Malware Analysis Report

2025-08-10 11:53

Sample ID 241230-csp5kavlhr
Target https://github.com/d00mt3l/XWorm-5.6
Tags
lumma xworm discovery rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/d00mt3l/XWorm-5.6 was found to be: Known bad.

Malicious Activity Summary

lumma xworm discovery rat stealer trojan

Detect Xworm Payload

Xworm family

Lumma Stealer, LummaC

Lumma family

Xworm

Uses the VBS compiler for execution

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-30 02:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-30 02:20

Reported

2024-12-30 02:25

Platform

win10v2004-20241007-en

Max time kernel

271s

Max time network

275s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

Xworm

trojan rat xworm

Xworm family

xworm

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe N/A

Uses the VBS compiler for execution

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XwormLoader.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799988472225919" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3900 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff88959cc40,0x7ff88959cc4c,0x7ff88959cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4328,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5080,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XwormLoader.exe

"C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XwormLoader.exe"

C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe

"C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x46c 0x4a0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4716,i,14833654510934271151,1406781088147853919,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gtcd4tsq\gtcd4tsq.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF406.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc97BEE9602BA042A7BC25B5ACF56E9.TMP"

C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe

"C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 74.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.201.170:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
FR 142.250.201.170:443 content-autofill.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 sideindexfollowragelrew.pw udp
US 8.8.8.8:53 cleartotalfisherwo.shop udp
US 8.8.8.8:53 worryfillvolcawoi.shop udp
US 8.8.8.8:53 enthusiasimtitleow.shop udp
US 8.8.8.8:53 dismissalcylinderhostw.shop udp
US 8.8.8.8:53 affordcharmcropwo.shop udp
US 8.8.8.8:53 diskretainvigorousiw.shop udp
US 8.8.8.8:53 communicationgenerwo.shop udp
US 8.8.8.8:53 pillowbrocccolipe.shop udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp

Files

\??\pipe\crashpad_3900_BBUGVNKYLRMMAXVN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 59e609247d8d58311e83745904b96864
SHA1 05b60e2c6021efd5a74b3c551b6dda4d53b4b0fa
SHA256 94d0b46f6c9fb958701da082df0d55b6a2ae888bf40c98b84d6b6b2f52300919
SHA512 c7a494c3a95924af11f333071386dbf03c4058f951d0f9f303cbdefd0ef206479e93271a07da22c9257f6913e253c6cec6c6c79378797dbcc4341fa168725d97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1968c7f0c4a7845abeba28cb40bce89c
SHA1 c041bb716705e85c8d294e8c0c373dd0dde2ffa6
SHA256 6ae73218fb0adf6fd6243b4e7f68ffa6ec767152b8e9e9fed9add0c53d3e4738
SHA512 e0323834b6707f8118d9c34cad3fa2172bab1765375ed64321d0f7f61d7b2c74327e1db43185eae74df572f4e0b9a85c0740e688d9153899ac22f1319b557bec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20d295eeff4f371658d0e608ab156437
SHA1 bf5c687e74e7c84262fa5092f5b8006299527c21
SHA256 249ddf729bf6460cf8fb0309664e4e81ce7918d645cbd2d7b2b68a45d889cbf7
SHA512 d2c0837b26390f7899e395f55cc875fb8a55a04a422c32f66f600b60a538d2940eaf069a80a44c9c3e9007ecbea0e2b42c19093366601b3096177d9de99011d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b0b47f384f3a660ac285807e6a676fc
SHA1 bd878583f3778609164683e15531ccd5eb9fd5e4
SHA256 f104dd06d1c4e565475ba22699c9d3a733d5bcffb4dfb9d7e9d575d59d8f3e0d
SHA512 1b9f6ed1ca671a2c59ab30a331ad8ddcca158b11f19d86c135d4f090a4eec235f7df6665034c5d06fee348dffef9ed4e3464ce1625a0908c629f270251b02865

C:\Users\Admin\Downloads\XWorm-5.6-main.zip.crdownload

MD5 95c1c4a3673071e05814af8b2a138be4
SHA1 4c08b79195e0ff13b63cfb0e815a09dc426ac340
SHA256 7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27
SHA512 339a47ecfc6d403beb55d51128164a520c4bea63733be3cfd47aec47953fbf2792aa4e150f4122994a7620122b0e0fc20c1eeb2f9697cf5578df08426820fecd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2407e9f58a03aff683bc627fcce338d0
SHA1 5c9202c3f792df6b69a4c95db43c7eabcf785abb
SHA256 e015465f5384ed09115e77c0c72b5dfc6bccb570cd00d1ebbc5d42825aeec9a7
SHA512 1311355261a967e0e92df369041c6cc18f8f2b9308f9f2cac07593d06ba19585cf4569c36d474952db92133c010a2d6beae16db5909c3d1e9b4ae788bfdd398a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d30d17f74e997227e4971b43533100d
SHA1 5ace7d3127b0abb4512e1a848ba968daba523ee9
SHA256 c4a9a02e9d921bf4f9e81cfe50b6a0f3512facbe1fed133c870bbcb53f773ac9
SHA512 e8a128e6948191fc2539d8ec79bcf5d128081cd75e267707908adfcf3904b6dc026b26315a48ea1ac0a4f518dce3eed65c40522c88279d7d3b2c0ced2b3ea9ae

