d45c8e28a7a49e

SHA256
fa420fd3d1a5a2bb813ef8e6063480099f19091e8fa1b3389004c1ac559e806b

SHA512
7302a424ed62ec20be85282ff545a4ca9e1aecfe20c45630b294c1ae72732465d8298537ee923d9e288ae0c48328e52ad8a1a503e549f8f8737fabe2e6e9ad38

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\FileManager.dll

Filesize
679KB

MD5
641a8b61cb468359b1346a0891d65b59

SHA1
2cdc49bcd7428fe778a94cdcd19cabf5ece8c9c0

SHA256
b58ed3ebbcd27c7f4b173819528ff4db562b90475a5e304521ed5c564d39fffd

SHA512
042702d34664ea6288e891c9f7aa10a5b4b07317f25f82d6c9fa9ba9b98645c14073d0f66637060b416a30c58dec907d9383530320a318523c51f19ebd0a4fee

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\FilesSearcher.dll

Filesize
478KB

MD5
6f8f1621c16ac0976600146d2217e9d2

SHA1
b6aa233b93aae0a17ee8787576bf0fbc05cedde4

SHA256
e66e1273dc59ee9e05ce3e02f1b760b18dd296a47d92b3ce5b24efb48e5fb21b

SHA512
eb55acdea8648c8cdefee892758d9585ff81502fc7037d5814e1bd01fee0431f4dde0a4b04ccb2b0917e1b11588f2dc9f0bfe750117137a01bbd0c508f43ef6a

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HBrowser.dll

Filesize
25KB

MD5
f0e921f2f850b7ec094036d20ff9be9b

SHA1
3b2d76d06470580858cc572257491e32d4b021c0

SHA256
75e8ff57fa6d95cf4d8405bffebb2b9b1c55a0abba0fe345f55b8f0e88be6f3c

SHA512
16028ae56cd1d78d5cb63c554155ae02804aac3f15c0d91a771b0dcd5c8df710f39481f6545ca6410b7cd9240ec77090f65e3379dcfe09f161a3dff6aec649f3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HRDP.dll

Filesize
1.7MB

MD5
f27b6e8cf5afa8771c679b7a79e11a08

SHA1
6c3fcf45e35aaf6b747f29a06108093c284100da

SHA256
4aa18745a5fddf7ec14adaff3ad1b4df1b910f4b6710bf55eb27fb3942bb67de

SHA512
0d84966bbc9290b04d2148082563675ec023906d58f5ba6861c20542271bf11be196d6ab24e48372f339438204bd5c198297da98a19fddb25a3df727b5aafa33

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HVNC.dll

Filesize
58KB

MD5
30eb33588670191b4e74a0a05eecf191

SHA1
08760620ef080bb75c253ba80e97322c187a6b9f

SHA256
3a287acb1c89692f2c18596dd4405089ac998bb9cf44dd225e5211923d421e96

SHA512
820cca77096ff2eea8e459a848f7127dc46af2e5f42f43b2b7375be6f4778c1b0e34e4aa5a97f7fbabe0b53dcd351d09c231bb9afedf7bcec60d949918a06b97

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HVNCMemory.dll

Filesize
39KB

MD5
065f0830d1e36f8f44702b0f567082e8

SHA1
724c33558fcc8ecd86ee56335e8f6eb5bfeac0db

SHA256
285b462e3cd4a5b207315ad33ee6965a8b98ca58abb8d16882e4bc2d758ff1a4

SHA512
bac0148e1b78a8fde242697bff1bbe10a18ffab85fdced062de3dc5017cd77f0d54d8096e273523b8a3910fe17fac111724acffa5bec30e4d81b7b3bd312d545

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HiddenApps.dll

Filesize
45KB

MD5
ba2141a7aefa1a80e2091bf7c2ca72db

SHA1
9047b546ce9c0ea2c36d24a10eb31516a24a047d

SHA256
6a098f5a7f9328b35d73ee232846b13e2d587d47f473cbc9b3f1d74def7086ea

SHA512
91e43620e5717b699e34e658d6af49bba200dcf91ac0c9a0f237ec44666b57117a13bc8674895b7a9cac5a17b2f91cdc3daa5bcc52c43edbabd19bc1ed63038c

