stormkitty | 7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf

Resubmissions

11-11-2024 18:26

241111-w3hm1ssmd1 10

11-11-2024 17:59

241111-wk5ptstamb 10

11-11-2024 00:19

241111-al9vaaxnev 10

Analysis

max time kernel
1134s
max time network
1114s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.6.zip
Size

24.5MB
MD5

27065dd8016564f65a5444d70a9daad1
SHA1

1be1151330b7b0f12c486e9e36a1fa682adcac50
SHA256

7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf
SHA512

fcf41ba034133fcb7f91936fb16a6b59503a9016a78079c61fd692edec24a7e3daadf8ae2459d36ecd6c72dff9f8835355ea8cc7d20455d3e0922d74f7337435
SSDEEP

393216:VyavqxXFeuBc9Q+Fdt6ieJS9xCZGb7kjjJ6AKbKrbdcjXo50Ko+Y2ToxYv:Vy5xXDBYQwn63qkjBKego5Ho+R

Score

10^/10

stormkitty xworm discovery evasion persistence privilege_escalation rat stealer trojan

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

npCjKGoBzBFLsWVA

Attributes

install_file
USB.exe

aes.plain

Signatures

Contains code to disable Windows Defender 2 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral2/files/0x000200000001e766-1217.dat	disable_win_def
behavioral2/memory/4740-1612-0x000000001BB10000-0x000000001BB1E000-memory.dmp	disable_win_def

Detect Xworm Payload 3 IoCs

resource	yara_rule
behavioral2/files/0x00020000000231c0-1159.dat	family_xworm
behavioral2/files/0x00030000000231d2-1178.dat	family_xworm
behavioral2/memory/4740-1180-0x0000000000DF0000-0x0000000000DFE000-memory.dmp	family_xworm

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
behavioral2/files/0x000200000001e9c3-1223.dat	family_stormkitty

Stormkitty family
stormkitty

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "5"	XClient.exe

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Executes dropped EXE 3 IoCs

pid	Process
3332	Xworm V5.6.exe
4740	XClient.exe
1144	Xworm V5.6.exe

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 4 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	regedit.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	regedit.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	regedit.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	regedit.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758216963635706"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Xworm V5.6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\NodeSlot = "6"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000000000000300000002000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000010000000300000002000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 60003100000000005b597d87100058574f524d567e312e360000460009000400efbe6b5962906b5963902e0000001307000000000300000000000000000000000000000000000000580057006f0072006d002000560035002e00360000001a000000	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000000000000300000002000000ffffffff	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000004000000000000000300000002000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Xworm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Xworm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	Xworm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	Xworm V5.6.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4864	NOTEPAD.EXE

Runs regedit.exe 2 IoCs

pid	Process
4700	regedit.exe
4320	regedit.exe

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4700	regedit.exe
3332	Xworm V5.6.exe
4320	regedit.exe
1144	Xworm V5.6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	184	7zFM.exe
Token: 35	184	7zFM.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
184	7zFM.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
184	7zFM.exe
3332	Xworm V5.6.exe
3332	Xworm V5.6.exe
4700	regedit.exe
3332	Xworm V5.6.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
3332	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe
1144	Xworm V5.6.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
3332	Xworm V5.6.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
3332	Xworm V5.6.exe
1144	Xworm V5.6.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3332	Xworm V5.6.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 3268	4284	chrome.exe	107
PID 4284 wrote to memory of 3268	4284	chrome.exe	107
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 4444	4284	chrome.exe	108
PID 4284 wrote to memory of 1836	4284	chrome.exe	109
PID 4284 wrote to memory of 1836	4284	chrome.exe	109
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110
PID 4284 wrote to memory of 4420	4284	chrome.exe	110

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\microsoft\windows\currentversion\policies\system	XClient.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "5"	XClient.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ffec81acc40,0x7ffec81acc4c,0x7ffec81acc58
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4516,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4060,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5204,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5208,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3812,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5368,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:2
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:3428
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff62cd94698,0x7ff62cd946a4,0x7ff62cd946b0
    3⤵
    - Drops file in Program Files directory
    PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5444,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5004,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3356,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3052,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4900,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1128 /prefetch:1
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3168,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5528,i,3302440206072828681,14075458317139317506,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4052

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3744

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\a.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:4864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\a.bat" "
1⤵
PID:980
- C:\Windows\regedit.exe
  regedit
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  - Runs regedit.exe
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:4700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2264

C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3332
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\i0bcjzfc\i0bcjzfc.cmdline"
  2⤵
  PID:820
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2B89.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF9C3151C9696405E83E725288D905547.TMP"
    3⤵
    PID:3168

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3572

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d0 0x2f4
1⤵
PID:2652

C:\Users\Admin\Desktop\XWorm V5.6\XClient.exe
"C:\Users\Admin\Desktop\XWorm V5.6\XClient.exe"
1⤵
- UAC bypass
- Executes dropped EXE
- System policy modification
PID:4740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\a.bat" "
1⤵
PID:3904
- C:\Windows\regedit.exe
  regedit
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  - Runs regedit.exe
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4320

C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1144

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d0 0x2f4
1⤵
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
29d7c9e23016220ac328a464fa49c4ff

SHA1
6c0901d784d6084dc0f929575d5f67a34ce93851

SHA256
c1876f89debfbe0a438f6418ec83e753e27973758b25891cecfe233aadf5d6ce

SHA512
e9ad68733cacc3cdb9d4368924e7441ec4ebd4885bdfbc2b6c3643d33aec9ba6666b0cd4ff7d01408743346155eb8851157325f63ea499c3b1660161062b2636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7bfb269fb3013750697e57ff8d46d63d

SHA1
035cc139cea04f4f25d2ad04d665ca83942e43e3

SHA256
350c25c59274ec062a1ed2cfe869098228b250e33c3ed16e96e294dc3d50d769

SHA512
0f4887ca9d02149a1aff59b2cc50911e426c79fd2056a449c1f2f4129dbfbb8c1df198b5923935aba4d82d3094a6e5208eff6ed5c3507fcfba3bb8008dd68fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
afac461290121c8658b847565d222e9f

SHA1
5d02cae4f86aad0b117128246a61e44f3e513889

SHA256
eb0cda6609a7d3a1bfc555c4f282383d9e8f363b0fb0983f59fd7e74547fc4e1

SHA512
3375ead577be11553d638a7cb63e0db14016772a08bc677e691c55326add6d7f6bdc88d9f87d962d4649291c5df0715c8c7174aee2507b834ac5d79691d6c7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dea7ca2bb3f7a96956cfcd52c319acc5

SHA1
708faf5c76f5429a97307f11253ddda0e5d44b96

SHA256
8576e2d80dfce8dce654ef087708ee5049325e115b9eb4a51da75822afe6c2aa

SHA512
a6d768ce941d17c41f66ce5eef460c77827ffc9da59b640cdc0adf546025ceed7186dc766dab594a40eab15ef91360b757526c20902bf46e319fe2ab25313bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4f85428194abb876d118029ccaeb0342

SHA1
f3ee17e261ea7fec89b99c6b5518b1e2f0464c99

SHA256
d65b82a3528d747c780ebea1d9c8c6fc01e2780cfb695f87e95d79584e629174

SHA512
efd378c6816c8b957bd8eb3a87002c568a89d46eac17b8c8c6b8655dff9feed105808d2d9481d6a90c761adcc6923cf23095c97eb1723f5da7fcc6ce79a850c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
0888096009bd9f74bdc8f9f701b8473d

SHA1
22ba8eedafedec1ec6708e8df2f9292e7604418e

SHA256
86ad1096da6cf82a776fb678dd0dd405382217e2ba58b90b6d34c4aba8e3342c

SHA512
7a37c3a64e6cfe641205c0b460e126e97f38930df017ca13a455d57c7653f6ca9f309028bcd557a8184cf574ed0867633e8b4156803e636de05f0ef6c9caf98a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6a501cd75127d0e995777e3a228ac71b

