Analysis Overview
Threat Level: Known bad
The file https://github.com/d00mt3l/XWorm-5.6 was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm family
Lumma Stealer, LummaC
Lumma family
Xworm
Uses the VBS compiler for execution
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-30 02:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-30 02:20
Reported
2024-12-30 02:25
Platform
win10v2004-20241007-en
Max time kernel
271s
Max time network
275s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer, LummaC
Lumma family
Xworm
Xworm family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe | N/A |
Uses the VBS compiler for execution
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XwormLoader.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799988472225919" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff88959cc40,0x7ff88959cc4c,0x7ff88959cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4328,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5080,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XwormLoader.exe
"C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XwormLoader.exe"
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
"C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x4a0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4716,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gtcd4tsq\gtcd4tsq.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF406.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc97BEE9602BA042A7BC25B5ACF56E9.TMP"
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
"C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.201.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 142.250.201.170:443 | content-autofill.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | cleartotalfisherwo.shop | udp |
| US | 8.8.8.8:53 | worryfillvolcawoi.shop | udp |
| US | 8.8.8.8:53 | enthusiasimtitleow.shop | udp |
| US | 8.8.8.8:53 | dismissalcylinderhostw.shop | udp |
| US | 8.8.8.8:53 | affordcharmcropwo.shop | udp |
| US | 8.8.8.8:53 | diskretainvigorousiw.shop | udp |
| US | 8.8.8.8:53 | communicationgenerwo.shop | udp |
| US | 8.8.8.8:53 | pillowbrocccolipe.shop | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp |
Files
\??\pipe\crashpad_3900_BBUGVNKYLRMMAXVN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 59e609247d8d58311e83745904b96864 |
| SHA1 | 05b60e2c6021efd5a74b3c551b6dda4d53b4b0fa |
| SHA256 | 94d0b46f6c9fb958701da082df0d55b6a2ae888bf40c98b84d6b6b2f52300919 |
| SHA512 | c7a494c3a95924af11f333071386dbf03c4058f951d0f9f303cbdefd0ef206479e93271a07da22c9257f6913e253c6cec6c6c79378797dbcc4341fa168725d97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1968c7f0c4a7845abeba28cb40bce89c |
| SHA1 | c041bb716705e85c8d294e8c0c373dd0dde2ffa6 |
| SHA256 | 6ae73218fb0adf6fd6243b4e7f68ffa6ec767152b8e9e9fed9add0c53d3e4738 |
| SHA512 | e0323834b6707f8118d9c34cad3fa2172bab1765375ed64321d0f7f61d7b2c74327e1db43185eae74df572f4e0b9a85c0740e688d9153899ac22f1319b557bec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20d295eeff4f371658d0e608ab156437 |
| SHA1 | bf5c687e74e7c84262fa5092f5b8006299527c21 |
| SHA256 | 249ddf729bf6460cf8fb0309664e4e81ce7918d645cbd2d7b2b68a45d889cbf7 |
| SHA512 | d2c0837b26390f7899e395f55cc875fb8a55a04a422c32f66f600b60a538d2940eaf069a80a44c9c3e9007ecbea0e2b42c19093366601b3096177d9de99011d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5b0b47f384f3a660ac285807e6a676fc |
| SHA1 | bd878583f3778609164683e15531ccd5eb9fd5e4 |
| SHA256 | f104dd06d1c4e565475ba22699c9d3a733d5bcffb4dfb9d7e9d575d59d8f3e0d |
| SHA512 | 1b9f6ed1ca671a2c59ab30a331ad8ddcca158b11f19d86c135d4f090a4eec235f7df6665034c5d06fee348dffef9ed4e3464ce1625a0908c629f270251b02865 |
C:\Users\Admin\Downloads\XWorm-5.6-main.zip.crdownload
| MD5 | 95c1c4a3673071e05814af8b2a138be4 |
| SHA1 | 4c08b79195e0ff13b63cfb0e815a09dc426ac340 |
| SHA256 | 7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27 |
| SHA512 | 339a47ecfc6d403beb55d51128164a520c4bea63733be3cfd47aec47953fbf2792aa4e150f4122994a7620122b0e0fc20c1eeb2f9697cf5578df08426820fecd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2407e9f58a03aff683bc627fcce338d0 |
| SHA1 | 5c9202c3f792df6b69a4c95db43c7eabcf785abb |
| SHA256 | e015465f5384ed09115e77c0c72b5dfc6bccb570cd00d1ebbc5d42825aeec9a7 |
| SHA512 | 1311355261a967e0e92df369041c6cc18f8f2b9308f9f2cac07593d06ba19585cf4569c36d474952db92133c010a2d6beae16db5909c3d1e9b4ae788bfdd398a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d30d17f74e997227e4971b43533100d |
| SHA1 | 5ace7d3127b0abb4512e1a848ba968daba523ee9 |
| SHA256 | c4a9a02e9d921bf4f9e81cfe50b6a0f3512facbe1fed133c870bbcb53f773ac9 |
| SHA512 | e8a128e6948191fc2539d8ec79bcf5d128081cd75e267707908adfcf3904b6dc026b26315a48ea1ac0a4f518dce3eed65c40522c88279d7d3b2c0ced2b3ea9ae |
memory/3088-202-0x0000000000F40000-0x0000000000F8B000-memory.dmp
memory/3088-207-0x0000000002D00000-0x0000000002D01000-memory.dmp
memory/3088-206-0x0000000002EB0000-0x0000000002EB1000-memory.dmp
memory/3088-210-0x0000000002D00000-0x0000000002D01000-memory.dmp
memory/3088-209-0x0000000002D00000-0x0000000002D01000-memory.dmp
memory/3088-208-0x0000000002D00000-0x0000000002D01000-memory.dmp
memory/3088-211-0x0000000000F40000-0x0000000000F8B000-memory.dmp
memory/4640-212-0x00007FF874DB3000-0x00007FF874DB5000-memory.dmp
memory/4640-213-0x000002DA4F100000-0x000002DA4FFE8000-memory.dmp