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Informations.dll

Filesize
22KB

MD5
67a884eeb9bd025a1ef69c8964b6d86f

SHA1
97e00d3687703b1d7cc0939e45f8232016d009d9

SHA256
cba453460be46cfa705817abbe181f9bf65dca6b6cea1ad31629aa08dbeaf72b

SHA512
52e852021a1639868e61d2bd1e8f14b9c410c16bfca584bf70ae9e71da78829c1cada87d481e55386eec25646f84bb9f3baee3b5009d56bcbb3be4e06ffa0ae7

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Keylogger.dll

Filesize
17KB

MD5
246f7916c4f21e98f22cb86587acb334

SHA1
b898523ed4db6612c79aad49fbd74f71ecdbd461

SHA256
acfe5c3aa2a3bae3437ead42e90044d7eee972ead25c1f7486bea4a23c201d3a

SHA512
1c256ca9b9857e6d393461b55e53175b7b0d88d8f3566fd457f2b3a4f241cb91c9207d54d8b0867ea0abd3577d127835beb13157c3e5df5c2b2b34b3339bd15d

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Maps.dll

Filesize
15KB

MD5
806c3802bfd7a97db07c99a5c2918198

SHA1
088393a9d96f0491e3e1cf6589f612aa5e1df5f8

SHA256
34b532a4d0560e26b0d5b81407befdc2424aacc9ef56e8b13de8ad0f4b3f1ab6

SHA512
ed164822297accd3717b4d8e3927f0c736c060bb7ec5d99d842498b63f74d0400c396575e9fa664ad36ae8d4285cfd91e225423a0c77a612912d66ea9f63356c

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\MessageBox.dll

Filesize
14KB

MD5
7db8b7e15194fa60ffed768b6cf948c2

SHA1
3de1b56cc550411c58cd1ad7ba845f3269559b5c

SHA256
bc09b671894c9a36f4eca45dd6fbf958a967acea9e85b66c38a319387b90dd29

SHA512
e7f5430b0d46f133dc9616f9eeae8fb42f07a8a4a18b927dd7497de29451086629dfc5e63c0b2a60a4603d8421c6570967c5dbde498bb480aef353b3ed8e18a1

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Microphone.dll

Filesize
540KB

MD5
9c3d90ccf5d47f6eef83542bd08d5aeb

SHA1
0c0aa80c3411f98e8db7a165e39484e8dae424c7

SHA256
612898afdf9120cfef5843f9b136c66ecc3e0bb6f3d1527d0599a11988b7783c

SHA512
0786f802fbd24d4ab79651298a5ba042c275d7d01c6ac2c9b3ca1e4ee952de7676ec8abf68d226b72696e9480bd4d4615077163efbcda7cff6a5f717736cbdfe

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Ngrok-Installer.dll

Filesize
400KB

MD5
3e19341a940638536b4a7891d5b2b777

SHA1
ca6f5b28e2e54f3f86fd9f45a792a868c82e35b5

SHA256
b574aabf02a65aa3b6f7bfff0a574873ce96429d3f708a10f87bc1f6518f14aa

SHA512
06639892ea4a27c8840872b0de450ae1a0dac61e1dcb64523973c629580323b723c0e9074ff2ddf9a67a8a6d45473432ffc4a1736c0ddc74e054ae13b774f3e2

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Options.dll

Filesize
30KB

MD5
97193fc4c016c228ae0535772a01051d

SHA1
f2f6d56d468329b1e9a91a3503376e4a6a4d5541

SHA256
5c34aee5196e0f8615b8d1d9017dd710ea28d2b7ac99295d46046d12eea58d78

SHA512
9f6d7da779e8c9d7307f716d4a4453982bb7f090c35947850f13ec3c9472f058fc11e1120a9641326970b9846d3c691e0c2afd430c12e5e8f30abadb5dcf5ed2

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Pastime.dll

Filesize
17KB

MD5
6430ab4458a703fb97be77d6bea74f5b

SHA1
59786b619243d4e00d82b0a3b7e9deb6c71b283c

SHA256
a46787527ac34cd71d96226ddfc0a06370b61e4ad0267105be2aec8d82e984c1

SHA512
7b6cf7a613671826330e7f8daddc4c7c37b4d191cf4938c1f5b0fb7b467b28a23fb56e412dc82192595cfa9d5b552668ef0aaa938c8ae166029a610b246d3ecc

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Performance.dll

Filesize
16KB

MD5
1841c479da7efd24521579053efcf440

SHA1
0aacfd06c7223b988584a381cb10d6c3f462fc6a

SHA256
043b6a0284468934582819996dbaa70b863ab4caa4f968c81c39a33b2ac81735

SHA512
3005e45728162cc04914e40a3b87a1c6fc7ffde5988d9ff382d388e9de4862899b3390567c6b7d54f0ec02283bf64bcd5529319ca32295c109a7420848fa3487