SHA1
204202c833d720b35ef97bcc239a5c9e73556b73

SHA256
3e690087b91ffecf9b1f2a07e05e9735ca480453adf5b39966aa54665a92a9ed

SHA512
ec08d90e0a18f6a73cc1c3ef9440d011b1d5f510958a6b1b388f28d25631307d9eca21eb30d3f372bb314099f61cf87f95f7ea9bf714e82190b642a453a44819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12100c08b4eeec891effc47a549d5089

SHA1
c83471fa6632a57ca2a22d5d48c368ef6bff7784

SHA256
0478296c752bddf593dd1f938b81389aa4bab6985d8b1940c17a57c7cbab1ea9

SHA512
40ff7770cf90a0d6b8ee8fafc025147ceb25949896a6fc047f71e99d8c1ee9d1080788fb350e7930c03e15b0273f33635d9ae1d5ec1489377d81242c907d7699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
709e57d0ec72206d7337e770064c29a2

SHA1
9b29132ab720e6b622e3ae163276c39b0089b725

SHA256
943751341593dc69518d6b55bfebba5888170909612747506b6a0486df2223ce

SHA512
efc921756194ecacab44df453413595e2b2e8ae51cfd8c1c365c0d2946e6bd6ff8668f7b27f9a67010f5380d5c67338a9387c5eaaf440aee0a458ae729da47d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
8270efd15e44dcb4cfd1b8a6f6ab695d

SHA1
6c9e61e2044dd98c5e15243edf1a44411d80c928

SHA256
aab7e6cd84f997bd631493f53ff76a1c046b553da05c56f411641ff5203c21bc

SHA512
5313e6620962d8a6c38c206583510616f33efbf79482a614d29e543406592fe397e39a11ed678b41d354d76422433fcd0aaa44a6a20f126ee6b0f19b11b500d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c7ea16c18e0f14747efb3956ca018a6

SHA1
8e773eb84e66f6d3070aca6311b1dd8660d7eaae

SHA256
ba97d4baa892f9d69f2d79f0737bd14e2cb3ca3e645ec053bce76d4b5542e39b

SHA512
b9163b33d323f01c33875f6a293c32bef8035400e6621e947eb0c9bf8b0e4d19621f52a6637b378c4be05c0c27d31d483371df2f3e27564fb4465c49ad0a83aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5213150ad645734847dafec0e08e71c8

SHA1
c547c2b969faa30dc40b60dea34be28a1580da94

SHA256
f43361e315f5979f61165a35bbc31118ed926df22c193773a9c70f933bae51c5

SHA512
9fdbc18300cfb6d8479d56bc0448dd55ae69a6f3720fceacad7862f3f538f8534405c60a8b8b2209f79bccc6bebe64bee45b2ec55ea0a394b68dcb20a748e96c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
e1e1feef6c133f3bc565fa5e3306c5ce

SHA1
dc606a45f77d6b15155eaf29f6687ede918b7f0f

SHA256
c743e95c16595726fc67f973a26130ef6d2058f51d4029ac1529f9243a135044

SHA512
07c33a13cfee4d70c7dc9cbdaf8cb62826509cd74ec21cc8adcc5fa1db4474e375da7b5e5d2c97f91f43b4172bca59d420e8f1ce1a49155b89098cde72a2e6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
46d6a3264e3e38397dd3a13e43c1df7e

SHA1
aafc7588a9e2a120ef817318ba72f05bed2f77b5

SHA256
4f36815fb8b5cc57ab8859e67832d46755dea539f88e9772c24b056f80d492cb

SHA512
b538f5bb7e014b6c9bca777709eb0a45a2f419217f73cc68372ae547d61d144aa58c0ea3f4b0550c74e13782d4f6518eb0f3ae354184b94d461bbc4f5c341062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97fb883fb6a62994c207c9d0c7a483e7

SHA1
68aa0bc6bf9c40688bb7ac7adcf3de3f0b068575

SHA256
81e91dd36b02e9b212bdc486cdc29f735c905431a95b5c4778dc12c0f8e4e6c8

SHA512
86821cf8fed603f3c2b68dbf8286c08fcb2d76023aae3afc36b6465eda1c065d326132dc8921579f3674b5bcfe30f1fdefc20fc3936bd4d25e2268f4cb99a930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1179c86173b6a16f4b7bef174f541a89

SHA1
ed180cc0c67e91e9e4988f453b6c3e89040a4b0b

SHA256
adb25664cfe8321f362e644594f7d087676b0459ebbfe90842745b851cef70c8

SHA512
b6c50cf89b51f946ee1722cc1eeec87065074f05601d3542e2e3b6c51480adb9d7e67d6d3df0ca0c90ce4e7979b4a04d31b3e8920e123d1f1183c6b36c883bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e925c4ec6db3185370f44f841cca4840

SHA1
3966b466a07ad3b3ca9210b73524769ee225a81d

SHA256
85ff180ea7cc2f0a59b6ac156a6e8c555b1f4a4bc9cb3a4e3a97cbc93d465b40

SHA512
246e5830f05d2b87c168bd27e49118c98ba85cce02bf92cb40007cd43a47b261096a903ab0688fae7e94c4c964036856b0affa654b869d4b7848d7280245e44d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
334e9d683efcfc73bfb82527bb8bc602

SHA1
d5a726d15bd57c397f4c8ee1929df1f37724ca01

SHA256
70f54b2b0d97f2920691c626d6728c69659b8d30e301113bc4bcf95a953c81e3

SHA512
fc36baa0218cdcb50791fa8a05ccc78642e7b39c26e9160788cb22d91ad5f4ee360f06d194378d8e6a60c1fa93b03f572544a92b50bb2d801be43fffea21b48e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6dd2c6051d02edf811e827e57d01113f

SHA1
35a26d5ab93c7d741e105cf2173be35eae4281a3

SHA256
183f4c922a08fe227133ab57d3d556927eb7310ebe0167c8ff9f55e3a8692faa

SHA512
d306edc9990b25e8ccf0507299d6b08e2a146be60c0c074b0743b0b3cc02b469159f4c6502c4361a1eef9fd47cfbc6659e34460701624cc1bdddca32bd5f49d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e6fb3d171ecb530c599356e798cf77e

SHA1
41d14f6e0d0dd0d943107661d1cfd9810e4bd802

SHA256
018332710f3c2fbe564b368fb7220d9d300fa682bc6fc3004e5f3b74d4f5cf7a

SHA512
e6143fc9532de3d948406d19b1f66fbd8eef35b08c0d3d3ebaddfafe9a71d58f755d74f651d21caa5fbeef960e7089d4dd3b0462ade227596bcef7af25c6017d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97514fededcd20f23f35fe1e24022dfb

SHA1
fd0be2640e2f547edcdb46d0fb0a1c8f006ad920

SHA256
f8be6d39ded3bd90ac33b4c70ffe8a5c7db5b4236625104273c0de6e24b2f9b5

SHA512
5a1122a85ae745082b800d23fe067793eb4d29d85e5bd65b4ebcf3ffeb8409d3a86fb4bc11efb1f51a49c9d7725709b14676836176d973372cf3df418afb41ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf0694433800a2b6797614f8b2601cd3

SHA1
f1c1c58e3359435d40775e822a4a7e92b90f94c9

SHA256
dcc8ed8e5ad861ec51cd8b0a8957a17cad98895fd56489936c3ed001932cccc1

SHA512
889396540b7c58f64a681a98007624551c2265bc7813f14485431db99c0987864b3cd12302311460dfb01270df8055d48018fb14ca48ff883c81bbcb5ecece53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f8c39e5a3c9f9c963f6a294374db310

SHA1
4cbf6a0a826669109531bc1e2f69db2582823ab1

SHA256
e9f488758442f6b1e26ed1b4fbbbd399510ef725f338a6beb60ee79a0a94e7f7

SHA512
349a4420a7b053783fa387ccbc80c826ce2324f9c52b5056595432a11e50d59d2fcdaf47cae832022f4feb5650e86b22e8d07ebf55a2b7cb758f935992f0d0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f156df6677f90ec6d57d27edcd43d764