memory/4640-214-0x000002DA6C900000-0x000002DA6CAF4000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c643611cba64b4113dbb3e0fefa5a900 |
| SHA1 | 21f6981228caefaa540c791623ae670845a7613d |
| SHA256 | 56363a4760358597e9c5fc7c5bee752da5cd7082a1df3b44881271b33f9910f3 |
| SHA512 | 0f6aef15b7ae4b160eac614bdeed966294578bb9b3db0394de7bd40445a9934499e94ea51029ef2492f48062c4643df32fb2ba36fbb425294128037d178203a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 222a2686364fba754685850d1230206c |
| SHA1 | a5e3f8d6e9468a17edaabac2aae8832378ae61e8 |
| SHA256 | 16a60ac91c28d4eb1f58454fc16f34812c935e32f8b7de2a2c594ce25d62d7fc |
| SHA512 | 28c96bc589ee26c5772bbdbe3f82da27b8b8a92733a6017f93cfae483e246c3236429a94b8f6f14d5b8641724ead6dae1b4126579a3c6f6b7b1fcff9533d4d52 |
memory/4640-233-0x00007FF874DB3000-0x00007FF874DB5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e05d895662f1faaa280a9f3fb759b2cc |
| SHA1 | e26e833d243c9a4e09b67f816550e23aa0385a54 |
| SHA256 | a68b78c430fa22a57d2d159fab5f1373d3e29e1833fe5f7e1bcbd9ab06fe5185 |
| SHA512 | ed7e40f620e0700ebad7b4c57f18ba3ba59231faa72fc01a65ebad82e9a273ffdce904a2e5426c0715e504b1c3925ee58a5e3295fd50959dce3b1aa41d4bc4e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9afd48c30887916c803cc00c7eb27c28 |
| SHA1 | b5d62491cbff3c5521efb2a2c764b47673e3cf89 |
| SHA256 | 73e33dd6d6ca38ad96b1181b814a13896b94b1b28f2b868eb87d609d8a057f18 |
| SHA512 | a6177d68f7f9e0eb797a98b06143b96b4efd8156677acec6eedc2888b2d712d688aaa5e83ab04288c3c80dd365c615f3ad737191943b12e1e99e59a2256d4b01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8b9be155057af455d4b6736b1d895ccf |
| SHA1 | 34f39d98d2d3881d396b3eeb41585b9dcd0bf462 |
| SHA256 | d2bf7acb7f9a86c44f0713d6fa8836a8297d713f04ec0e4519a33a646039cdab |
| SHA512 | 84acea827d8b703c1112c66b9a6e05f3a67b2ea94b59376d2d3a14faab26e83beca753b881c777d798f4393e96386fceaf01154c47d0295981a0cbfeece57aae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7785c435c57f56d797624b99b31da0c1 |
| SHA1 | 929bf2232861d88f53c0a67d369c28b169664beb |
| SHA256 | 40383c312f3c9657a1c297ab2226bede8e689aeab3d3e1b0b2b1dbdff7ecca51 |
| SHA512 | 5ba9377a9567e731fc28ee301219802b542406a2c597f1e02ecbe4e6da632070ed1f2ede9e89e4cb8cd34607814b5fd2aff25516d8d9518b80e3149713eb00de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9e186954-c08f-4214-b0b1-8c53acb94651.tmp
| MD5 | d9bd68555a322d861f74aa9fd85362ba |
| SHA1 | 782a617228eec2737387221383d2d01af6a3f8c9 |
| SHA256 | 34f21fc188aba6638329924c9e228bc82b8bd81188c3a12c47add0525144c110 |
| SHA512 | 56c52c4bcb33e593d39801ab3a777d5668868b3efe9419cfb62fda52e4a7a33e9c0a9bbb30e790abbdbc7b1d58ce593f9b337929b73fac8da24c46d78156c5dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd24b37360020f17e9215bbef282b5b5 |
| SHA1 | afb7a34e0758555aebd830f81c4cc3af236aa268 |
| SHA256 | c2d1ea78653946fe858517f5b1e96a706d349feeb0510efba7d754e897123050 |
| SHA512 | 2278ba87b847f243dafa430da68e38654ea04a14b6e1a14a519ca998b0cddd573ba01ff61c8ccb635d8d628ac0f78ac3f8ce06613c8c2fa49b7ed9bd9682291d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 676dca66dc71aa8ff99982a548e29d7a |
| SHA1 | 726b6110adb24b4864be5658761e5f7583a3aabe |
| SHA256 | fe6f401ec5f1f4fa1cface9ff081d4d054f75a79ba2aed28cb2683831cbf8cee |
| SHA512 | e92c133fda789d10d9828d7c1323921827626276c115701483a5083e89ceac29cf32f1f13c77bee138c1ae60da4ae0d327c336e89a4ef0b51791fbcce1a82c4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f2984d3fd77c529825551a55f6a38118 |
| SHA1 | 92e70c9f11523b98e426cb25e0ecc1e16c1a41ff |
| SHA256 | 437d5a4c471909f1096650f7fa7b57a79afa6a6664d74bce164d880091e2e6c4 |
| SHA512 | 992b069c3d2343829caa5fa3be6d63d0e5a62f01dba579ff0288e4424c6599a5bc7b10bf3d8fcd85cbe03317664c73d1fdc61b99a14153b90f5da0f34fbef55d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0502cf31023c0a33de3a0c807f7edfc2 |
| SHA1 | a5222a5c659d652b11201994bf4bfdb4d7e6237e |
| SHA256 | c388305b750d17a95ca7adc326ddb02a1ae563b8f7ebe49dd372d8bf51a3effb |
| SHA512 | 81966b7e3249aad0dbae9a9d214b7d2ea93e662ece6e767033234970ac67d8b656596fff01ca29c8e2fcb0f6cab9e94a199e7bc5204cc6db62580560b2a64783 |
memory/4640-323-0x000002DA738D0000-0x000002DA73A38000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gtcd4tsq\gtcd4tsq.cmdline
| MD5 | 04553e10a3476e087cc8b5a5a79c3acc |
| SHA1 | bc5e1b19158aa500b89cfdf0eba6a0777bd7f00b |
| SHA256 | 89c7e5fc7b2234d1afd27099457355d9761e94caee0600a4ed5ee1fc4379b8bd |
| SHA512 | 2019e864add2ffd2ff04a028e3d4c1ae21423e8f690682b90518c01e52ac7d3c885047710a3eebc5bbaa0a24bee4f8a38b2ca1df78529945b6422a2da87016d0 |
C:\Users\Admin\AppData\Local\Temp\gtcd4tsq\gtcd4tsq.0.vb
| MD5 | a122e66035f207e313af1f8ee14c1a5b |
| SHA1 | 60aab4f47fb1cb16a36c998efdc036c817d87644 |
| SHA256 | a043cee8d361ea00234991208179d6cff2e4f69889450e08f01b82dc6d0d0336 |
| SHA512 | 2e86d89b9f02a80f3579e2e476b7c676b43ee99a8a725edd11c5f74a3ceaac4de25b177e89dd7f34957f8540bf6d1a113bf11c15fffcbe9cd42e3e0b54d6cf37 |
C:\Users\Admin\AppData\Local\Temp\vbc97BEE9602BA042A7BC25B5ACF56E9.TMP
| MD5 | d40c58bd46211e4ffcbfbdfac7c2bb69 |
| SHA1 | c5cf88224acc284a4e81bd612369f0e39f3ac604 |
| SHA256 | 01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca |
| SHA512 | 48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68 |
C:\Users\Admin\AppData\Local\Temp\RESF406.tmp
| MD5 | 316225912ac02b59ee2a874775124593 |