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\ProcessManager.dll

Filesize
19KB

MD5
3d4ec14005a25a4cb05b1aa679cf22bf

SHA1
6f4a827d94ad020bc23fbd04b7d8ca2995267094

SHA256
7cf1921a5f8429b2b9e8197de195cfae2353fe0d8cb98e563bdf1e782fe2ee4e

SHA512
0ee72d345d5431c7a6ffc71cf5e37938b93fd346e5a4746f5967f1aa2b69c34ca4ba0d0abd867778d8ca60b56f01e2d7fc5e7cf7c5a39a92015d4df2d68e382e

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Programs.dll

Filesize
13KB

MD5
a6734a047b0b57055807a4f33a80d4dd

SHA1
0b3a78b2362b0fd3817770fdc6dd070e3305615c

SHA256
953a8276faa4a18685d09cd9187ed3e409e3cccd7daf34b6097f1eb8d96125a4

SHA512
7292eab25f0e340e78063f32961eff16bb51895ad46cfd09933c0c30e3315129945d111a877a191fc261ad690ad6b02e1f2cabc4ff2fdac962ee272b41dd6dfa

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Ransomware.dll

Filesize
20KB

MD5
ccc9ea43ead4aa754b91e2039fe0ac1c

SHA1
f382635559045ac1aeb1368d74e6b5c6e98e6a48

SHA256
14c2bbccdabb8408395d636b44b99de4b16db2e6bf35181cb71e7be516d83ad9

SHA512
5d05254ba5cd7b1967a84d5b0e6fd23c54766474fb8660a001bf3d21a3f5c8c20fcdb830fb8659a90da96655e6ee818ceefb6afa610cc853b7fba84bb9db4413

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Recovery.dll

Filesize
1.1MB

MD5
776193701a2ed869b5f1b6e71970a0ac

SHA1
2f973458531aaa283cdc835af4e24f5f709cbad1

SHA256
66dbe3b90371fe58caa957e83c1c1f0acce941a36cf140a0f07e64403dd13303

SHA512
a41f981c861e8d40487a9cd0863f9055165427e10580548e972a47ef47cf3e777aab2df70dc6f464cc3077860e86eda7462e9754f9047a1ecc0ed9721663aeb9

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Regedit.dll

Filesize
15KB

MD5
53a2cfe273c311b64cf5eaca62f8c2fd

SHA1
4ec95ec4777a0c5b4acde57a3490e1c139a8f648

SHA256
2f73dc0f3074848575c0408e02079fd32b7497f8816222ae3ce8c63725a62fe6

SHA512
992b37d92157ae70a106a9835de46a4ac156341208cfe7fb0477dc5fc3bc9ddae71b35e2336fc5c181630bac165267b7229f97be436912dfd9526a020d012948

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\RemoteDesktop.dll

Filesize
18KB

MD5
e6367d31cf5d16b1439b86ae6b7b31c3

SHA1
f52f1e73614f2cec66dab6af862bdcb5d4d9cf35

SHA256
cc52384910cee944ddbcc575a8e0177bfa6b16e3032438b207797164d5c94b34

SHA512
8bc78a9b62f4226be146144684dc7fcd085bcf4d3d0558cb662aacc143d1438b7454e8ac70ca83ebeedc2a0fcea38ad8e77a5d926a85254b5a7d420a5605538a

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\ReverseProxy.dll

Filesize
16KB

MD5
a22d11379e413cf832b3943ce46f2463

SHA1
99b9552e8a25bff29678aff828901edbc23eaba5

SHA256
8c4efe2c8702141ffa8ff8f55d248dc4220231ae8d12ecea1f22906a9285b32b

SHA512
cc1eccb29135acd35804b44f73447bd8dedc8ea085dee3670cf49120baa905aa7ca512c14a3f4df6aeb5a70347bd214865f9dc8b709a00abbb0c745164d87074

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\RunPE.dll

Filesize
11KB

MD5
224be01635cff2dca827fbdeaddb983c

SHA1
11fa00c5e172c9cd1c81acaef52934f785f91374

SHA256
7adfe849345edd76aa975b0647fed2ccaa5f4a6aaf7d55f488af939c0dbef153

SHA512
1a4915b7b21e8166a6ddb6460c77e02c306a460c08fc7ee574832b0576c827db343eda9533959298819ee443790769328ad580fc67fe4817110b63d49248c736