SHA1
be501cb11064686a166e68418e8b1f0a15fb86a0

SHA256
d5dda79f1d58130a4e8162f767be6885827558083a5a70f0efb157967eaae20c

SHA512
5cb2c77cf0d606e0a4b1d88002d7205d56b4fc57259f9e028b6d16419dd63bc3621edeca70fafdbeb1e3b2126507a563e13e9ccd42fd1b04ea72f6dcdee892f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e262602b3ac6c74e956297ac08f8824b

SHA1
baaa7e7be6172e6893b2e1b6cb8b2683527290a9

SHA256
6f0630c6c69f5e61f4f0376bef21d6f98e08524802d1c363d9f2ae9d9d0adc2a

SHA512
cbcafecd2110af21aa8c6624b80a56fe45ed5a2aad39d4504e3b5ce3a8244ab482b270846385cb958b59dc6295a814e99b13e69cebb359059a3a54d07efdaedc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e2b4e57707957edd6f073953e36598b

SHA1
2e76999fbfc1463e26574c6983f0d6f231dc6ad6

SHA256
c45d098df23205801aa3d18080c17c7e3afb3313d8243a6f85e1a804e47eb8d5

SHA512
ea3f2e193dbb37967b268023d6f58eeac8f35169a4ccf214cc0294109f844b27f11b47bbaf941225e045a453fb470604f8255fc8a640e633f075d656faeaa124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d443382407697bebb5548d22e49ed9f

SHA1
ebde23af490df0ca57db94b32d934250831d374a

SHA256
b49bac2401a4d7d344b1acea84699403dfb0950b74996b4301cf568bc546dedd

SHA512
6ff301b4a370b558596725715ca0ddb75dd46290739aedf2d817d8b6310860b0ec74988a96cc9e9981d3d42f6058a55ab85af3eab49c2b2c3c46d3d6495228a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
102b347485e7234ace8390a6997010fe

SHA1
7a4e353c569766c873741e9a0618edee98c8a598

SHA256
887424d6cb17c572ea578e47db25078988a6a1cf973529163f564cfe2f9db7a9

SHA512
e7419abae7783965eff247f6947a18d90af115daa4103ba9f783953bbf4816be7e99849b39acc713741fa0bf34aa09ea8f2b9b3cc9f4fc93c92ae7a751bfcc84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff481d5f3ba4c37275e11695950956c4

SHA1
96ac382176013720163defc89cf5135d9ba2c6e7

SHA256
fdb6be46ef3b51e5da4ebdf257c965cc11c8839e683b98e6f376a00484c00f9a

SHA512
4d8ff4a11d76339133b224591df4a0efd9ebe7ae918a98311ba5de8d168c461231ceb4a86a79bd5d2fbc9dfa977165d50eae1f8369f14a7239c477e3516b4d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5dd64e5e4f7f95624e4ac6d1a7c5ebfd

SHA1
e9b8ff0eb40c375aa59cc445f41fefd6156102b2

SHA256
ab409b7d29712ad61ac2715ec409cbc31ee67d06fc908ae2d2936cbaf60f74d7

SHA512
35707829b57770ec0ac6287ce6a2e85668436f8cd344361078cc396d7dad3e577003c02c3ea9d7c1a57b97e03b1c6e5c2496eff62ed59cca7ac7936a8e52258b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3bfe6033cc572fb5edb0726f1f1b370b

SHA1
39d1eb7ef9c68c0832e7f0209773912703878660

SHA256
110d8a7a915ce658b52a2a4bee6076fb43658f7f1a4739af52ac5056bdeef5d5

SHA512
19ae5ad861fdafaa8a6de79b7f0dd5c6431c224f31ff7ca8bee2d9315962e6fe9d719ba2d66365c5c6e7a9b53acc087f2b33971d619d9f48dea55b8054894822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2710668f4d38d489b2cedb5231cfa751

SHA1
f63cd6c7fd6f5022f474a204880f06663d55ab89

SHA256
c669bb6deeafb2d56eb66d085030d49d64425edc97181de3e58641288f506c1e

SHA512
2fca23e1353e3e2e34b0f1a12bcad8946fb958dee2bcfaeee2fcc0e1576019e5c3bbfc8373268cb3c7092c51961d2c45f09521325cb64a1117ef0e4580988caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b3aa29981f2a9df5c4ff4999a40e774

SHA1
d456f2c33079a347ccb540c545e55cff4cd8ab86

SHA256
583ebaf04822f9419d6acd500df36588bb92328e13f50086aa365e95f68a6a6e

SHA512
81610f566439cc47e4249d99605f337beaa878fdcaf336d1ed9a7c4f6a23e0e7da8d1744827062750374361af2f62c94ba67fe531f1ee2f64d6517cefd1c655d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e394a585ab2310f2713cccd5feed9a7e

SHA1
ddd4767bd4f27f3975dd1cd51edf83d5619b46ec

SHA256
a2caaf0b5cb9e0a9fc69f5f06f90588985cbb0daa2da18441adde2a9dfd3f63a

SHA512
796328a8867fc661e319379160520f45aeb30ee5c174183daab3eefab5468e333105147ddc0cf4e9c96212a74881be2e8b30005b0ef0540e5f17c31dcb4cd13f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
732cc3b6038082decb6e6e9f21c2d4a8

SHA1
6bbf65016b0d791d1c70580fd74cbeee00af2532

SHA256
1dbc98b07d2190a2dd7d12692d48167172f983e92872d852cafbf2037a78499d

SHA512
ae0e0a4fa9c67576d988db941a6ee57c469aca4116834cb6fc178295c25112fe3ff62a7b9fcec02be75d2fa2423a706f5a274154a0765e24025ed1ded7a640f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea4cd517652a7404c3d7bbda884dde91

SHA1
5f8ee9b6c9028b45fb1e4a58ad9c21daf8af3cf8

SHA256
9659b7450b570ef64a673df1308df2d7146a4e9fe0b87a4fb82c396e1edb83db

SHA512
9bc50a23c4478ef91ef74e10c9e5c0b837352a2ee46525b604fe73f095971bebee3f2e06e46cc93de0cdc206777f63eb4765391319ae832482e11a57e53bd8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c161037f04bc37aa529eb47fa4fbca7

SHA1
5e722c2d3c2f0a0c8105a108d64151acff545c62

SHA256
57934fe92dd361c03f4465b82059ae47f8c85797d5136459dd8b1aa0cdbd6061

SHA512
056653d00ea84e8bb2964789130190ce288efc7d85d3cae32c8fdca810103860f402d7fa31b1f348c81ba0f1241ea1281f78172998ce3fcfb6823d271d5094ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eddaea16292ea484ee53f0d1efaf6cd0

SHA1
584479ee4f0f41377b316c1e865c156605e12f6e

SHA256
062a3ff8f2faf8ff777160fe3f6451202ec6a34cdee9ce6622e450b525930428

SHA512
8f5ea1f6ec5c6bdeeb0d162ee39465d8c96e27a9ebac0f84d634f7ff5e2a89f83c5218ee6a7c4d9f9fa62304437fc7ecf3ee7e4d80f823150a7dd9982c955513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e103e2a93a81539da02de1534d733c83

SHA1
bad5736f47049336d666910ed0e4aa5be6f44989

SHA256
d7f8e6d942cde8a3311215d41dbcaffc662aef13aa46b99e4952341812ea42a4

SHA512
15f4d855e408dfa3ed34c5f257244c6f136ed867a5d50e69043b73428bd9834b62c189c04ea30fe6871cf48613fdc095ad3a6c67989f3ad59b60002500d21cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f97c6530833c938f12c326f092fb767a