memory/3088-202-0x0000000000F40000-0x0000000000F8B000-memory.dmp

memory/3088-207-0x0000000002D00000-0x0000000002D01000-memory.dmp

memory/3088-206-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

memory/3088-210-0x0000000002D00000-0x0000000002D01000-memory.dmp

memory/3088-209-0x0000000002D00000-0x0000000002D01000-memory.dmp

memory/3088-208-0x0000000002D00000-0x0000000002D01000-memory.dmp

memory/3088-211-0x0000000000F40000-0x0000000000F8B000-memory.dmp

memory/4640-212-0x00007FF874DB3000-0x00007FF874DB5000-memory.dmp

memory/4640-213-0x000002DA4F100000-0x000002DA4FFE8000-memory.dmp

memory/4640-214-0x000002DA6C900000-0x000002DA6CAF4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c643611cba64b4113dbb3e0fefa5a900
SHA1 21f6981228caefaa540c791623ae670845a7613d
SHA256 56363a4760358597e9c5fc7c5bee752da5cd7082a1df3b44881271b33f9910f3
SHA512 0f6aef15b7ae4b160eac614bdeed966294578bb9b3db0394de7bd40445a9934499e94ea51029ef2492f48062c4643df32fb2ba36fbb425294128037d178203a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 222a2686364fba754685850d1230206c
SHA1 a5e3f8d6e9468a17edaabac2aae8832378ae61e8
SHA256 16a60ac91c28d4eb1f58454fc16f34812c935e32f8b7de2a2c594ce25d62d7fc
SHA512 28c96bc589ee26c5772bbdbe3f82da27b8b8a92733a6017f93cfae483e246c3236429a94b8f6f14d5b8641724ead6dae1b4126579a3c6f6b7b1fcff9533d4d52

memory/4640-233-0x00007FF874DB3000-0x00007FF874DB5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e05d895662f1faaa280a9f3fb759b2cc
SHA1 e26e833d243c9a4e09b67f816550e23aa0385a54
SHA256 a68b78c430fa22a57d2d159fab5f1373d3e29e1833fe5f7e1bcbd9ab06fe5185
SHA512 ed7e40f620e0700ebad7b4c57f18ba3ba59231faa72fc01a65ebad82e9a273ffdce904a2e5426c0715e504b1c3925ee58a5e3295fd50959dce3b1aa41d4bc4e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9afd48c30887916c803cc00c7eb27c28
SHA1 b5d62491cbff3c5521efb2a2c764b47673e3cf89
SHA256 73e33dd6d6ca38ad96b1181b814a13896b94b1b28f2b868eb87d609d8a057f18
SHA512 a6177d68f7f9e0eb797a98b06143b96b4efd8156677acec6eedc2888b2d712d688aaa5e83ab04288c3c80dd365c615f3ad737191943b12e1e99e59a2256d4b01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8b9be155057af455d4b6736b1d895ccf
SHA1 34f39d98d2d3881d396b3eeb41585b9dcd0bf462
SHA256 d2bf7acb7f9a86c44f0713d6fa8836a8297d713f04ec0e4519a33a646039cdab
SHA512 84acea827d8b703c1112c66b9a6e05f3a67b2ea94b59376d2d3a14faab26e83beca753b881c777d798f4393e96386fceaf01154c47d0295981a0cbfeece57aae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7785c435c57f56d797624b99b31da0c1
SHA1 929bf2232861d88f53c0a67d369c28b169664beb
SHA256 40383c312f3c9657a1c297ab2226bede8e689aeab3d3e1b0b2b1dbdff7ecca51
SHA512 5ba9377a9567e731fc28ee301219802b542406a2c597f1e02ecbe4e6da632070ed1f2ede9e89e4cb8cd34607814b5fd2aff25516d8d9518b80e3149713eb00de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9e186954-c08f-4214-b0b1-8c53acb94651.tmp

MD5 d9bd68555a322d861f74aa9fd85362ba
SHA1 782a617228eec2737387221383d2d01af6a3f8c9
SHA256 34f21fc188aba6638329924c9e228bc82b8bd81188c3a12c47add0525144c110
SHA512 56c52c4bcb33e593d39801ab3a777d5668868b3efe9419cfb62fda52e4a7a33e9c0a9bbb30e790abbdbc7b1d58ce593f9b337929b73fac8da24c46d78156c5dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd24b37360020f17e9215bbef282b5b5
SHA1 afb7a34e0758555aebd830f81c4cc3af236aa268
SHA256 c2d1ea78653946fe858517f5b1e96a706d349feeb0510efba7d754e897123050
SHA512 2278ba87b847f243dafa430da68e38654ea04a14b6e1a14a519ca998b0cddd573ba01ff61c8ccb635d8d628ac0f78ac3f8ce06613c8c2fa49b7ed9bd9682291d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 676dca66dc71aa8ff99982a548e29d7a
SHA1 726b6110adb24b4864be5658761e5f7583a3aabe
SHA256 fe6f401ec5f1f4fa1cface9ff081d4d054f75a79ba2aed28cb2683831cbf8cee
SHA512 e92c133fda789d10d9828d7c1323921827626276c115701483a5083e89ceac29cf32f1f13c77bee138c1ae60da4ae0d327c336e89a4ef0b51791fbcce1a82c4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2984d3fd77c529825551a55f6a38118
SHA1 92e70c9f11523b98e426cb25e0ecc1e16c1a41ff
SHA256 437d5a4c471909f1096650f7fa7b57a79afa6a6664d74bce164d880091e2e6c4
SHA512 992b069c3d2343829caa5fa3be6d63d0e5a62f01dba579ff0288e4424c6599a5bc7b10bf3d8fcd85cbe03317664c73d1fdc61b99a14153b90f5da0f34fbef55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0502cf31023c0a33de3a0c807f7edfc2
SHA1 a5222a5c659d652b11201994bf4bfdb4d7e6237e
SHA256 c388305b750d17a95ca7adc326ddb02a1ae563b8f7ebe49dd372d8bf51a3effb
SHA512 81966b7e3249aad0dbae9a9d214b7d2ea93e662ece6e767033234970ac67d8b656596fff01ca29c8e2fcb0f6cab9e94a199e7bc5204cc6db62580560b2a64783

memory/4640-323-0x000002DA738D0000-0x000002DA73A38000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\gtcd4tsq\gtcd4tsq.cmdline