| SHA1 | 6ffbc7777dce2bc40635f36df53705edbe696ce7 |
| SHA256 | 13ab3aa7e74a7fa08adf60588e752f90903246fe3745c36dd0801db69818f7d3 |
| SHA512 | 143778990e46fab66c72f9d8f4b5b42bd76c7cc351184a7f4ce06d954d3a03f0836f4c51e1efb5e0ebf34bafa720ee5c482d566463586b15a6b5f86c6a15f0ff |
C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
| MD5 | 971700e5d32cea89359f82e903e36da9 |
| SHA1 | 768ab1f757493c47845386f0bfa0419f5cda6f18 |
| SHA256 | c879e609b28892a96769d677455dc9853c05c7d8efde01a952efc9b50a8363d6 |
| SHA512 | 5c76650a23542ec44040e649b119fc8709c47f0038608f8a703f1e1b48c13008a8b87e7953f6e73236d877248b72df7f69a4aeac0fe52ac769fc5d3b4513f824 |
memory/1440-340-0x0000000000550000-0x000000000055E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56064cc43eb1b9512b7c2cc61b265356 |
| SHA1 | 55d6328038349bcd7ff1a09b3ab0b21765f1679d |
| SHA256 | efb9ef372c4d15cc1b8faed6b71770b5271595f204e9580e06c16ed83514fe41 |
| SHA512 | f4a9283b11a236dcc79422554629d941cdca3f683ac96bdd9b026dfbd7cb5528c8d7c762b5b3b3b3d976f38750cf372ef829fc95f96cc815fc7e4d1207325762 |
memory/4640-350-0x000002DA73CF0000-0x000002DA73D72000-memory.dmp
memory/4640-351-0x000002DA6E040000-0x000002DA6E06C000-memory.dmp
memory/4640-352-0x000002DA74100000-0x000002DA743E2000-memory.dmp
memory/4640-353-0x000002DA73F10000-0x000002DA73FC2000-memory.dmp
memory/1440-354-0x0000000002750000-0x000000000275C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ccf3d272873f1ecfeeaabf3a84564476 |
| SHA1 | 9f52aa8efed7f94871f006c8fd816512d7e21259 |
| SHA256 | 5b0e1b59b6e84fc45056b2275e5eea875b0613cb66bfc1b118cbc1909ed8821b |
| SHA512 | 4968358f1562a3256dfec1c8c30c3ffdeda1c9cb9cb39111e8871724b4e798af634c492dbfc10a7de41388ad6667f38e659c3ac78444507ea5799da68832a1cf |
memory/1440-364-0x000000001C2A0000-0x000000001C2AC000-memory.dmp
memory/1440-365-0x000000001D0F0000-0x000000001D618000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b8a85683ee2f3b7b848a392c663cf1b |
| SHA1 | e5b0cdfcfbce9fa35e316e19245008f06ceb78d1 |
| SHA256 | aaecd495f0042ba46843178a2b37242db0d8cc7d67f295390e5b9985f4d4639b |
| SHA512 | 151d241f13c374ca2a800981a24f0efc7800a9d9c737c61e03ffa10fc80f170ee66045bbf3b23268d7f05f12c042cb6950bc4c437c76d6b52196b3d81f7435ce |
memory/1440-376-0x000000001C2B0000-0x000000001C2BA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 964eec1854996e7af8cd40433e0554b7 |
| SHA1 | 6701cb2c3c1f2681af1288984f56b55680243281 |
| SHA256 | 2776b7449a6660d7ba6e5baae36dd963b3cea9c04583a73c1f4a0dc198119881 |
| SHA512 | 82cb4b2ce11fe880bfc0da65879d4c0b926ae67b5bdb9ea7a7a7f3ce45b6720d4d8d37c3f366de6da4710eee097c26830c5f935a1ab82af7e4faababaff2e133 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8dd67e794cc2479a80a8ad18cf3efc2a |
| SHA1 | 10f0e71fc1bfd28384d44082a72048c158d4d588 |
| SHA256 | 49dfd0bbbafe431c9a3a2db73d06ce4c48b56ed16a094d1d7b485c98debb6531 |
| SHA512 | bc845a3999744c3b54eb5a02da7084918ea3e5780460918bef9f15a2236436deb14a33f31b0984d0997a2d92b87f1a400efa71d02eb0ff7d3a449d18338b4b09 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-30 02:20
Reported
2024-12-30 02:35
Platform
win10ltsc2021-20241211-en
Max time kernel
899s
Max time network
845s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799988473108104" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffda083cc40,0x7ffda083cc4c,0x7ffda083cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2060,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1924,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2404 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4596 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4772,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4936 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.74.250.142.in-addr.arpa | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.179.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| FR | 142.250.179.106:443 | content-autofill.googleapis.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1144_JPWZNJGKEMTNDJII
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | ae904093d0823a97ebcb808125df1f42 |
| SHA1 | 5dc7c5d5cb38eebb6a89c1e482ce51fab18753e7 |
| SHA256 | 97bfee47661d382e8a0eece81c0d43583309279a12fed36b8c5f4873e4c1fcc0 |
| SHA512 | dd95a8e29a0d4c67ee09367a4ea30e78f30880c95acadd9e660f80d93b3e4a022c0bcbcc50b020cd3d337f237da1746d4cc5c4e5c87e83f70e24925c3378de08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a0cc710eef94308d49c2ef58b8bb39e0 |
| SHA1 | e6ca3517638687f22b8d726cfa1e86ec81218223 |
| SHA256 | 6f958f1d012c8b0e4fb8ff6a3c0c540e3c6765bbb7bed755fa8a27278dad8220 |
| SHA512 | 3cd6625dc4a470fa73cfa89245b467f5b09955e41f519706d1a818849414755eefddbd66785fd4339ce75806ff4a11b248aa5512fdfad88d9d66568c8cab9d93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3cefff667f4d7950fe4935491d53610f |
| SHA1 | bf6b66b1c92efe41ca91819f60ddff7c0c7ff457 |
| SHA256 | 462c72af18db69d839ea379014e3c750ed73b8faa765eab570fe6673c10ed669 |
| SHA512 | a5f7af70b9761ca36c159a395dfbf7a643fea515f043f00022de0ca31c4e449d0d62ca4c87440786b563817f39d000a3958979004a1045ad6a8811ababb3136e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8fb00c6013e00512ede4dae557ce76da |
| SHA1 | 5cc88088507800efc73494679fd58779b9529d30 |
| SHA256 | 6e06497a00c03877ca805c8ee30f70592fd146eadcdd33f2de1c0b4695ae96c2 |