SHA1
36b775e5ab1e4871992903ddde6a49c74c7679fd

SHA256
0b291a4ac80b411bf52150bef0fc297617d30a4aa9dc66a766b413e3c19aa590

SHA512
939b09aeaca0dec4355488b2a6c37950ab49f6b8287e55a045d9d22a700b0e0c421299321260c7276011027c51678662c3842500359ea52f48b9ac0f3fc51179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbd54f4e4e4858aa076a864370b8269d

SHA1
1fa59fd5d546a74946cd7720cb384eca74de6f5f

SHA256
6b08ad4ebbd16b68ea1de996973ce2631bf66630940050f5397f967a9af67b35

SHA512
62dc400121b848500745a16507db1fd99d1725200a689bc27ffc80b71af6b97cd4287eed7d70df36f46aa4567b64652d4d657d5cb2cfdb211830d4947d685383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
638f3718a596bda5479d1d3d77867464

SHA1
6b351bb8ed1148f1bb6846424c1258501ba1ac14

SHA256
ef2b5d22c2c842f7510080adc1dcf26b1c4db78fb459f9cd989b8a53e1a7be54

SHA512
1cd4f3aeb96bf93444d28fa117496216dff7b6beb86d85b1be45334746136012e479589edee299f53a701833d7cfaac71a8e3e601785101cdd30952f62459023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
273a4ce4f7fbc77fd35c97d06afe0634

SHA1
4e1cc22d1502800e95185bf947301f68ffe1be7f

SHA256
ee064d8c108909b5f5283f47ee203a9b17cdb30ae9b82adf67b2852aa0cc85de

SHA512
9e671c44ecb990689e56f3350976cc08bcc9a46729ec33d911676931795705272c0b10abb61cab327c87e524ced1287febdd4024653aba715d0ffedd13558d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58981139264455d27bc26c0e41b48dfb

SHA1
921c9d8d4b4cc7aea3c9314014336293cff39a12

SHA256
bee43f1c02be7f72e95132a3706ef55174ec54a7e14b8d58b31ab0e2efd04cfe

SHA512
10273dea5204e9658cc0e885ff2c91072c3dcb6a391a78fa4d50c29cdafa1ea7f188e17d1c8aa01365e558df0296db2c27b3fceaf23eb9aae21fef12637e030a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
827866a88dc366d776fcd17e2e63c152

SHA1
b560b04a4d653f371b0d39fcd16e96c398dd8caa

SHA256
a0332ce175f8bad2fa77f5adeef2cd929efca32ab5e52b84ad5d222aede4866f

SHA512
64757dce0e66bb2322dfcf3b4907d310fa3f3d6e9d6b4db952d6dc700a2e95b0906b0aeff783cb3c826845979d60c01e7ceaa81231296c61f697321ae5dc9af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e0589603a45dc522cea16b20c40b036

SHA1
b9501e6304f5187fe1bc134578d17cd6f5cbc591

SHA256
700a238b07bb9ab298b1b7660498c07715658f4152dff33384b1a8bfe22bd043

SHA512
d5f2d8bba6c43c900a37ceaabc632d849ff461e5946328dcb4cab9e1d7ff252f7ab88878486ac5cf12c32a085103b854372dfd737be8b7a56544f01200adce7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3639e5d748c2b91f9a25879bcb8c8951

SHA1
48fa1d3099a9bc38e4abe06f224c70fbd4091c27

SHA256
ee1f769cf1d30369fe80e7578529d4a074cae55f47a93a1f6c7fa3712704b2ea

SHA512
724f75c128cc36f6b23c16ac5b9879938b4376dfca73e0ad3bfbcaf01238f6a1947b932d8e2dee8bdab1cfa57c9b3cc523f7c0bcc9c1330e8cd51940eb235f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ffb03fd8bd00cf20b15395ea172e4d2

SHA1
88df23e2e62b642e95a436a35fe035ee9db3eced

SHA256
8935016d973b48c5e9f79af44926db347bbafcf64eef823415b05c56f029382f

SHA512
60c22f9eeeceba729ac61cee9cce4588cb4f85783cdb6224e78f416a1d87f686f7a838cf77094e1a79f20b7cb3f441836c521d197c673ed9b9d9e89bb6e4b16f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6bacb2428b7837a5dc0ddbf2a718d60

SHA1
7ffe5c69219862d76b5dd7f786d0d8e9a8a402d4

SHA256
5aaecfd06bdcfe620a3c0f05a7d80e7568bcd355976f3d691c5cc5f78f95cd60

SHA512
d0b5f10ab1bf2b4a7b19224bcb79cbcda954fbdb2fb579a32583b0e6c7533c5235071d1a1b7d199f207340f532321b210cfd48212c3828e71d57cb17b929f822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
abd5ceae12cfbc32da7f374dd0d725f0

SHA1
ba46c073193d11c51d42092193e03d7f2ac3fa8d

SHA256
3e4f412b0b451314cc3649aa4ffbe644d04d36a8cdb511305d4bc26222d8c5d4

SHA512
203ec5e67236488873e9efd8fe67e46d79ca1791fdfe4c2879d270111c617c05a1576eb2653a621218385deb87840af30b2b34e2af87007e3f65e3e18e080a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce92a1c377e9c28152d606320a11d1db

SHA1
59712fe9e46d129466f4f265ce0ad3a2fd58462c

SHA256
6ab575a71200f19d63bd3b6c4c5b159688c53a5b2d0009198f8bccbadedf5884

SHA512
c684b95fff2115e734014754feb087a601e33a2d5abb659f37cd52063690506e3bc3b33922d2f4fd3179e8a03241d10ed2399e1781bce62dad46f52943909c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b35fe2d3094e80a7302b9fd5ad90a00

SHA1
a91efff32e7fd38ee86f62e5eeffdadae3532b26

SHA256
0ff91ea0c935679e75590e78b8a49c1274da46836c599d3206c3d1adff64d89a

SHA512
1c864bd5313d0049ba488af3448f7def13d0a994661f0cf02df12a94158d5df5f509431cae87050823892c592804a2204e476ce2b19a45250df0b139ca6d65ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46a66561f98f36496a91f2415463d9dc

SHA1
70bea4ac0e91042dce9faae0fd7da7dc5a39a61a

SHA256
ed3eefe7c42f72a36ec27697c630bfa0e5bb20acbebfb0ab7403ff05015392a3

SHA512
71289959df93ca8d79b22502b9e1eea587e214c3a3368dd9357882ba0bebc4247f048ba683c09e162f739603533cec0804e16ba17c2ac32b9e7a9f11ef88c527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec74ae60f972e6fb2bdb0390141b0417

SHA1
c31162bf5ad3e2803a805efd2733f97173b1cddf

SHA256
856c6afbd5de53ffc84fa43f708da3cee149524e35b19552c9a05e38cf736078

SHA512
6a8c3ad15f5cbe9b80f54da92bf827b6af43ed66456ba15ab6f5abf105d3b26ae505cccbf86e8841c95d0480d6c77023d4d19196f5fd3ac98bb8db83e0d29526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6219cbcebfd39b83158edd1d8c25308

SHA1
9712305c78afa6463f5cea6ee81aa7ace0f79a18

SHA256
d9c41ea2f38b7d1656a81102c4fcda3c18176f777037d68e841e9a1955b889a2

SHA512
c7c2e003c60a51e3bdecc37f4fce4d9fe006ea1c90db19feb8b9fdc2db6fc11a237a466e93075394f712ff9a1e4525979acd912cd5c8f461afee73cb78ae93ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f48c4907e9177a40a259d770cb97bb4e

SHA1
002671829c2db42d5d6675442c83b6460c3ccab3

SHA256
97074931f6aabc7c9fae9af6658e8f4cb892d8427227f19902290df1e4d2280e

SHA512
07a53c59dd27fbef6c60f5ef0a5c8ac2e2ed65bb4e9cebc4585a4fbd560b0bbe25763469ff8b7a2139c5ea1d61838d2ef5b8940839d68ee94416857f8e879603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
052fadba411ed67290da919bee2738e6