MD5 04553e10a3476e087cc8b5a5a79c3acc
SHA1 bc5e1b19158aa500b89cfdf0eba6a0777bd7f00b
SHA256 89c7e5fc7b2234d1afd27099457355d9761e94caee0600a4ed5ee1fc4379b8bd
SHA512 2019e864add2ffd2ff04a028e3d4c1ae21423e8f690682b90518c01e52ac7d3c885047710a3eebc5bbaa0a24bee4f8a38b2ca1df78529945b6422a2da87016d0

C:\Users\Admin\AppData\Local\Temp\gtcd4tsq\gtcd4tsq.0.vb

MD5 a122e66035f207e313af1f8ee14c1a5b
SHA1 60aab4f47fb1cb16a36c998efdc036c817d87644
SHA256 a043cee8d361ea00234991208179d6cff2e4f69889450e08f01b82dc6d0d0336
SHA512 2e86d89b9f02a80f3579e2e476b7c676b43ee99a8a725edd11c5f74a3ceaac4de25b177e89dd7f34957f8540bf6d1a113bf11c15fffcbe9cd42e3e0b54d6cf37

C:\Users\Admin\AppData\Local\Temp\vbc97BEE9602BA042A7BC25B5ACF56E9.TMP

MD5 d40c58bd46211e4ffcbfbdfac7c2bb69
SHA1 c5cf88224acc284a4e81bd612369f0e39f3ac604
SHA256 01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca
SHA512 48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

C:\Users\Admin\AppData\Local\Temp\RESF406.tmp

MD5 316225912ac02b59ee2a874775124593
SHA1 6ffbc7777dce2bc40635f36df53705edbe696ce7
SHA256 13ab3aa7e74a7fa08adf60588e752f90903246fe3745c36dd0801db69818f7d3
SHA512 143778990e46fab66c72f9d8f4b5b42bd76c7cc351184a7f4ce06d954d3a03f0836f4c51e1efb5e0ebf34bafa720ee5c482d566463586b15a6b5f86c6a15f0ff

C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe

MD5 971700e5d32cea89359f82e903e36da9
SHA1 768ab1f757493c47845386f0bfa0419f5cda6f18
SHA256 c879e609b28892a96769d677455dc9853c05c7d8efde01a952efc9b50a8363d6
SHA512 5c76650a23542ec44040e649b119fc8709c47f0038608f8a703f1e1b48c13008a8b87e7953f6e73236d877248b72df7f69a4aeac0fe52ac769fc5d3b4513f824

memory/1440-340-0x0000000000550000-0x000000000055E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 56064cc43eb1b9512b7c2cc61b265356
SHA1 55d6328038349bcd7ff1a09b3ab0b21765f1679d
SHA256 efb9ef372c4d15cc1b8faed6b71770b5271595f204e9580e06c16ed83514fe41
SHA512 f4a9283b11a236dcc79422554629d941cdca3f683ac96bdd9b026dfbd7cb5528c8d7c762b5b3b3b3d976f38750cf372ef829fc95f96cc815fc7e4d1207325762

memory/4640-350-0x000002DA73CF0000-0x000002DA73D72000-memory.dmp

memory/4640-351-0x000002DA6E040000-0x000002DA6E06C000-memory.dmp

memory/4640-352-0x000002DA74100000-0x000002DA743E2000-memory.dmp

memory/4640-353-0x000002DA73F10000-0x000002DA73FC2000-memory.dmp

memory/1440-354-0x0000000002750000-0x000000000275C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ccf3d272873f1ecfeeaabf3a84564476
SHA1 9f52aa8efed7f94871f006c8fd816512d7e21259
SHA256 5b0e1b59b6e84fc45056b2275e5eea875b0613cb66bfc1b118cbc1909ed8821b
SHA512 4968358f1562a3256dfec1c8c30c3ffdeda1c9cb9cb39111e8871724b4e798af634c492dbfc10a7de41388ad6667f38e659c3ac78444507ea5799da68832a1cf

memory/1440-364-0x000000001C2A0000-0x000000001C2AC000-memory.dmp

memory/1440-365-0x000000001D0F0000-0x000000001D618000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b8a85683ee2f3b7b848a392c663cf1b
SHA1 e5b0cdfcfbce9fa35e316e19245008f06ceb78d1
SHA256 aaecd495f0042ba46843178a2b37242db0d8cc7d67f295390e5b9985f4d4639b
SHA512 151d241f13c374ca2a800981a24f0efc7800a9d9c737c61e03ffa10fc80f170ee66045bbf3b23268d7f05f12c042cb6950bc4c437c76d6b52196b3d81f7435ce

memory/1440-376-0x000000001C2B0000-0x000000001C2BA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 964eec1854996e7af8cd40433e0554b7
SHA1 6701cb2c3c1f2681af1288984f56b55680243281
SHA256 2776b7449a6660d7ba6e5baae36dd963b3cea9c04583a73c1f4a0dc198119881
SHA512 82cb4b2ce11fe880bfc0da65879d4c0b926ae67b5bdb9ea7a7a7f3ce45b6720d4d8d37c3f366de6da4710eee097c26830c5f935a1ab82af7e4faababaff2e133