| SHA512 | e8adc6740bf591488ed51d63203a048967505bf38efd119bfc7c1965d2906c2e6e034fd41aca4d9758dad6ecf88af71a21a58cf55437cffb52e4c6c749d887a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d0b1bf3077cd6915418f973ebacd4068 |
| SHA1 | 702f864ba948737aa54d0f626c6204d0fe18a1c2 |
| SHA256 | 91e7b94c89e581e386e0b8a1b1e788d10d8c63b0d5cdff68d31a7072c382e8e3 |
| SHA512 | 29783eef53aa274fd28f0196f1e3991571e2555e77d3c3264d6c3cae85cf62822fa271bc5f523ca4791d07435038d7f8a81c367295c55561f525fca995148c7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c76023d2d9ab415c6b2e7c252b1c6cfc |
| SHA1 | cd50aa94ebf568b02e1c5fc7fd9701679b570ef6 |
| SHA256 | 5bfcdeb37bc2238c1a53b79f6e34073d5ff39fc25a8d69cf7cdd8197b1bd47e4 |
| SHA512 | b8de0143676bd3729b020d16b685de1e3a8b8f89888d99b9a86cf4048529c21a923bd7b623dd58ef82424fdcfd7adabe5d2548aae474d973ac448339fdb9dc80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bddf56ff7a325c34e099bdc4efca9b2f |
| SHA1 | 686e13a456cc50db94e63a19f828b72a5f19a926 |
| SHA256 | dee838b6a8d1a20bd5a6406c57357b07b621901fb1c6c92dc24caa8f77824ce6 |
| SHA512 | ed60197764f497a4948cb093a64dc30270a8a8add50da40c197bda6162ff279303b849798350b011cb47411e3f02ff91c07d31048208b160113ae81592469472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | abdc4693c09d32be6c19b6d60a1ea87e |
| SHA1 | 345f036a9a6b237812bb38d7778697f0007b242d |
| SHA256 | dce99c06d3a68acf0d120a000729f280ae8517b33b9d69bbb2792e1c8d3637c9 |
| SHA512 | 4c6302c18547bf6ca522c795c315f0ca0ffdcf7fedbc6b247b0d7f809e40c27907469f0b0fabc305429a944251c22a446fe8423f018e0decbf6c9d704cbfb892 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 68e6889be566c6eaf2852e58c0a728be |
| SHA1 | b8318cdeec1063d27581a760f1c1631f8b936f34 |
| SHA256 | e9e8447a0c9c9f376093aa841c9bd33725311d505b945d67398af8c66d43e888 |
| SHA512 | 262a975a87f73744c33ecf8d7d89b2c8743f2fb4287b5cd1c7207919ed88d8026e8251a3b481a1bec3acabfae075fdb1bed7524f48718ddb2ccd75c7d2ed1cab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf44f2264eaf7a882535e580d2854968 |
| SHA1 | 4a88786ba52372f70df7a6907755d528dff0f263 |
| SHA256 | fc2ba5c8b581f77344ef2f5081d214cef27e45e40c5be9099e585dafff818e46 |
| SHA512 | 480912c59c3cac125e340211b46a34760d87db4c8d65065c0213e1022e59175745e1a45d0c27ace25f4bad162eb57aa34062c4fd94349972ca1cf1aba2b8ffd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b4c019c354e67ab8bda9afbd3d03f5f9 |
| SHA1 | 9155d48c8eb8278bc26638174da517114865d5c3 |
| SHA256 | f43bd8a394943b2f3d35521e4a1beb57cb85f1a9243127ea9dc928453937dd42 |
| SHA512 | d3a2bfab5b76bbfac57b6303e649866683b0db7d0ce123e8e8b154a109953a3981790b1eea2dd9c43e8e43354b5246b8f689e7070ebe7d8a79732500804e7171 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc0a8912feb08306b97c723a905aebc3 |
| SHA1 | cb94ba0415128fa29f5ed0131151a3b2bab21472 |
| SHA256 | 9017be4bb7fcee890d2e3e9a38182274798de05813b0fcb4a5ad26a2425272b8 |
| SHA512 | 3cc1efd04c442b51a2bf25b65ec9a43b74facbe3cfce3611581a8dd6a6cf3c21ef9fe80f0b254048c39a02518e1f1a2ce2df3a2d79926972d75da9a8e85040d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d60c763c8f546abb9f840dc668bc3b1 |
| SHA1 | de530e1589934c08676ce16f2b936ca6d957e6d2 |
| SHA256 | e4abcb0caee6d1871bd62525a4f1c1b604d74852b315635516574669e471d5d2 |
| SHA512 | 25ce66f93b206a151bf096d5f9a84890ec8dc730b7cc6fd71b899ef2320119b8a1024774f208990bdfe47c32c6fd91a1a775b6ccc7a21e80ab86c98ebbdbf056 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 95ebafc5c07110e6629512cf50464473 |
| SHA1 | 7e620c51c980411a0c571168b87783b75debb534 |
| SHA256 | 896f0685ec250eb224fb1b09556015f4a00aea744bac23e93403977b73807f5e |
| SHA512 | 1f30eabc6bb741b06a8d1ea041e8887ca5c94f066c94de041c61e5c7d4070594f0d3db30e6294d44bd925ed6b43cb04e8ac0cc67bc3a1f46408747b2fd5d685d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 852043895dff99a92c6bb13061634e0c |
| SHA1 | 906204259dabd340af1aa39463714e4e6aea0f4e |
| SHA256 | de5a5f29aed1b4265ca60ec51d0d730787cd7389ea489bbdcccff0830fb45cc1 |
| SHA512 | 27a7df215023fee9a8c7321a7ffcb0030b8645f6b9474b417d8b8f22d006a5a8dcf1b0a2443538655e1ee3fa12de6447e32e4a266347c2a914a207a64febe251 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 222a7c08506229c7dac4c91840a63165 |
| SHA1 | 5587b4980e212d17648c137997447332112639ce |
| SHA256 | acd906bbbd3e7a832627d15cd4cb57225ba68eda55aaae067e868b0f00921325 |
| SHA512 | 98fe68491ce25e85a16ed9c16383dd8f17281d4ae4b818a0c0daa466c83584a9fd976ac1d53d8cbf9c8a5479e6b33249cc1bb0158cbbb0284b6477cf63106d5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e49712b5cf76acd21be73240f6001718 |
| SHA1 | cedcc9a21209378ee0a444dcfce69f3eed840fbe |
| SHA256 | 46bfd38e6150d171aa8c9c72f6fdf2107c59893d5a48f3ce62f232985ae96b5a |
| SHA512 | 5662b88bd1b8ad456587c67e28d8215cecc1a61f455272163d585979d4093ef8ac830549f2eb2f42a9f5a4054030fece7825ed2cd2becac225932f2196400036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a811eca7dc8b71035b4f0e014aeaccf9 |
| SHA1 | cc0b296d0ff271b18643d759a376c21b0ef6f2cc |
| SHA256 | 4a0db17aeaaf0683bb8a688998042e9d660d53279ba7a7bec58dbebfa499e719 |
| SHA512 | 043bfcaeb812bc2fd38f4b5416d99dd13d5e48bf1a6ce7a830dbcfab78a4dae1c7783bdc19b10f692fb0b80e95db561bd19cb3a74f1a1817becad1ddd262c123 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2fccaa5887f4449723e1115db599d2ad |
| SHA1 | e460808dbe16fc69a4356e2d4a9d4f5be3838f34 |
| SHA256 | 96204b3dcd97e48a8fc1ead9444cf9f1dfab4482144d8a82f41342dff22510b3 |