SHA1
d05a9ded7f9d151e5cd307c24862005ecf61aad6

SHA256
ed4ca997df4a18fa934d2a6f9ccc2ac116422b42b49ebefd6d4cd012385bc383

SHA512
2dcc37f9de4f7dc245a1bd1a627158419fcd8e8ce947bbc7251140a768351a27db0823be0d4c0c14a673c3eedcf1f0cbeef3f08b8749301e15a9e7669d59784b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d5e2adbd86e902852eb9aa18c846d45

SHA1
3b644672b164a4a7c991bbe28fc5b36dc7a7d19a

SHA256
126eb2f42362a83c1ac090b5a10eb148c080a688c7d2698d9256bd356f920422

SHA512
2a9102063a508301d9e5526d0966c073b84e5be6ca93d67991cc77f477c1d92f4bf3a8523d282e9a8935f0982b7b29507ae87314f889bb538f619cf265acc5a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d54a135d20daa2f73125ec1499e2700

SHA1
077d736f1fad5e173dac4b4199d2b9cdb646442a

SHA256
d2e2bd8d581863849129c51f91a34816bf753a0b97ae90b8303cdfc806b0badc

SHA512
e853b5cb5722e15ff328000470a72681d106d8bd8b12bf117515a7856dc9f81c9998b709fa7dd6a778532eed03d75feb0e34115290bc0affd7bc9e82e463e70d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2afe30772a027618c083715995c9348

SHA1
17bc01ed354dadeb66c6c917bfb5794f80e2c2b2

SHA256
de7086276db51c7dded0a0a9563e7cdcc1554ee58fe0ac931a783c5bb3e4a1d6

SHA512
8a25462e695f8ac14f5782e4c98c2a5e4445feb126b071a4a7d0d1351fca8ff2c6ae4ed34ac77d9ad3b0031b410d0490282aa6bdd1f3f559196dd5ce289b2d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
26e7a3f15589c6cf8b5825d4749278e8

SHA1
65c6c7a0bd9444bb60af24f1b413afb6092f50ac

SHA256
0191ac1d603e42b8f99b606b37b4b370f47a3c14ae7bd1150c7806a5e700752d

SHA512
0a2be28eddf19da6715826216c66b34fe7ee5c789da002d5ce3fdbea483577425df5dcc79b180f2bc5644ebcdafb224678e8689702559bf09a9adeb70e2abc5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
14f10c871b8fc7e067b7138ad2cd516a

SHA1
768fb1404ef7dada9b0330b600cf9991cffce251

SHA256
120ed6039ac7e94fa99834c580a8fbdc6f5ee0f401b4f3f31e9c8567a180d9ed

SHA512
11f5a1d9021847fc2c22e0645d67cbda0af6f8e9181a4d2af84db325f09995dc15d27196d513c13a2d2f9d17f56aa54e4e0beba4892bdcf89ec5ea25d01866ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2711c106c4bd80af0d12b69d3b9b56d

SHA1
034f4e0967e5c1f16501b73242c588fd552cc443

SHA256
d09516e8397538535c626d91105d199041e81ccc998401a209aea4d6f60e4f35

SHA512
68c56744cbe114f05c4fd52a3affdeb21830efd356fc8da015df3b560729f4d883b43bae243c3632d0b6fac79bc0754948724db12ba807bd8d77133fc300c3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
432ef129e73ca67bf161cff93ab8918e

SHA1
76fd833931058f2921326a1047ce73dfc8718cd5

SHA256
2588e7247ee33c8fc640d22694f8ba828be7fed315469cd233a50ca6ca673ffd

SHA512
27ee1b6115c910c360b6be4d7398d0bf11044db6211fe5bc08e8e152c7c0edf49117b974c3c9da11f6a80c1aca18c6e556a5d75b88a0ff7fc00e432f276af525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f2fb34be43925d5fc865a15aa5c4d54

SHA1
0de6ebbfc1df0590efcb44ff24ea6df3e1bd0690

SHA256
2e1a605f685ff6c2d2d579309e1591548376213e5e5638871dbd26ce84da7a11

SHA512
bb0b9d61924bf2b690fe94cc95218228d5b96c52fabc56a3fd726e4cde9d5ab3163bd91559e7b6083135bdf8200ee92b49daabf2456e0c9a4b7aaabfb8392f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e3d7be0e986a0ea2c5788c8d89282612

SHA1
5174b9147823afec42f4e7f6d952be7b393e776d

SHA256
c1bda743d32a7f8d2edee8550b5b862387392d6830fb16b8c0e3b9765e3d1578

SHA512
e96ac2342eba37ae4720ad1ce6867d7ecc7c46ac6b8ec593f7f8ad8579c61050c81e21c25649b980e64e34f3487f0286c75d31ea1c4cb82fabc6e5d0e177bbc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28a4b4fce29fd88f5850034f7832f2ab

SHA1
79f9c08d55485997c10f350b8d1a42e2e3e10f91

SHA256
c0af73f5dd3508da9e0c866cf135c52f09329be57c97023d5c404dfae6b46029

SHA512
e896552335ac74727e7bf3c6bc9c8c3903826ca4ea7a223cd747528e381b95e924be19354ec4cd2b5262a9212662c30c65648850731999bdb1cb4913b648824f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8ba309a063c4d6de290d2a5b64850709

SHA1
d27d47797940adb025ba44e3218370011ba243fa

SHA256
71afb6b41503791eab4a759eb74e3333bfcf9e207551af9352cda70e661cce7f

SHA512
2db1c26a888cd965e1b52d3fe75d835f195b2d6afcdc840b12cb90286ee97e51d3d3cbfd6f96bfbab761f9d84512a054990341ece9464fa462f0c219eac0204c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae70e2a0b2c1801e9f7fd40701f38044

SHA1
970b83fedf9e19b3e09ab58b5ba4ad9d7c41b389

SHA256
58b7390ef63e7428f56d46e7a3f26690d35c69bf5cd8a9fae9b0cf31643a7c87

SHA512
c63e7fefe4867eb5e67bb3ffa1da8aadd53271a49b8a68b11a1f5085d6b362bbe75a91256a606bf84641157a9b72f30a947e1852d169c3a0e73b94a7b099fde0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9110813f6485ddd78878cf0e024542c8

SHA1
4256cffef07c19a1e80a0133646c8fac29d238b2

SHA256
1a4e45efd7abd2a93dabde2f6872749e24d662fddc6ada4ba35c324d68cb71fa

SHA512
85aa8d9cebfc38d255de8a63ff2356853873ae9be9ac4833b2830367fd57f5164c80c535c8ca16161cee2ed5e332bbe8c003a0627b4088393d712cae086f2be9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b04f25cd5d2a3cc964ccba4fed8bf85

SHA1
0292bd4a9298f2df596e70363c57d00f655e1b0b

SHA256
bf8f7ae54b83a6ed5303bd629e9a066802d658320a97e33e1324c228ca95ca70

SHA512
169de0b85d2c7a0c92644011b8c1c81c68f58dd9603edc66553a40f2c5099004006b5b59e1c32cdf82f35a3929951dc0f6316ca9f6ad370ad1af76202005f951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8fb15ec56e58334cce00547ee10e0f0c

SHA1
8c413c37be4a14e4aa89a1ffe5a663edad55cc34

SHA256
c3c24f186737bfa16e87b9b52d2264c02be37352b609bd12efddead19218d407

SHA512
67755fa3b195538eeb4ff291bd5413d8c88af413ea8e85f474da65a5552704516c06a397584bf6ba69b70ac0a9fd9f7b1c3fad5a413d287d68326e78799d3400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f768a7d3fc512f9a969b7598f0624403

SHA1
dc9215155e02bd09aa9ee7cee60a044075c45671

SHA256
f3124e867eeedc5350c19877915f9b022e943a84231d467bfa5fc63210c11036

SHA512
00f0305649c9f2cfed73e82d9627d3ac1a1038ab1f5b3ddd4dd550620d90c4da77a8de0f6d9f3a2fe93c67d3239ac4e4426bf04a2dacc994e0a8a12e41d01fd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9fff829b8f0f2a4ba6e860733538791a