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8dd67e794cc2479a80a8ad18cf3efc2a
SHA1 10f0e71fc1bfd28384d44082a72048c158d4d588
SHA256 49dfd0bbbafe431c9a3a2db73d06ce4c48b56ed16a094d1d7b485c98debb6531
SHA512 bc845a3999744c3b54eb5a02da7084918ea3e5780460918bef9f15a2236436deb14a33f31b0984d0997a2d92b87f1a400efa71d02eb0ff7d3a449d18338b4b09

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-30 02:20

Reported

2024-12-30 02:35

Platform

win10ltsc2021-20241211-en

Max time kernel

899s

Max time network

845s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799988473108104" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1144 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 4420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffda083cc40,0x7ffda083cc4c,0x7ffda083cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2060,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1924,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2404 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4596 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4772,i,11545665677093817929,6426261123674683302,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4936 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 234.74.250.142.in-addr.arpa udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.179.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
FR 142.250.179.106:443 content-autofill.googleapis.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

\??\pipe\crashpad_1144_JPWZNJGKEMTNDJII

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 ae904093d0823a97ebcb808125df1f42
SHA1 5dc7c5d5cb38eebb6a89c1e482ce51fab18753e7
SHA256 97bfee47661d382e8a0eece81c0d43583309279a12fed36b8c5f4873e4c1fcc0
SHA512 dd95a8e29a0d4c67ee09367a4ea30e78f30880c95acadd9e660f80d93b3e4a022c0bcbcc50b020cd3d337f237da1746d4cc5c4e5c87e83f70e24925c3378de08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a0cc710eef94308d49c2ef58b8bb39e0
SHA1 e6ca3517638687f22b8d726cfa1e86ec81218223
SHA256 6f958f1d012c8b0e4fb8ff6a3c0c540e3c6765bbb7bed755fa8a27278dad8220
SHA512 3cd6625dc4a470fa73cfa89245b467f5b09955e41f519706d1a818849414755eefddbd66785fd4339ce75806ff4a11b248aa5512fdfad88d9d66568c8cab9d93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3cefff667f4d7950fe4935491d53610f
SHA1 bf6b66b1c92efe41ca91819f60ddff7c0c7ff457
SHA256 462c72af18db69d839ea379014e3c750ed73b8faa765eab570fe6673c10ed669
SHA512 a5f7af70b9761ca36c159a395dfbf7a643fea515f043f00022de0ca31c4e449d0d62ca4c87440786b563817f39d000a3958979004a1045ad6a8811ababb3136e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8fb00c6013e00512ede4dae557ce76da
SHA1 5cc88088507800efc73494679fd58779b9529d30
SHA256 6e06497a00c03877ca805c8ee30f70592fd146eadcdd33f2de1c0b4695ae96c2
SHA512 e8adc6740bf591488ed51d63203a048967505bf38efd119bfc7c1965d2906c2e6e034fd41aca4d9758dad6ecf88af71a21a58cf55437cffb52e4c6c749d887a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d0b1bf3077cd6915418f973ebacd4068
SHA1 702f864ba948737aa54d0f626c6204d0fe18a1c2
SHA256 91e7b94c89e581e386e0b8a1b1e788d10d8c63b0d5cdff68d31a7072c382e8e3
SHA512 29783eef53aa274fd28f0196f1e3991571e2555e77d3c3264d6c3cae85cf62822fa271bc5f523ca4791d07435038d7f8a81c367295c55561f525fca995148c7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c76023d2d9ab415c6b2e7c252b1c6cfc
SHA1 cd50aa94ebf568b02e1c5fc7fd9701679b570ef6
SHA256 5bfcdeb37bc2238c1a53b79f6e34073d5ff39fc25a8d69cf7cdd8197b1bd47e4
SHA512 b8de0143676bd3729b020d16b685de1e3a8b8f89888d99b9a86cf4048529c21a923bd7b623dd58ef82424fdcfd7adabe5d2548aae474d973ac448339fdb9dc80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bddf56ff7a325c34e099bdc4efca9b2f
SHA1 686e13a456cc50db94e63a19f828b72a5f19a926
SHA256 dee838b6a8d1a20bd5a6406c57357b07b621901fb1c6c92dc24caa8f77824ce6
SHA512 ed60197764f497a4948cb093a64dc30270a8a8add50da40c197bda6162ff279303b849798350b011cb47411e3f02ff91c07d31048208b160113ae81592469472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abdc4693c09d32be6c19b6d60a1ea87e
SHA1 345f036a9a6b237812bb38d7778697f0007b242d
SHA256 dce99c06d3a68acf0d120a000729f280ae8517b33b9d69bbb2792e1c8d3637c9
SHA512 4c6302c18547bf6ca522c795c315f0ca0ffdcf7fedbc6b247b0d7f809e40c27907469f0b0fabc305429a944251c22a446fe8423f018e0decbf6c9d704cbfb892