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\ServiceManager.dll

Filesize
14KB

MD5
2e5f127cb0a69cdd46aa4fd9e603f982

SHA1
994a6ab276c417301ed9208aaaf6719bf9594bc6

SHA256
c552d11db168a4f64db584283a617a6ec51ab6095c20ba4b706c3138beb68a22

SHA512
4455cb3b9d4a9c69abec7180e9a60e16e6be0ae2290f48aa09c5d926370de5512ced4d37b6e6e49515d5f51999211eff6f751c4594db936882fb7f40ee5bf97e

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Shell.dll

Filesize
14KB

MD5
04609b39e656e297db73be0d02c7e35e

SHA1
f8abd484e7703a4d9629b033e8ec39c82eaf4654

SHA256
6c69b4d45638097e31169d94914e4acb6a8cc7f46788ffa4f241e4c1efb213bb

SHA512
11a88d55497fedeeb05b146ebd3135755aeb08c4596e9379eec83501e734aa6ba926d9bbda1c5f50e361836d65ea88d2c018f0b4b4b668c82ff2163730eaaf27

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\StartupManager.dll

Filesize
188KB

MD5
3d76ef15ab712b93eabd4b68ea0111d5

SHA1
0f309663fae17c4ccae983e1fabb16a1e5f77d9b

SHA256
1802e16379d96021fee05f583633c8091bb669350b7d32064179a8944d45a5a6

SHA512
6c0d0291abb696bee33b6e42392b07028c82bcffc8fb7934ba234f178f011ab14fde38cdccb322c8dba058ae66fc023349de5db1c587d3417709bf263cfd28f3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\SimpleObfuscator.dll

Filesize
1.4MB

MD5
9043d712208178c33ba8e942834ce457

SHA1
e0fa5c730bf127a33348f5d2a5673260ae3719d1

SHA256
b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

SHA512
dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
C:\Users\Admin\Desktop\aaa.exe

Filesize
32KB

MD5
8711d04bd531e6b66f9c2b39cb779911

SHA1
435fe65c5bc33ba3f8964373e6bd581b0739e55e

SHA256
f82d28215651338dc65904d08a9a620778791c750655d0997efb665bebe242f7

SHA512
21acaba68eb0bfe859c1214b7996a72daaf1360437c108a7aaa12eef6157d1b4c1121303e7cde0646b0659af01e906c8d4eeb1b9dda5ce250a3b03ed869c0215

Download Submit
memory/3008-249-0x00007FF987CD3000-0x00007FF987CD5000-memory.dmp

Filesize
8KB

Download
memory/3008-250-0x00007FF987CD0000-0x00007FF988791000-memory.dmp

Filesize
10.8MB

Download
memory/3008-288-0x000002C7D5440000-0x000002C7D54C2000-memory.dmp

Filesize
520KB

Download
memory/3008-294-0x000002C7D56B0000-0x000002C7D5762000-memory.dmp

Filesize
712KB

Download
memory/3008-292-0x000002C7D65D0000-0x000002C7D68B2000-memory.dmp

Filesize
2.9MB

Download
memory/3008-290-0x000002C7D4940000-0x000002C7D496C000-memory.dmp

Filesize
176KB

Download
memory/3008-253-0x000002C7D58F0000-0x000002C7D5A58000-memory.dmp

Filesize
1.4MB

Download
memory/3008-244-0x000002C7B1320000-0x000002C7B2208000-memory.dmp

Filesize
14.9MB

Download
memory/3008-243-0x00007FF987CD3000-0x00007FF987CD5000-memory.dmp

Filesize
8KB

Download
memory/3008-247-0x000002C7CE980000-0x000002C7CEB74000-memory.dmp

Filesize
2.0MB

Download
memory/3008-245-0x00007FF987CD0000-0x00007FF988791000-memory.dmp

Filesize
10.8MB

Download
memory/3800-327-0x000000001BB90000-0x000000001BBC6000-memory.dmp

Filesize
216KB

Download
memory/3800-329-0x000000001BCC0000-0x000000001BD70000-memory.dmp

Filesize
704KB

Download
memory/3800-330-0x000000001C4A0000-0x000000001C9C8000-memory.dmp

Filesize
5.2MB

Download
memory/3800-286-0x00000000001D0000-0x00000000001DE000-memory.dmp

Filesize
56KB

Download