SHA1
617d6a81c3de9a89b13a00fffd5610a70ace0e84

SHA256
8519a45c83d8226b06f8aa6292c9e32a08a0499b998ec9a1659e1a9df6fab947

SHA512
c214eb472b8baa42cc5d95288b599cdeaa74f548c4bf467f8c59397a23063d884423b248b0cba9330e55a65e4b540ad49471e6b306378269b07882ee97e70e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
dff11c4f278705ac0d8e212acc8f0cbe

SHA1
09364143819ffa25d6225a09d9ffb76be16f73b5

SHA256
9885ec9cbc7a679c235adda78aaca63ffbd778d2a88b90a530c1af4f1300e794

SHA512
382c66875cd675a18d1a6cb571c8bf13efe308276dec6419a722b0895fae54c6e07c73568dcd6f8dfd2ab83153c74824f0bd3e8d05ecc81503755874a9a69d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
cacbaac5fadfd8d5cf0ccf760d6e49e3

SHA1
0de4b02340c7481d1e38ab69042ed38839293cb5

SHA256
5f78b973171898da58e68a017b80b4d960753fa3e41e6a26cf9b4a7d6e7dfb50

SHA512
a537810ecc832f92f0ff1a82cc6af7d6f7e04d38cc6272ce9da756a73205dac3ad4c48bad9f8fb1958b167db6a3398d519dc1516ae54105c1dabf33cd751c1fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ffe3154b-245e-4a6f-a031-35b20fb22907.tmp

Filesize
9KB

MD5
72920232d21142e789bf60ebcaab8d8f

SHA1
b7c261fe1b41d953c9a4f02bed077e347c9b15ab

SHA256
e2088854b7ca07e3a3efa01dcb83277b1abe48a88320840662ea45258874b443

SHA512
e09f4d4be5a225d628ca5fe40e0778a0f9636442b1e4d69c7ed4a8f5ca180047254b8efc405e0a0723f13bfffd6b97d25a0ba790b7adce17750667508a4cc1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
57ccd366bbebd1b39eb57f3d44a7b416

SHA1
f56e950e704016c630c6fac0fe7ac40a1c0f45cf

SHA256
a7693666681b3c1e20e251043a3bd9a49366c3d9256c9bcc81649337f7c636d7

SHA512
0fc98066ddef45d64d5c5f7adce84e33b8289a7bf68f0a7632ac126b0b24fd3e63f0d396805942691da27ac6b2c44151b99fe2b61d2663e1803e84239bba07f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
2b0428f96aad1c8f0937f2f9c4f45a69

SHA1
c6fb1d18ae3867cc72d50c9dd8ad8a87114f27d7

SHA256
006cbe23904e983ef70178a057244ede2ad2a578dd80f755a6b9904538cee1ab

SHA512
f5c0e4893cbd98905a2d6ad42263c88fe1ac3da115b23fcf64892494c01beaf6b3ef00dac9f0817b9de49a272213a039c85715cfde0df8595a7683a546b9d43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
b4946b7e9caae541fb178014fc22c127

SHA1
46501b8f007fc3362876ea29b146865a39758bc7

SHA256
93504958da2c21539ff9f32a9150cb2d4b4cf66fa33cac732b738f63afe21944

SHA512
3c66cb777d61cca457910cce71167cf1392b81d269d65b52854ac6df6f6807bf6b5965631c5cec9c5f8c8aa86e29db169569daf9fc84da079c5a3caf5cebe2d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8B059C89\XWorm V5.6\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES2B89.tmp

Filesize
1KB

MD5
f40477c8740e459c234b485af8a4d9b3

SHA1
5a6388bd33cd1b9c15074b534211e6174f4c5be5

SHA256
f85b78ac001f93b9b69be8414adf0e87426c547f2638eed49e2a9536fd8e14a8

SHA512
81696a9a3a052a65520908f1ade63cb8dd286d7025b2cd0b5c4cb6fbdf08aff91aa2fa8ae0123a6554ff04b58627b961f107341060d3df5f0ebae694388faac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\i0bcjzfc\i0bcjzfc.0.vb

Filesize
78KB

MD5
9a1537acea38385d7c257dcd4122a4cf

SHA1
ecfd33a3184d14230ba887807b1bf1055e0b0622

SHA256
11ab438251d113fc94eb7f6202e142d0efdda59ed4deb094b1f88cb256d1f1a6

SHA512
c1e8b31311ad99d99da2d56ac933e642ac91f7f2714f9c3f4629bfbc0b08a5bc9c7751f21c8ff01edbc819f8c1152153e199584f29fc64b31f19a8c01ceb97a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\i0bcjzfc\i0bcjzfc.cmdline

Filesize
301B

MD5
a49d63a64c72c66a5ecd4a586cf90bf5

SHA1
f3aa8daa4a4ba0db1558777b28ad71da887d2090

SHA256
456af32849937ba307cd590b6af8d11b2853d1fec2c656bcc8ef50ec497c5440

SHA512
67ecb4ca533428b528caff898475ea5c76661a1c3e000768fa80b3524b4fce9471ff6b7c942bdfe628de244e879bca7e9699944135db89a0108d2c2645ac5aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4284_99490901\4a327a89-e6f2-406e-8039-eaeb30f8e3ba.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4284_99490901\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcF9C3151C9696405E83E725288D905547.TMP

Filesize
1KB

MD5
d40c58bd46211e4ffcbfbdfac7c2bb69

SHA1
c5cf88224acc284a4e81bd612369f0e39f3ac604

SHA256
01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

SHA512
48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\GMap.NET.Core.dll

Filesize
2.9MB

MD5
819352ea9e832d24fc4cebb2757a462b

SHA1
aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

SHA256
58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

SHA512
6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\GMap.NET.WindowsForms.dll

Filesize
147KB

MD5
32a8742009ffdfd68b46fe8fd4794386

SHA1
de18190d77ae094b03d357abfa4a465058cd54e3

SHA256
741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

SHA512
22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\NAudio.dll

Filesize
502KB

MD5
3b87d1363a45ce9368e9baec32c69466

SHA1
70a9f4df01d17060ec17df9528fca7026cc42935

SHA256
81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451

SHA512
1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\ActiveWindows.dll

Filesize
14KB

MD5
5a766a4991515011983ceddf7714b70b

SHA1
4eb00ae7fe780fa4fe94cedbf6052983f5fd138b

SHA256
567b9861026a0dbc5947e7515dc7ab3f496153f6b3db57c27238129ec207fc52

SHA512
4bd6b24e236387ff58631207ea42cd09293c3664468e72cd887de3b3b912d3795a22a98dcf4548fb339444337722a81f8877abb22177606d765d78e48ec01fd8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Chat.dll

Filesize
18KB

MD5
59f75c7ffaccf9878a9d39e224a65adf

SHA1
46b0f61a07e85e3b54b728d9d7142ddc73c9d74b

SHA256
aab20f465955d77d6ec3b5c1c5f64402a925fb565dda5c8e38c296cb7406e492

SHA512
80056163b96ce7a8877874eaae559f75217c0a04b3e3d4c1283fe23badfc95fe4d587fd27127db4be459b8a3adf41900135ea12b0eeb4187adbcf796d9505cb8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Chromium.dll

Filesize
32KB

MD5
edb2f0d0eb08dcd78b3ddf87a847de01

SHA1
cc23d101f917cad3664f8c1fa0788a89e03a669c

SHA256
b6d8bccdf123ceac6b9642ad3500d4e0b3d30b9c9dd2d29499d38c02bd8f9982

SHA512
8f87da834649a21a908c95a9ea8e2d94726bd9f33d4b7786348f6371dfae983cc2b5b5d4f80a17a60ded17d4eb71771ec25a7c82e4f3a90273c46c8ee3b8f2c3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Clipboard.dll