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 68e6889be566c6eaf2852e58c0a728be
SHA1 b8318cdeec1063d27581a760f1c1631f8b936f34
SHA256 e9e8447a0c9c9f376093aa841c9bd33725311d505b945d67398af8c66d43e888
SHA512 262a975a87f73744c33ecf8d7d89b2c8743f2fb4287b5cd1c7207919ed88d8026e8251a3b481a1bec3acabfae075fdb1bed7524f48718ddb2ccd75c7d2ed1cab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf44f2264eaf7a882535e580d2854968
SHA1 4a88786ba52372f70df7a6907755d528dff0f263
SHA256 fc2ba5c8b581f77344ef2f5081d214cef27e45e40c5be9099e585dafff818e46
SHA512 480912c59c3cac125e340211b46a34760d87db4c8d65065c0213e1022e59175745e1a45d0c27ace25f4bad162eb57aa34062c4fd94349972ca1cf1aba2b8ffd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4c019c354e67ab8bda9afbd3d03f5f9
SHA1 9155d48c8eb8278bc26638174da517114865d5c3
SHA256 f43bd8a394943b2f3d35521e4a1beb57cb85f1a9243127ea9dc928453937dd42
SHA512 d3a2bfab5b76bbfac57b6303e649866683b0db7d0ce123e8e8b154a109953a3981790b1eea2dd9c43e8e43354b5246b8f689e7070ebe7d8a79732500804e7171

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc0a8912feb08306b97c723a905aebc3
SHA1 cb94ba0415128fa29f5ed0131151a3b2bab21472
SHA256 9017be4bb7fcee890d2e3e9a38182274798de05813b0fcb4a5ad26a2425272b8
SHA512 3cc1efd04c442b51a2bf25b65ec9a43b74facbe3cfce3611581a8dd6a6cf3c21ef9fe80f0b254048c39a02518e1f1a2ce2df3a2d79926972d75da9a8e85040d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d60c763c8f546abb9f840dc668bc3b1
SHA1 de530e1589934c08676ce16f2b936ca6d957e6d2
SHA256 e4abcb0caee6d1871bd62525a4f1c1b604d74852b315635516574669e471d5d2
SHA512 25ce66f93b206a151bf096d5f9a84890ec8dc730b7cc6fd71b899ef2320119b8a1024774f208990bdfe47c32c6fd91a1a775b6ccc7a21e80ab86c98ebbdbf056

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 95ebafc5c07110e6629512cf50464473
SHA1 7e620c51c980411a0c571168b87783b75debb534
SHA256 896f0685ec250eb224fb1b09556015f4a00aea744bac23e93403977b73807f5e
SHA512 1f30eabc6bb741b06a8d1ea041e8887ca5c94f066c94de041c61e5c7d4070594f0d3db30e6294d44bd925ed6b43cb04e8ac0cc67bc3a1f46408747b2fd5d685d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 852043895dff99a92c6bb13061634e0c
SHA1 906204259dabd340af1aa39463714e4e6aea0f4e
SHA256 de5a5f29aed1b4265ca60ec51d0d730787cd7389ea489bbdcccff0830fb45cc1
SHA512 27a7df215023fee9a8c7321a7ffcb0030b8645f6b9474b417d8b8f22d006a5a8dcf1b0a2443538655e1ee3fa12de6447e32e4a266347c2a914a207a64febe251

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 222a7c08506229c7dac4c91840a63165
SHA1 5587b4980e212d17648c137997447332112639ce
SHA256 acd906bbbd3e7a832627d15cd4cb57225ba68eda55aaae067e868b0f00921325
SHA512 98fe68491ce25e85a16ed9c16383dd8f17281d4ae4b818a0c0daa466c83584a9fd976ac1d53d8cbf9c8a5479e6b33249cc1bb0158cbbb0284b6477cf63106d5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e49712b5cf76acd21be73240f6001718
SHA1 cedcc9a21209378ee0a444dcfce69f3eed840fbe
SHA256 46bfd38e6150d171aa8c9c72f6fdf2107c59893d5a48f3ce62f232985ae96b5a
SHA512 5662b88bd1b8ad456587c67e28d8215cecc1a61f455272163d585979d4093ef8ac830549f2eb2f42a9f5a4054030fece7825ed2cd2becac225932f2196400036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a811eca7dc8b71035b4f0e014aeaccf9
SHA1 cc0b296d0ff271b18643d759a376c21b0ef6f2cc
SHA256 4a0db17aeaaf0683bb8a688998042e9d660d53279ba7a7bec58dbebfa499e719
SHA512 043bfcaeb812bc2fd38f4b5416d99dd13d5e48bf1a6ce7a830dbcfab78a4dae1c7783bdc19b10f692fb0b80e95db561bd19cb3a74f1a1817becad1ddd262c123

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2fccaa5887f4449723e1115db599d2ad
SHA1 e460808dbe16fc69a4356e2d4a9d4f5be3838f34
SHA256 96204b3dcd97e48a8fc1ead9444cf9f1dfab4482144d8a82f41342dff22510b3
SHA512 52f898ffe9f2dc39ce048cddc8f6d270a9faca7c695c22a97df16cdeb73bda03911691ca89e0544d2bb4fd322b1cc65b3844db147215364fd950a18d806580ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d5a071105095e215e6f401f72994520
SHA1 2be75efc7732ec17d13960e0bad49f420add97b4
SHA256 892c8e309976cb80a32dbd1aba2895277c6aafe5e5ca6929cbc64b747f7a698e
SHA512 88a23304c2ce51a7d8aa186d33e4cfba6256cf293016837b203fbbe0ec822e6f90b17e22f3f4f6606979c2a4be3576359b09eaff0b4a55d94711a620789dc703