| SHA512 | 52f898ffe9f2dc39ce048cddc8f6d270a9faca7c695c22a97df16cdeb73bda03911691ca89e0544d2bb4fd322b1cc65b3844db147215364fd950a18d806580ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d5a071105095e215e6f401f72994520 |
| SHA1 | 2be75efc7732ec17d13960e0bad49f420add97b4 |
| SHA256 | 892c8e309976cb80a32dbd1aba2895277c6aafe5e5ca6929cbc64b747f7a698e |
| SHA512 | 88a23304c2ce51a7d8aa186d33e4cfba6256cf293016837b203fbbe0ec822e6f90b17e22f3f4f6606979c2a4be3576359b09eaff0b4a55d94711a620789dc703 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 115d45d9f7665b965749982bfcbe644e |
| SHA1 | 8bf0f7b04af5593143740db9893348980d3ecbc5 |
| SHA256 | 128e660888b953987a2995286273298ece54859a44fdfe5b39cfdfc24ad2b54d |
| SHA512 | 0a5f3641d7e1830055967bfaab11e067f65b74025c1b188c7f72510913ae5f08bf673f0a567c2c3dac74001731f534e681f4010f341326a34c926c55d1854f3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d0cb8d0b1b530436e3f1fb8e86ae7dbf |
| SHA1 | fbbe7fc2eb5e2348e9143e5634c36f7e21f0f255 |
| SHA256 | ecff49907e75ebd97721b48210f8fc47183fc93da04f6148551630abdf3fcfaf |
| SHA512 | e03429760472e7c498b71976b2fcd43149a13202854a410bc54084a906cf8230b4ef0d6456926ced00eb46d5a67e1127df9f331859dd7656ef80f6e141946d18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f9d50e14dcc77e9d092bf999c43c209 |
| SHA1 | eb19ff3c6ab84f2e82c9ef24fc12a1c6d68e5cee |
| SHA256 | 646f4a00b5edce4f080f0254e0070eaabcf0352bb2c496c73c5f39b299c7fe8c |
| SHA512 | 6349cdeaf1c727de736c5b0b24e37abb9ee5e9c5e07aad1061fccb0377ce165614a16fb8ed9d06195b007701f80b11a7befa6a4421bc2376f80206d2b5c04fe8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b1fb84c9d6ba2d07128beacb59012ad9 |
| SHA1 | 829810914b9fb8dda69dbc30c7f6b8d56a2fa451 |
| SHA256 | ceaf71a4fb4633b9c9244b49dff49538c247d529e0ef6d613cbbcdca1a6e542f |
| SHA512 | 9dc363802cab609257f9865a57efd5976357e18c6722d4eb7e4e1e0197129895e4a5b673e3061595fc135134b8d178442aca2519d2e966c58e2c2c275be0ad8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 380a251be254f74aedd9d5519c07191a |
| SHA1 | 1420ed6363b0318314ed5b480d6da68d8916bd52 |
| SHA256 | 2d8651ae3d7d94db112d60bb7cdc1e9e23242a1018adaee11325114ca14dafee |
| SHA512 | 91195dbbf8733ab1b99e63cf18d2cbbf2b13d177a6fcb6b9301635dade2509619f892574688cd496ba718569e011c5ceefa58f545cf75efacb68dc57a3329e52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f1189964e1d1277ea62f066f2b64f6e8 |
| SHA1 | 568fdbf4de7bd6a8a805a9d0ddc31816eeb40b67 |
| SHA256 | cf87a79ba4506ba2521ddad340c7d2db8839450f6ba68b0c003976ac91b81c2f |
| SHA512 | 82ff3efc59deb5c4bdd783e6588bb477d4e0a669fcba58b2d55e01d3f971b64b33d264bfbd83fc7df6aad26f0dbebb987d70b4adf2733423388798af8a7073d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 09943e78b41b63ed80e60ef2f26c5828 |
| SHA1 | 65e077e7e815697f3bc1bfcbac978e4c34810c06 |
| SHA256 | c24ae74efd8ea5f2e75220b3447c9ac93b9de7faefa63df8d101eed2952cd71e |
| SHA512 | e92fb4ba64a7b663db4b0f30fce6ccbbe11c4177b9510e64ececd8f8a1511aedbc5a73e7e3d52eb8eddde2926bb0e0c73b3aea086664105475718181e6c27da9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5fc6c31c992afc9145675fe07eed8a1 |
| SHA1 | 40215969db9acb3dcd0cb29fe5cc4833ee7f7d70 |
| SHA256 | 7b36dedd29701f6e33424fca4f241c79c9362e0e8b062f4230d697d5f708e28d |
| SHA512 | 7dc7197c4e81ba83d09a3062b0e2c57acdac1b91f4a29f647d6c1904bd46708102387d70e1297b371891fa735b8edb3d8966528af43bc77d912b2fb42ad18c9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 79b097c95bf8073c868d0f7d1375ace9 |
| SHA1 | ad9c5b844e4a8ab2d3f99934c15d5f0f74147004 |
| SHA256 | 914a8d3904e64b78b88c134e0b815cb4502b5fd90bcaced76c294182270c526f |
| SHA512 | c0a4a819d63321d4d438d79a5c2aebc09c23d4a80f3ef651581880bca621f31b95ec690555b9865ce88648c4f98778a537372d02b741b97a67d996ca0aee60bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5fc7b2376ebc461ac73f18274884fe20 |
| SHA1 | 34893d50b13aa71573081ccdc58567b979ec3df5 |
| SHA256 | e60f635478e8c5250dff0dbc4f8a09ae176696e6474cee6f5b267121f40be710 |
| SHA512 | 7a9651a38ce18f52814a632ec0ef71f3f5489aa73981a273130fb588bf8f0402a289df09e4e4b33e2c25ae892346b727a9104cec86f03e06cd139c36080d52c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7091c8e3bf5af685d3ebcae6e986b32f |
| SHA1 | 1f0a459d6f5135e2f5abc8f374afacef5c36eba6 |
| SHA256 | 708772f9e1f40476677c828adbfc5c8828f5d42a18df5c3322aca4ad90a5d172 |
| SHA512 | 71f0078a59467053e8f30cae358dc1caf7bc841ecf3e7d9414415734ceeeaa0c1e0fd9c79cdf46194772402de9b7e6d11312cb94b39240a877b973a7af8cd649 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f0f5bd9a03f30973232700f62c2dff0 |
| SHA1 | 9c05658cbcb7ba1897280a2e9df069e90a3c0685 |
| SHA256 | 9e5c80957f8c2f03cb044a5b852a6cec874f4b3ed61ee66911d029e492f507fe |
| SHA512 | a4b5df4416cc13111dd3739a431d5c6f2fbed7f14d1339b2aacf2e7054789183794d09767f66fbde28bb93fb232d02b02618762c7e55cd249cea226f07887233 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f0032921586366305f98c2414ec4b7d |
| SHA1 | 56cd80c11572687e6087aa059f24b3efee12e993 |
| SHA256 | 2a5004ad58e479cf54490beef3c28ddef91398deb14e511efbbd3c678faac9a5 |
| SHA512 | e11de02d22c727770e42d6e5ca4c37b8620a75a5389a1e5f13d04d90992fd684fd0ba9aeab9cef930293980e19397804880449b1aea9779a865f5acda8287a8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 32bf1607f19dfbb986b298c268fb61d4 |
| SHA1 | 15a754e5503a79bdf7b027205d32da4b7bfe2f9d |
| SHA256 | e2aaa95bb54238fdad785767e50c0eee14da1bd26cbcd1ddd39813523b0c0a64 |