Filesize
14KB

MD5
831eb0de839fc13de0abab64fe1e06e7

SHA1
53aad63a8b6fc9e35c814c55be9992abc92a1b54

SHA256
e31a1c2b1baa2aa2c36cabe3da17cd767c8fec4c206bd506e889341e5e0fa959

SHA512
2f61bcf972671d96e036b3c99546cd01e067bef15751a87c00ba6d656decb6b69a628415e5363e650b55610cf9f237585ada7ce51523e6efc0e27d7338966bee

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Cmstp-Bypass.dll

Filesize
11KB

MD5
cf15259e22b58a0dfd1156ab71cbd690

SHA1
3614f4e469d28d6e65471099e2d45c8e28a7a49e

SHA256
fa420fd3d1a5a2bb813ef8e6063480099f19091e8fa1b3389004c1ac559e806b

SHA512
7302a424ed62ec20be85282ff545a4ca9e1aecfe20c45630b294c1ae72732465d8298537ee923d9e288ae0c48328e52ad8a1a503e549f8f8737fabe2e6e9ad38

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\FileManager.dll

Filesize
679KB

MD5
641a8b61cb468359b1346a0891d65b59

SHA1
2cdc49bcd7428fe778a94cdcd19cabf5ece8c9c0

SHA256
b58ed3ebbcd27c7f4b173819528ff4db562b90475a5e304521ed5c564d39fffd

SHA512
042702d34664ea6288e891c9f7aa10a5b4b07317f25f82d6c9fa9ba9b98645c14073d0f66637060b416a30c58dec907d9383530320a318523c51f19ebd0a4fee

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\FilesSearcher.dll

Filesize
478KB

MD5
6f8f1621c16ac0976600146d2217e9d2

SHA1
b6aa233b93aae0a17ee8787576bf0fbc05cedde4

SHA256
e66e1273dc59ee9e05ce3e02f1b760b18dd296a47d92b3ce5b24efb48e5fb21b

SHA512
eb55acdea8648c8cdefee892758d9585ff81502fc7037d5814e1bd01fee0431f4dde0a4b04ccb2b0917e1b11588f2dc9f0bfe750117137a01bbd0c508f43ef6a

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HBrowser.dll

Filesize
25KB

MD5
f0e921f2f850b7ec094036d20ff9be9b

SHA1
3b2d76d06470580858cc572257491e32d4b021c0

SHA256
75e8ff57fa6d95cf4d8405bffebb2b9b1c55a0abba0fe345f55b8f0e88be6f3c

SHA512
16028ae56cd1d78d5cb63c554155ae02804aac3f15c0d91a771b0dcd5c8df710f39481f6545ca6410b7cd9240ec77090f65e3379dcfe09f161a3dff6aec649f3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HRDP.dll

Filesize
1.7MB

MD5
f27b6e8cf5afa8771c679b7a79e11a08

SHA1
6c3fcf45e35aaf6b747f29a06108093c284100da

SHA256
4aa18745a5fddf7ec14adaff3ad1b4df1b910f4b6710bf55eb27fb3942bb67de

SHA512
0d84966bbc9290b04d2148082563675ec023906d58f5ba6861c20542271bf11be196d6ab24e48372f339438204bd5c198297da98a19fddb25a3df727b5aafa33

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HVNC.dll

Filesize
58KB

MD5
30eb33588670191b4e74a0a05eecf191

SHA1
08760620ef080bb75c253ba80e97322c187a6b9f

SHA256
3a287acb1c89692f2c18596dd4405089ac998bb9cf44dd225e5211923d421e96

SHA512
820cca77096ff2eea8e459a848f7127dc46af2e5f42f43b2b7375be6f4778c1b0e34e4aa5a97f7fbabe0b53dcd351d09c231bb9afedf7bcec60d949918a06b97

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HVNCMemory.dll

Filesize
39KB

MD5
065f0830d1e36f8f44702b0f567082e8

SHA1
724c33558fcc8ecd86ee56335e8f6eb5bfeac0db

SHA256
285b462e3cd4a5b207315ad33ee6965a8b98ca58abb8d16882e4bc2d758ff1a4

SHA512
bac0148e1b78a8fde242697bff1bbe10a18ffab85fdced062de3dc5017cd77f0d54d8096e273523b8a3910fe17fac111724acffa5bec30e4d81b7b3bd312d545

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\HiddenApps.dll

Filesize
45KB

MD5
ba2141a7aefa1a80e2091bf7c2ca72db

SHA1
9047b546ce9c0ea2c36d24a10eb31516a24a047d

SHA256
6a098f5a7f9328b35d73ee232846b13e2d587d47f473cbc9b3f1d74def7086ea

SHA512
91e43620e5717b699e34e658d6af49bba200dcf91ac0c9a0f237ec44666b57117a13bc8674895b7a9cac5a17b2f91cdc3daa5bcc52c43edbabd19bc1ed63038c

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Informations.dll

Filesize
22KB

MD5
67a884eeb9bd025a1ef69c8964b6d86f

SHA1
97e00d3687703b1d7cc0939e45f8232016d009d9

SHA256
cba453460be46cfa705817abbe181f9bf65dca6b6cea1ad31629aa08dbeaf72b

SHA512
52e852021a1639868e61d2bd1e8f14b9c410c16bfca584bf70ae9e71da78829c1cada87d481e55386eec25646f84bb9f3baee3b5009d56bcbb3be4e06ffa0ae7

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Keylogger.dll

Filesize
17KB

MD5
246f7916c4f21e98f22cb86587acb334

SHA1
b898523ed4db6612c79aad49fbd74f71ecdbd461

SHA256
acfe5c3aa2a3bae3437ead42e90044d7eee972ead25c1f7486bea4a23c201d3a

SHA512
1c256ca9b9857e6d393461b55e53175b7b0d88d8f3566fd457f2b3a4f241cb91c9207d54d8b0867ea0abd3577d127835beb13157c3e5df5c2b2b34b3339bd15d

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Maps.dll

Filesize
15KB

MD5
806c3802bfd7a97db07c99a5c2918198

SHA1
088393a9d96f0491e3e1cf6589f612aa5e1df5f8

SHA256
34b532a4d0560e26b0d5b81407befdc2424aacc9ef56e8b13de8ad0f4b3f1ab6

SHA512
ed164822297accd3717b4d8e3927f0c736c060bb7ec5d99d842498b63f74d0400c396575e9fa664ad36ae8d4285cfd91e225423a0c77a612912d66ea9f63356c

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\MessageBox.dll

Filesize
14KB

MD5
7db8b7e15194fa60ffed768b6cf948c2

SHA1
3de1b56cc550411c58cd1ad7ba845f3269559b5c

SHA256
bc09b671894c9a36f4eca45dd6fbf958a967acea9e85b66c38a319387b90dd29

SHA512
e7f5430b0d46f133dc9616f9eeae8fb42f07a8a4a18b927dd7497de29451086629dfc5e63c0b2a60a4603d8421c6570967c5dbde498bb480aef353b3ed8e18a1

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Microphone.dll

Filesize
540KB

MD5
9c3d90ccf5d47f6eef83542bd08d5aeb

SHA1
0c0aa80c3411f98e8db7a165e39484e8dae424c7

SHA256
612898afdf9120cfef5843f9b136c66ecc3e0bb6f3d1527d0599a11988b7783c

SHA512
0786f802fbd24d4ab79651298a5ba042c275d7d01c6ac2c9b3ca1e4ee952de7676ec8abf68d226b72696e9480bd4d4615077163efbcda7cff6a5f717736cbdfe

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Ngrok-Installer.dll

Filesize
400KB

MD5
3e19341a940638536b4a7891d5b2b777

SHA1
ca6f5b28e2e54f3f86fd9f45a792a868c82e35b5

SHA256
b574aabf02a65aa3b6f7bfff0a574873ce96429d3f708a10f87bc1f6518f14aa

SHA512
06639892ea4a27c8840872b0de450ae1a0dac61e1dcb64523973c629580323b723c0e9074ff2ddf9a67a8a6d45473432ffc4a1736c0ddc74e054ae13b774f3e2