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 115d45d9f7665b965749982bfcbe644e
SHA1 8bf0f7b04af5593143740db9893348980d3ecbc5
SHA256 128e660888b953987a2995286273298ece54859a44fdfe5b39cfdfc24ad2b54d
SHA512 0a5f3641d7e1830055967bfaab11e067f65b74025c1b188c7f72510913ae5f08bf673f0a567c2c3dac74001731f534e681f4010f341326a34c926c55d1854f3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0cb8d0b1b530436e3f1fb8e86ae7dbf
SHA1 fbbe7fc2eb5e2348e9143e5634c36f7e21f0f255
SHA256 ecff49907e75ebd97721b48210f8fc47183fc93da04f6148551630abdf3fcfaf
SHA512 e03429760472e7c498b71976b2fcd43149a13202854a410bc54084a906cf8230b4ef0d6456926ced00eb46d5a67e1127df9f331859dd7656ef80f6e141946d18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f9d50e14dcc77e9d092bf999c43c209
SHA1 eb19ff3c6ab84f2e82c9ef24fc12a1c6d68e5cee
SHA256 646f4a00b5edce4f080f0254e0070eaabcf0352bb2c496c73c5f39b299c7fe8c
SHA512 6349cdeaf1c727de736c5b0b24e37abb9ee5e9c5e07aad1061fccb0377ce165614a16fb8ed9d06195b007701f80b11a7befa6a4421bc2376f80206d2b5c04fe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1fb84c9d6ba2d07128beacb59012ad9
SHA1 829810914b9fb8dda69dbc30c7f6b8d56a2fa451
SHA256 ceaf71a4fb4633b9c9244b49dff49538c247d529e0ef6d613cbbcdca1a6e542f
SHA512 9dc363802cab609257f9865a57efd5976357e18c6722d4eb7e4e1e0197129895e4a5b673e3061595fc135134b8d178442aca2519d2e966c58e2c2c275be0ad8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 380a251be254f74aedd9d5519c07191a
SHA1 1420ed6363b0318314ed5b480d6da68d8916bd52
SHA256 2d8651ae3d7d94db112d60bb7cdc1e9e23242a1018adaee11325114ca14dafee
SHA512 91195dbbf8733ab1b99e63cf18d2cbbf2b13d177a6fcb6b9301635dade2509619f892574688cd496ba718569e011c5ceefa58f545cf75efacb68dc57a3329e52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1189964e1d1277ea62f066f2b64f6e8
SHA1 568fdbf4de7bd6a8a805a9d0ddc31816eeb40b67
SHA256 cf87a79ba4506ba2521ddad340c7d2db8839450f6ba68b0c003976ac91b81c2f
SHA512 82ff3efc59deb5c4bdd783e6588bb477d4e0a669fcba58b2d55e01d3f971b64b33d264bfbd83fc7df6aad26f0dbebb987d70b4adf2733423388798af8a7073d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09943e78b41b63ed80e60ef2f26c5828
SHA1 65e077e7e815697f3bc1bfcbac978e4c34810c06
SHA256 c24ae74efd8ea5f2e75220b3447c9ac93b9de7faefa63df8d101eed2952cd71e
SHA512 e92fb4ba64a7b663db4b0f30fce6ccbbe11c4177b9510e64ececd8f8a1511aedbc5a73e7e3d52eb8eddde2926bb0e0c73b3aea086664105475718181e6c27da9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5fc6c31c992afc9145675fe07eed8a1
SHA1 40215969db9acb3dcd0cb29fe5cc4833ee7f7d70
SHA256 7b36dedd29701f6e33424fca4f241c79c9362e0e8b062f4230d697d5f708e28d
SHA512 7dc7197c4e81ba83d09a3062b0e2c57acdac1b91f4a29f647d6c1904bd46708102387d70e1297b371891fa735b8edb3d8966528af43bc77d912b2fb42ad18c9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 79b097c95bf8073c868d0f7d1375ace9
SHA1 ad9c5b844e4a8ab2d3f99934c15d5f0f74147004
SHA256 914a8d3904e64b78b88c134e0b815cb4502b5fd90bcaced76c294182270c526f
SHA512 c0a4a819d63321d4d438d79a5c2aebc09c23d4a80f3ef651581880bca621f31b95ec690555b9865ce88648c4f98778a537372d02b741b97a67d996ca0aee60bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5fc7b2376ebc461ac73f18274884fe20
SHA1 34893d50b13aa71573081ccdc58567b979ec3df5
SHA256 e60f635478e8c5250dff0dbc4f8a09ae176696e6474cee6f5b267121f40be710
SHA512 7a9651a38ce18f52814a632ec0ef71f3f5489aa73981a273130fb588bf8f0402a289df09e4e4b33e2c25ae892346b727a9104cec86f03e06cd139c36080d52c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7091c8e3bf5af685d3ebcae6e986b32f
SHA1 1f0a459d6f5135e2f5abc8f374afacef5c36eba6
SHA256 708772f9e1f40476677c828adbfc5c8828f5d42a18df5c3322aca4ad90a5d172
SHA512 71f0078a59467053e8f30cae358dc1caf7bc841ecf3e7d9414415734ceeeaa0c1e0fd9c79cdf46194772402de9b7e6d11312cb94b39240a877b973a7af8cd649