| SHA512 | 83cec2f90966c29349ea45aebc15e8d58662179384ff63e44b17a0ac7061ad5a270b5ba41feee374a59da1d52c6ea5d22976c051ec2783d60ab19e83a8d88597 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf821b4bd85e9b7678ac2ff10c6a8331 |
| SHA1 | 624c17b1b27a3b93a48a0ea5a038d5bcd2dd5e62 |
| SHA256 | 13c602697f7bf0f9f3548c49654fb7df5987c57a2a2c19872e4491524dc859d9 |
| SHA512 | 6b5795ba6701065d0c73299fcebc71b197bf95eeba233b35464b2d9944202c86c453a9bedd66c76255537e1cb2a37519d5b7c25214425ef5e07bbf41a0e080fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a77e12e1606ae3f7d4b131cca7084522 |
| SHA1 | 6e146fbc7437e2d0ede0904644ad59e5282acbdc |
| SHA256 | 46de51bad3db60e85e72c2381d64dbe86957f15d5fc96cf7506ea1bde4d9e68f |
| SHA512 | 16c5849b78f136d656f4106414463076d5e62ebb627959acd5b583159874cb8b0604ee1f7e68755b1191723181366baa060a0c941b2e03351fef67e1bcc5d749 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d7be4f19a6be9df91d23c928890cb963 |
| SHA1 | e3d880c4d40eb76e3df24272a19bf1e8064dfa4a |
| SHA256 | 87a6e9892e90b6184e4d5de152b448a7cb445170b4eb1504e7723af96c600d75 |
| SHA512 | f6a1f472ba0c05e19c5e568c8194a5b45c9aa7d3d12f9d6711293c30e32d08c36707f6eeda87cf061f8179b16aa914129e2c224378ad57f1aaeaa8769c522dd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 62bab7db6470efcd6bf09afa15b438fd |
| SHA1 | cc64552420ca0911636e0f7998dd3d1762cfa45e |
| SHA256 | b8bbd7f22f3709daf32cea293cda0170bb3092b7324e59a2346c1f6112fe1c4d |
| SHA512 | 409b5743776cced5e51d11432ea8b037cf06328ae6680bd42fa221928e5020f7f18928a60d89b95e8fb7ef05b39ce3661776f1f76fd8cbb1c59e8e9d18c304fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a25c9937b652eb77fc608701581fb517 |
| SHA1 | 6e399ca6d8cab26fa78d33c4cf5495ddd5dc2236 |
| SHA256 | a958495722e228ab67f732cef91ef587141ca8fa1308c9adc26fb0d797b43b83 |
| SHA512 | 506e3e60c1c7ae8804182f48f4ecf9225c16b72111ee3f69455df84a2d2ad346033f1d6f61f742c3901e1ed88fee995c0df5c8a3b20399a6fb8659235083a758 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d21361e916c35554f24e610caafb946 |
| SHA1 | 61b89c9ffce3311781039aa54ce390a33012b865 |
| SHA256 | 37dd352be62785e630723198a044d83fb1d187025c1a6751eb808bc75886d1b5 |
| SHA512 | 891bda730acddc230e6b21a00d08b2430b8fad3defc1ae817cf006b3b89da49d40a6045400bcd5b71ba86a72ed360adeb6d4ebfbb279e9c01514fbf0f0566704 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2b6cc163cd296b8d2da1826ff53d8ec |
| SHA1 | 91176bd797f082037d294ff9066690cdf5eb3466 |
| SHA256 | 72dae6401bde0bc6574f2dee5671dd84576e7923fd17de3f7e337d9c7c8ba78a |
| SHA512 | 881be55a6bf06a949fa292c89fcde16375671d5d954d7128480c4b30ede52d3eeace7ef325321a8dff100d3e6e04b2733376e58528c5fac1c51b2d7113153a27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c0a6f86a9a258158cc37179d7c06abb3 |
| SHA1 | 846727b290448a7b83080e25452fa4d39d31980c |
| SHA256 | ddc360c4f883240d046a092f8c602c5a5552a56a6aea34e94b8fdfda0cb53d2e |
| SHA512 | 0093631c94f02ad9f154bf694252e19a651d220f5c6b28cf21d7b5b03af040159d1fc71891734d8390e2f00f6f6ede11fcf82329630ad907d86ac1c7617094aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f874471b2d6df559686b60215a0ae7c5 |
| SHA1 | 8a84dfa440171eba4d1927cdf8830cfa99d9d67d |
| SHA256 | 90ad1bcd1b14f19e426e66699fdf89fe9d3b85b73790e131c01fc27356a28e31 |
| SHA512 | 29beeda7f125127cc94940ff97ae9fd34dde151053a420753e3e736c36648c789ba002e612939c8f1416a79b6d3667b9da267b8930ee703a6f617bec3a44bd4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 53f16086c989da57eb08984bacbe4cc7 |
| SHA1 | dee4b2b4323e80f2213920336d438457ba590200 |
| SHA256 | 79ee98087891fb4b3d52ab8448f687b3610de7f2f51c8937e5967a42bd1fe98d |
| SHA512 | 75a70c618379bc7c27547adc7de972b814cf47df2b693e1446b9186e7a481fcfbb7716f12c266a78955d3ab809600b3f1030445ede90791bf0fafca9a6074522 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c51f15adddd4f696f5227754cc3b66d |
| SHA1 | 05863173d678eb22c2ad8d10db9201b4d68c48d2 |
| SHA256 | b70fc1ecd689779465f18a13ae88dc7b088e931654407f0b8d2c62df581ef928 |
| SHA512 | d559926a18329f0d31b15b58a5734940f2b9778106189e508049a156f19d5974141892480eaa61f5c72fb90d7d690a9bf99b20c5959b719fe2d406b448eba1d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b9316b250c784192534353c6a31709ec |
| SHA1 | 6a69038ea515b451537a3459a4f8cff63a0ca931 |
| SHA256 | 38bc9df2f52835831a1623f0d01cf0a8b73d6d7c51730736ce8d6c1c2079e462 |
| SHA512 | a88307f6c39095bc7c3be7288dc23745903e43a2aaaf0548f7cd6259b7b6cb4d8c5334b2b54db65c85fc68676eb25ff04739eb6238bdadf5b412f1d7ed0d5141 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-30 02:20
Reported
2024-12-30 02:35
Platform
win11-20241007-en
Max time kernel
899s
Max time network
845s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799988470065558" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaca9acc40,0x7ffaca9acc4c,0x7ffaca9acc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2148,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2372 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4632,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 234.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | bda49f9e1cd081fc9a1599f876a3fbd0 |
| SHA1 | 17ed07741f013a4b2868c16b2d825e969d045a25 |
| SHA256 | d7d6a683b2a5aa56f8a040640a70c50349001277604c629cbf991cabe3db9278 |
| SHA512 | 7e7b7a5409753cc167d5207aa89599ad5603c3481dcf386314c09484f338b7cedc46d12037ff47599b6dca76b402af8092d8edfdcc05a70e98f8f8f29724444f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 527c4e5ea0c896d32a7a37fadf03e50d |