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Options.dll

Filesize
30KB

MD5
97193fc4c016c228ae0535772a01051d

SHA1
f2f6d56d468329b1e9a91a3503376e4a6a4d5541

SHA256
5c34aee5196e0f8615b8d1d9017dd710ea28d2b7ac99295d46046d12eea58d78

SHA512
9f6d7da779e8c9d7307f716d4a4453982bb7f090c35947850f13ec3c9472f058fc11e1120a9641326970b9846d3c691e0c2afd430c12e5e8f30abadb5dcf5ed2

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Pastime.dll

Filesize
17KB

MD5
6430ab4458a703fb97be77d6bea74f5b

SHA1
59786b619243d4e00d82b0a3b7e9deb6c71b283c

SHA256
a46787527ac34cd71d96226ddfc0a06370b61e4ad0267105be2aec8d82e984c1

SHA512
7b6cf7a613671826330e7f8daddc4c7c37b4d191cf4938c1f5b0fb7b467b28a23fb56e412dc82192595cfa9d5b552668ef0aaa938c8ae166029a610b246d3ecc

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Performance.dll

Filesize
16KB

MD5
1841c479da7efd24521579053efcf440

SHA1
0aacfd06c7223b988584a381cb10d6c3f462fc6a

SHA256
043b6a0284468934582819996dbaa70b863ab4caa4f968c81c39a33b2ac81735

SHA512
3005e45728162cc04914e40a3b87a1c6fc7ffde5988d9ff382d388e9de4862899b3390567c6b7d54f0ec02283bf64bcd5529319ca32295c109a7420848fa3487

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\ProcessManager.dll

Filesize
19KB

MD5
3d4ec14005a25a4cb05b1aa679cf22bf

SHA1
6f4a827d94ad020bc23fbd04b7d8ca2995267094

SHA256
7cf1921a5f8429b2b9e8197de195cfae2353fe0d8cb98e563bdf1e782fe2ee4e

SHA512
0ee72d345d5431c7a6ffc71cf5e37938b93fd346e5a4746f5967f1aa2b69c34ca4ba0d0abd867778d8ca60b56f01e2d7fc5e7cf7c5a39a92015d4df2d68e382e

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Programs.dll

Filesize
13KB

MD5
a6734a047b0b57055807a4f33a80d4dd

SHA1
0b3a78b2362b0fd3817770fdc6dd070e3305615c

SHA256
953a8276faa4a18685d09cd9187ed3e409e3cccd7daf34b6097f1eb8d96125a4

SHA512
7292eab25f0e340e78063f32961eff16bb51895ad46cfd09933c0c30e3315129945d111a877a191fc261ad690ad6b02e1f2cabc4ff2fdac962ee272b41dd6dfa

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Ransomware.dll

Filesize
20KB

MD5
ccc9ea43ead4aa754b91e2039fe0ac1c

SHA1
f382635559045ac1aeb1368d74e6b5c6e98e6a48

SHA256
14c2bbccdabb8408395d636b44b99de4b16db2e6bf35181cb71e7be516d83ad9

SHA512
5d05254ba5cd7b1967a84d5b0e6fd23c54766474fb8660a001bf3d21a3f5c8c20fcdb830fb8659a90da96655e6ee818ceefb6afa610cc853b7fba84bb9db4413

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Recovery.dll

Filesize
1.1MB

MD5
776193701a2ed869b5f1b6e71970a0ac

SHA1
2f973458531aaa283cdc835af4e24f5f709cbad1

SHA256
66dbe3b90371fe58caa957e83c1c1f0acce941a36cf140a0f07e64403dd13303

SHA512
a41f981c861e8d40487a9cd0863f9055165427e10580548e972a47ef47cf3e777aab2df70dc6f464cc3077860e86eda7462e9754f9047a1ecc0ed9721663aeb9

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\Regedit.dll

Filesize
15KB

MD5
53a2cfe273c311b64cf5eaca62f8c2fd

SHA1
4ec95ec4777a0c5b4acde57a3490e1c139a8f648

SHA256
2f73dc0f3074848575c0408e02079fd32b7497f8816222ae3ce8c63725a62fe6

SHA512
992b37d92157ae70a106a9835de46a4ac156341208cfe7fb0477dc5fc3bc9ddae71b35e2336fc5c181630bac165267b7229f97be436912dfd9526a020d012948

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\RemoteDesktop.dll

Filesize
18KB

MD5
e6367d31cf5d16b1439b86ae6b7b31c3

SHA1
f52f1e73614f2cec66dab6af862bdcb5d4d9cf35

SHA256
cc52384910cee944ddbcc575a8e0177bfa6b16e3032438b207797164d5c94b34

SHA512
8bc78a9b62f4226be146144684dc7fcd085bcf4d3d0558cb662aacc143d1438b7454e8ac70ca83ebeedc2a0fcea38ad8e77a5d926a85254b5a7d420a5605538a

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Plugins\StartupManager.dll

Filesize
188KB

MD5
3d76ef15ab712b93eabd4b68ea0111d5

SHA1
0f309663fae17c4ccae983e1fabb16a1e5f77d9b

SHA256
1802e16379d96021fee05f583633c8091bb669350b7d32064179a8944d45a5a6

SHA512
6c0d0291abb696bee33b6e42392b07028c82bcffc8fb7934ba234f178f011ab14fde38cdccb322c8dba058ae66fc023349de5db1c587d3417709bf263cfd28f3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\SimpleObfuscator.dll

Filesize
1.4MB

MD5
9043d712208178c33ba8e942834ce457

SHA1
e0fa5c730bf127a33348f5d2a5673260ae3719d1

SHA256
b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

SHA512
dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\XClient.exe

Filesize
32KB

MD5
9f7bca911058f57dafd6f46d4dbdb6fa

SHA1
c98d822fefb1816a03f05f2e337d116f7eefa8da

SHA256
919ad79901714297a2715b7dc55821fd46747ced09491fe9da365cb817223bf5

SHA512
0ff49b85bd4b9fa85bbc8e848b3d174f3450636622f3e6d51b8a193d6368b05dc0de94b2167ee0ed0ceae837167a4998e41a6c9d9f6f64dd29d950d4ac808bc8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
C:\Users\Admin\Desktop\a.bat

Filesize
18B

MD5
b822570b7e7659f24fe25f74c14e1e00

SHA1
a3c2ba8ff51a803843acc7fadef66313dbc1862d

SHA256
a5a51098a1ac5283b69bc6c9145356f531a9a2a814b37d665fa8930ba84ff64e

SHA512
617165cb108c1d3ef2859e87447d1a9ef88cf0fa9da376b4600b30eb6aef4dc23c4a14d3fa5108e7bf065e8d23493494b966f75080af5efb37dcf3204d90f3a6

Download Submit
memory/3332-1154-0x00000249CF580000-0x00000249CF6E8000-memory.dmp

Filesize
1.4MB

Download
memory/3332-1186-0x00000249CFA90000-0x00000249CFD72000-memory.dmp

Filesize
2.9MB

Download
memory/3332-1059-0x00000249C8880000-0x00000249C8A74000-memory.dmp

Filesize
2.0MB

Download
memory/3332-1048-0x00000249AB180000-0x00000249AC068000-memory.dmp

Filesize
14.9MB

Download
memory/3332-1184-0x00000249C6B20000-0x00000249C6B4C000-memory.dmp

Filesize
176KB

Download
memory/3332-1182-0x00000249C6B80000-0x00000249C6C02000-memory.dmp

Filesize
520KB

Download
memory/3332-1188-0x00000249CF380000-0x00000249CF432000-memory.dmp

Filesize
712KB

Download
memory/4740-1612-0x000000001BB10000-0x000000001BB1E000-memory.dmp

Filesize
56KB

Download
memory/4740-1180-0x0000000000DF0000-0x0000000000DFE000-memory.dmp

Filesize
56KB

Download
memory/4740-1226-0x000000001C7C0000-0x000000001C7F6000-memory.dmp

Filesize
216KB

Download