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f0f5bd9a03f30973232700f62c2dff0
SHA1 9c05658cbcb7ba1897280a2e9df069e90a3c0685
SHA256 9e5c80957f8c2f03cb044a5b852a6cec874f4b3ed61ee66911d029e492f507fe
SHA512 a4b5df4416cc13111dd3739a431d5c6f2fbed7f14d1339b2aacf2e7054789183794d09767f66fbde28bb93fb232d02b02618762c7e55cd249cea226f07887233

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f0032921586366305f98c2414ec4b7d
SHA1 56cd80c11572687e6087aa059f24b3efee12e993
SHA256 2a5004ad58e479cf54490beef3c28ddef91398deb14e511efbbd3c678faac9a5
SHA512 e11de02d22c727770e42d6e5ca4c37b8620a75a5389a1e5f13d04d90992fd684fd0ba9aeab9cef930293980e19397804880449b1aea9779a865f5acda8287a8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32bf1607f19dfbb986b298c268fb61d4
SHA1 15a754e5503a79bdf7b027205d32da4b7bfe2f9d
SHA256 e2aaa95bb54238fdad785767e50c0eee14da1bd26cbcd1ddd39813523b0c0a64
SHA512 83cec2f90966c29349ea45aebc15e8d58662179384ff63e44b17a0ac7061ad5a270b5ba41feee374a59da1d52c6ea5d22976c051ec2783d60ab19e83a8d88597

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf821b4bd85e9b7678ac2ff10c6a8331
SHA1 624c17b1b27a3b93a48a0ea5a038d5bcd2dd5e62
SHA256 13c602697f7bf0f9f3548c49654fb7df5987c57a2a2c19872e4491524dc859d9
SHA512 6b5795ba6701065d0c73299fcebc71b197bf95eeba233b35464b2d9944202c86c453a9bedd66c76255537e1cb2a37519d5b7c25214425ef5e07bbf41a0e080fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a77e12e1606ae3f7d4b131cca7084522
SHA1 6e146fbc7437e2d0ede0904644ad59e5282acbdc
SHA256 46de51bad3db60e85e72c2381d64dbe86957f15d5fc96cf7506ea1bde4d9e68f
SHA512 16c5849b78f136d656f4106414463076d5e62ebb627959acd5b583159874cb8b0604ee1f7e68755b1191723181366baa060a0c941b2e03351fef67e1bcc5d749

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7be4f19a6be9df91d23c928890cb963
SHA1 e3d880c4d40eb76e3df24272a19bf1e8064dfa4a
SHA256 87a6e9892e90b6184e4d5de152b448a7cb445170b4eb1504e7723af96c600d75
SHA512 f6a1f472ba0c05e19c5e568c8194a5b45c9aa7d3d12f9d6711293c30e32d08c36707f6eeda87cf061f8179b16aa914129e2c224378ad57f1aaeaa8769c522dd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 62bab7db6470efcd6bf09afa15b438fd
SHA1 cc64552420ca0911636e0f7998dd3d1762cfa45e
SHA256 b8bbd7f22f3709daf32cea293cda0170bb3092b7324e59a2346c1f6112fe1c4d
SHA512 409b5743776cced5e51d11432ea8b037cf06328ae6680bd42fa221928e5020f7f18928a60d89b95e8fb7ef05b39ce3661776f1f76fd8cbb1c59e8e9d18c304fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a25c9937b652eb77fc608701581fb517
SHA1 6e399ca6d8cab26fa78d33c4cf5495ddd5dc2236
SHA256 a958495722e228ab67f732cef91ef587141ca8fa1308c9adc26fb0d797b43b83
SHA512 506e3e60c1c7ae8804182f48f4ecf9225c16b72111ee3f69455df84a2d2ad346033f1d6f61f742c3901e1ed88fee995c0df5c8a3b20399a6fb8659235083a758

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d21361e916c35554f24e610caafb946
SHA1 61b89c9ffce3311781039aa54ce390a33012b865
SHA256 37dd352be62785e630723198a044d83fb1d187025c1a6751eb808bc75886d1b5
SHA512 891bda730acddc230e6b21a00d08b2430b8fad3defc1ae817cf006b3b89da49d40a6045400bcd5b71ba86a72ed360adeb6d4ebfbb279e9c01514fbf0f0566704

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2b6cc163cd296b8d2da1826ff53d8ec
SHA1 91176bd797f082037d294ff9066690cdf5eb3466
SHA256 72dae6401bde0bc6574f2dee5671dd84576e7923fd17de3f7e337d9c7c8ba78a
SHA512 881be55a6bf06a949fa292c89fcde16375671d5d954d7128480c4b30ede52d3eeace7ef325321a8dff100d3e6e04b2733376e58528c5fac1c51b2d7113153a27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0a6f86a9a258158cc37179d7c06abb3
SHA1 846727b290448a7b83080e25452fa4d39d31980c
SHA256 ddc360c4f883240d046a092f8c602c5a5552a56a6aea34e94b8fdfda0cb53d2e
SHA512 0093631c94f02ad9f154bf694252e19a651d220f5c6b28cf21d7b5b03af040159d1fc71891734d8390e2f00f6f6ede11fcf82329630ad907d86ac1c7617094aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f874471b2d6df559686b60215a0ae7c5
SHA1 8a84dfa440171eba4d1927cdf8830cfa99d9d67d
SHA256 90ad1bcd1b14f19e426e66699fdf89fe9d3b85b73790e131c01fc27356a28e31
SHA512 29beeda7f125127cc94940ff97ae9fd34dde151053a420753e3e736c36648c789ba002e612939c8f1416a79b6d3667b9da267b8930ee703a6f617bec3a44bd4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53f16086c989da57eb08984bacbe4cc7
SHA1 dee4b2b4323e80f2213920336d438457ba590200
SHA256 79ee98087891fb4b3d52ab8448f687b3610de7f2f51c8937e5967a42bd1fe98d
SHA512 75a70c618379bc7c27547adc7de972b814cf47df2b693e1446b9186e7a481fcfbb7716f12c266a78955d3ab809600b3f1030445ede90791bf0fafca9a6074522