| SHA1 | 559705ae3fff06fe50dee02ec2f84a5f755476a3 |
| SHA256 | 4eb518047a2857d808f02f94693af3603aee9b4a3ab184d013aa0a64793fcc1c |
| SHA512 | fbc47713458062ecf7945e5b2799c5e5edb5648b335338f95315f5d53db97560ebd89cdc35f8bbad7e52b66f99e16aedb21720f9fd4d65e22a3f7640ba081e70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 888039b077e6449f61836e81655b80d1 |
| SHA1 | 48b3719280e5502c29f1c4369df9325355d0a019 |
| SHA256 | 803bdf7acceada1fc05b8bb29b34d6afd16ede0ac06ff4892ce034c818f0d80f |
| SHA512 | 0ed89c3576cdf4d2aed13e1a717ebd752e6626aa94b0d6b697b7b6b1af012841e2fc971a0397bcc054e5bd42ae101babfeabe6e9ecae73525e4a56d7ed15e592 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 55c50b1b438233f88166a882d5add764 |
| SHA1 | 9c4142593630d5004da8e0d65b6f598133d0bcd3 |
| SHA256 | 7a68580e6c8ddca1f8e80841af76d87dcc46b2730a4d806c592a0773a9ba0659 |
| SHA512 | 7e931d53d1abda008ef19914ab007e4e9a862b162bb9d3922aeea8a4db7540ea441d1f7b85a3532b7c571d328fcc63f45e4235a68f85c4a4b86a79f991012400 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 78f93cf3d485b564e7557e000fdb39cd |
| SHA1 | 33341e20ac55c339d2672533897965aff51dff84 |
| SHA256 | b148f8e6ba274190e36f43b94b72a1ed45dffa168fb8d0b5d3e8cf8f209f0bc0 |
| SHA512 | 6ce065dfd1e4ad7d5762459aab3792c6125c73a0afc500f306596431487e823d6c12fc6b159a65dbab66bad4aa5c43305bfc173ed9c4762f0e0a884a2b99c788 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d620902b8ba50db943d852d72dafe47 |
| SHA1 | 7dda6c67c460661f2eecc4beadfed90f74307193 |
| SHA256 | 19082f8599474368f89148880960e5d7520d4e9e7c97e09f8afe2299553fee43 |
| SHA512 | 43194e379394aa2cb024d3df05013c819002d4f180608492bc3cc50a9bf656d73c7455ec50bd83fbf091f29a79c89b61413394c98e36b83a4450e59beae78678 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b5ee215f-8df3-449d-8c0e-ebd9afa789b3.tmp
| MD5 | 25a6a04269084a570d2ed9bd95e0b395 |
| SHA1 | 78a39f85b3e5b0f9e4728d40d12b770421333065 |
| SHA256 | b90d6bb96eaf3bb15c1029e237665763a0eec743eb81630dff4abbf932025aed |
| SHA512 | 352356141f85e3c75b2792f8c97ab75128c0153b38ade95d8a6d3cd3687c6a5212e59d07d081f137167152a1f9ffdf669af88cf0c1ffddc49528841c83fa8d2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dab592422d841acf2ec890f08908aa79 |
| SHA1 | ef58f92c6180640eb844acc04d22847085239c6a |
| SHA256 | ec9b5c4b96e016e357e313bd74eb57205539908ca719062d1faff67a4e6e217b |
| SHA512 | 96871a046c4f80093d135ab4b7cb7033573e71846fd964c4bb0e1dbb299f6a4f84ceee6b5c583914daee5b6bcada1e9c11f370378395ce49e7d26cbf8104a5ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86b2604a9efb24eb40f48f580e7a276f |
| SHA1 | 5ae81c80ab5963ec1a2bf6b6eed1168235e67beb |
| SHA256 | 5eed8a7e91e530b36c14245dbe1ba8269a345f8205be6e16837e841507019d40 |
| SHA512 | 5d25a2e2e981f5c5e0d69ab4fd79c491c5bec552dc53e232a9d1fc41d1f5b0322bf94e4ec254680396da76a5d7b3911d2083d878236addb2c084e7a81c84cf0f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 357039826d3310fa741cfe724f0c3702 |
| SHA1 | b41ce360fd8cf6caa6d6801b3d38f0c130c5163e |
| SHA256 | 48f39bbddca2cc187a3326157024628a6167b9ac57abcde384d306da8c141486 |
| SHA512 | 99316c163a493dfe4109f8ec96fee0b83e09102639099e06ea8a9f2aa3c38aaf7d2aec3489a4651fe6e5aab3e83ab4f7fc16885597262f4f4399900f9eff0d12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8dea033ada47a346cc5edd3df863445d |
| SHA1 | 1b03b0ffde27feed884aad55c2e75444e925f40e |
| SHA256 | c4d0ad71f7e258ba31f0abab2565a72d3ae70420e44713948c7bf0bbaf35f382 |
| SHA512 | 03d7383601186a717a9d974671fe189a35cf615f6c62cd9c614d92aee5ee45039bd15555971dbd8791137e1b869aba7cd9bf8c95ef7f568938d6b1282fb21e78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c0345a5575b25b98888ebb491e2ebfd5 |
| SHA1 | 5db92ecbffb04eb73dfd5bb573b715a804f3db83 |
| SHA256 | 19044dfba8f2dd0b3e846b0a799f2fe637b688a8eee6ed89c3bde9d69d83c9bf |
| SHA512 | f411bd1d8496643d43184ac4fe8dea090395f869e45c3b741d3c84602888b4e56031200980c49b3f099804224094207d13e55c3daa964f4043a661c69072028f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 31bc3edd33bdc84a28e3cda6857e54c5 |
| SHA1 | af756e205413e900714635327932081bace616bf |
| SHA256 | d541e8c941dcbe23b1acbdee3a4c41744d6d1a37bd70ceaec66da0d10ad7d24d |
| SHA512 | 566ebc1b2cfb51aab3b73dcf4a3769ad4f5c254374f6c0fda13140609873653da29e94e85a69b634123ceef362dc2626872311f17738072a30d8cfc2adba62f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eab9ef4d51d98795a229388f8dcbddaa |
| SHA1 | 57d762fe84e5436016c25ef3034005a46d719de7 |
| SHA256 | 7dd676c202afea53ea33d1ad43b777d7908434f9977e9e986e260d0eef2f4035 |
| SHA512 | 83852b4cb0c6e188ef1f1bbfe0db77bd4c88f9e1577148dabc804e15e21e2d899e9ecbd33327a5a964ec8c4886e54d389f8751c423833882fec2637a547c0566 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1c6c2c52b51c243cf6d30ce8c8c51087 |
| SHA1 | 73a38c4cea66096d1687adca3f53dc8ebfc4e3fb |
| SHA256 | 3187597498921e213b267386aa0d2b450d45454ddde7bba39b761a63ef47966e |
| SHA512 | 810f52efa43c0603c2765d09c9b742abffdc6cfec37f3527dd73867e04c062762b661fe7f9f022addcbd6cc21294b412d33b76f457165440eb237ce3527f6284 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe54805b46cea73c1c39574cb7b76725 |
| SHA1 | aece3d19ad155c442ef1f2397384cd5186b42274 |
| SHA256 | 470796911b338a13522c5aaa7abe88c7a3566dfac4e2bb425b01bc528489a348 |
| SHA512 | 353606aae3ba615623d21b0f996c0df3e07d19137884c17ebbdb45d024d2bd2c6221687fbe710b52f7d1e3f5b43d905c7a7342b7a0010c01128ed2d33b62c954 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22744a3233b50e1efcf7d075826106da |
| SHA1 | 72d1bb9fbcf65c34a7302c9c8aa5db6c7491b47a |
| SHA256 | 5faabe8f17a9fedb5ead9b3038b6079976830768756481e7265b12e1297c20a1 |
| SHA512 | f36384005c11687b48b8bd174fa16f1febb7348d274da176d9320ec2ddb90aa95ad2624266c83b5b85f71c29efaffe0774e29ae8b785f9fd65459143532e9a3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a04f9e5228499f62987d2bd4c49532a |
| SHA1 | 26fcdd474b7a18c45194de5f9d974f5d2369f93b |
| SHA256 | f357fe38ae733717861bd8367241462e18e426d94bced5d100cefd688250962b |
| SHA512 | 51152c5a22825ba0c227050f5a4da15429b80689ede85319deb47f4eb4644655f454118377a1f0d6e8be6e7601178425fe159fd1d5420f196641f76fa848a9d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bcde43c165d608ca537595d199a43ee5 |
| SHA1 | 08e1cf895d7f44977c01322102efbaea66769842 |
| SHA256 | e345fa70ff378bcb48833a24a3e468760a72a624bb2a3d9f616dc2424b21879c |
| SHA512 | fd656317255496941228abf84ffaedad84324be43ccb93da3761212db150a808a9e2b6ff537b1e0c7fcac2487414cbc3a5484b721fab8145ec5c046df062ba1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0ad4340b013c04a366e6837e75bc5cd2 |
| SHA1 | e6dc4e7c0b75795352c928d76ab79bde96f1d468 |
| SHA256 | ab4aff57d9074bb92c19e6705770a853d92501c1d9b0e5bcc644a6c9947df6cc |
| SHA512 | cefc368b7e2d3655c41d4768f7b0cc1927f38720b176456b0aa43ac26b690eb7c09c85d1d65607faa70a46baa35c5b29899558b310a68aa23a8443c843f3f835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 53b2d42ac2948b94d5801102b330ad8d |
| SHA1 | 4b04c6b8f256e7ab02e86a9e3489e5f395fae888 |
| SHA256 | 16092093518e6132df1f0b4cb5786f1f1654ec1de421d6a411b8b7f4eae8ff97 |
| SHA512 | 67475f3c4dce1855d112800891ecddb0a3c5cf2319291f9bfd9708423465b75a0ddc35c6e66c4eb1acb2d3523d4dea9aca3f7cfe86cb349783b4105ae583a37f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 130025d5828238fbd78b19ee350d5795 |
| SHA1 | c908c5663a4a8cda94281f14b0c21db3c5109cb6 |
| SHA256 | 1402e7d345ba833b029cf4988d7973c9168fdf82cfae95c1c40e14e5f0c88b23 |
| SHA512 | ebff919825b427db4c59c1bc97ceef88699c35698bb8ab6386ea37c5d1c737f39ee29a80f77165883fd245811a3a53ae874c86515be1c8eecda94833237d68b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c3ebc5bebefa2ef3289b49ce91af37b |
| SHA1 | 05e78b582a375a617eb022d327197472d8f14e6d |
| SHA256 | dad1737128a1e3cebc9670744735140d5f6e013ab95fcc7378715d562421f5cc |
| SHA512 | cccc004e5e439a0c630faa124c89ec24c8d9e0f9a9e2ac7dfaf3ce1a56d400c87bd4ee1aa7fad8d6e609e3ab04b8756cddbf967cf5ea044d4a9029f38e5d207f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 01749384973622dfbff31f6fec6cef39 |
| SHA1 | e1550c47a272dcfe5492ef40cd9d835e50a2aa6a |
| SHA256 | b0efabd8c48eaa23dfca824f13c882c414bdac145e893602e7da5d39a8ab1a00 |
| SHA512 | 2692df445f8450a757413d77819a167a41b59a34b535dbbe76e79070dda80b97bcb9b6554c36e207ebde1a6f6fa0d0610749058bf6c50f6afbd9cdf7c2fa45aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 202d828eb45a8d98f20efc233f4f1597 |
| SHA1 | 71a3dc3c84034c7ee66ae32d891a21c2a1f2595f |
| SHA256 | 15c520f063fcaccfb5a64d7d0b13f770b45ed711a47de5da98b9418e2c612d08 |
| SHA512 | e2a395befce19c5883b870f342f20cd2ab00a0f0c23c686a31d124037e23733cde54828a9c6fbb1e44e26cfe2f0d46a4c22a89a677161f7a4eed73a128d944f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1c0574d252c7247169ff3c56d12039fa |
| SHA1 | 376158d0114d0f6648f03f44709e31255e65f850 |
| SHA256 | dc2a017e6a3178275343d46ffe3a731b6c8fd2e2be2657784b2ae5bd6e94a57e |
| SHA512 | 50e23bd07aaae4853f3216100394932f8187d1b26d042ce090af10b65e6f4807511041936db8da10b2a96dd294c491418b6585776316ca2a1779f5035d16b56f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6cd46e55fb96e36423f2a3cd449534c2 |
| SHA1 | 5b10748c104637fcedefbae914183271af97b821 |
| SHA256 | 391a22409ee04303677d7694702404361bdf4173ee63bd8547adb94653fc8222 |
| SHA512 | 3d43198d9e6501f0b33631b21b6dad7846de6e0d0824217a67c8e2409acd222a2a3b00eefca5bd4bc16b7bd1e6522705a6082e5a0568c41c68158e4af8943e64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | be5b01963df85c8f86330e496c178bb2 |
| SHA1 | b84c447141dd4ecb072781104890b27f68419a43 |
| SHA256 | e8517974d7deba05ff10446c240f9469ea2d121537c5711cefbeef9ae7421f0e |
| SHA512 | 937ef0b7c5e9c4464c0de722d3da20e86238bfc81f91dd53aeee193068f03eacb3817c8dacfe26a64f70945ecbae41aec6cc5f4995b06a1f5a3ccb9fa254f760 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | de487a341b07101e2579f851f8e403fc |
| SHA1 | a3822584aeaf20f0fc98cec946a9837bb8ecff3f |
| SHA256 | 566fc6bd044f9ff42bfa2017596155e9d8b233027535c0c2a308d1631f552fe2 |
| SHA512 | 3aa7e7f98d73ae4465857bfa53a8a8505670aeebd1357567f4a7aacc38e65a13e7b0c14e727a6664266cf95db8b38fd4c9ced7b641ac3b211168f28033b6274c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8f07802e78403eb13aef4950ad413290 |
| SHA1 | 8513b5db619a0c6d5d03eef81f4b4991dfb36b1f |
| SHA256 | 34d501a01bc6d665f28ec69722fad1ae60bb0423231c38c2a698a94ac6548317 |
| SHA512 | d4a46617d935541d30d668091cfb49bdf1c29c2015fc6b25a9c66780958f887d705a77da45de7fb3c2e845c56cf74416ac3901f46a11f77acdeb01859c50e710 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43e8297bc29ba1dd3bbdb01a61c420a0 |
| SHA1 | ae05bac71afe1be06cd3b7ba0545d0146733b8fb |
| SHA256 | 1d7335e8df0ef400a8a53f47d59a7ed385409f24c21e7c5e72a82b3162ec4747 |
| SHA512 | bcd936878bfdd1acac69549cb488f88fa4671f47142447d82c4ff206b7cf88bea1d3ed36ad9b5f7d03f191c966b05e6a982da6261231e1cbdf21467834787a75 |