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c51f15adddd4f696f5227754cc3b66d
SHA1 05863173d678eb22c2ad8d10db9201b4d68c48d2
SHA256 b70fc1ecd689779465f18a13ae88dc7b088e931654407f0b8d2c62df581ef928
SHA512 d559926a18329f0d31b15b58a5734940f2b9778106189e508049a156f19d5974141892480eaa61f5c72fb90d7d690a9bf99b20c5959b719fe2d406b448eba1d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9316b250c784192534353c6a31709ec
SHA1 6a69038ea515b451537a3459a4f8cff63a0ca931
SHA256 38bc9df2f52835831a1623f0d01cf0a8b73d6d7c51730736ce8d6c1c2079e462
SHA512 a88307f6c39095bc7c3be7288dc23745903e43a2aaaf0548f7cd6259b7b6cb4d8c5334b2b54db65c85fc68676eb25ff04739eb6238bdadf5b412f1d7ed0d5141

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-30 02:20

Reported

2024-12-30 02:35

Platform

win11-20241007-en

Max time kernel

899s

Max time network

845s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799988470065558" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3200 wrote to memory of 5108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 5108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3200 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/d00mt3l/XWorm-5.6

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaca9acc40,0x7ffaca9acc4c,0x7ffaca9acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2148,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2372 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4632,i,14999521081858164495,6652517560040061279,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 234.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 224.0.0.251:5353 udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 bda49f9e1cd081fc9a1599f876a3fbd0
SHA1 17ed07741f013a4b2868c16b2d825e969d045a25
SHA256 d7d6a683b2a5aa56f8a040640a70c50349001277604c629cbf991cabe3db9278
SHA512 7e7b7a5409753cc167d5207aa89599ad5603c3481dcf386314c09484f338b7cedc46d12037ff47599b6dca76b402af8092d8edfdcc05a70e98f8f8f29724444f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 527c4e5ea0c896d32a7a37fadf03e50d
SHA1 559705ae3fff06fe50dee02ec2f84a5f755476a3
SHA256 4eb518047a2857d808f02f94693af3603aee9b4a3ab184d013aa0a64793fcc1c
SHA512 fbc47713458062ecf7945e5b2799c5e5edb5648b335338f95315f5d53db97560ebd89cdc35f8bbad7e52b66f99e16aedb21720f9fd4d65e22a3f7640ba081e70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 888039b077e6449f61836e81655b80d1
SHA1 48b3719280e5502c29f1c4369df9325355d0a019
SHA256 803bdf7acceada1fc05b8bb29b34d6afd16ede0ac06ff4892ce034c818f0d80f
SHA512 0ed89c3576cdf4d2aed13e1a717ebd752e6626aa94b0d6b697b7b6b1af012841e2fc971a0397bcc054e5bd42ae101babfeabe6e9ecae73525e4a56d7ed15e592

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55c50b1b438233f88166a882d5add764
SHA1 9c4142593630d5004da8e0d65b6f598133d0bcd3
SHA256 7a68580e6c8ddca1f8e80841af76d87dcc46b2730a4d806c592a0773a9ba0659
SHA512 7e931d53d1abda008ef19914ab007e4e9a862b162bb9d3922aeea8a4db7540ea441d1f7b85a3532b7c571d328fcc63f45e4235a68f85c4a4b86a79f991012400

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 78f93cf3d485b564e7557e000fdb39cd
SHA1 33341e20ac55c339d2672533897965aff51dff84
SHA256 b148f8e6ba274190e36f43b94b72a1ed45dffa168fb8d0b5d3e8cf8f209f0bc0
SHA512 6ce065dfd1e4ad7d5762459aab3792c6125c73a0afc500f306596431487e823d6c12fc6b159a65dbab66bad4aa5c43305bfc173ed9c4762f0e0a884a2b99c788

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d620902b8ba50db943d852d72dafe47
SHA1 7dda6c67c460661f2eecc4beadfed90f74307193
SHA256 19082f8599474368f89148880960e5d7520d4e9e7c97e09f8afe2299553fee43
SHA512 43194e379394aa2cb024d3df05013c819002d4f180608492bc3cc50a9bf656d73c7455ec50bd83fbf091f29a79c89b61413394c98e36b83a4450e59beae78678

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b5ee215f-8df3-449d-8c0e-ebd9afa789b3.tmp

MD5 25a6a04269084a570d2ed9bd95e0b395
SHA1 78a39f85b3e5b0f9e4728d40d12b770421333065
SHA256 b90d6bb96eaf3bb15c1029e237665763a0eec743eb81630dff4abbf932025aed
SHA512 352356141f85e3c75b2792f8c97ab75128c0153b38ade95d8a6d3cd3687c6a5212e59d07d081f137167152a1f9ffdf669af88cf0c1ffddc49528841c83fa8d2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dab592422d841acf2ec890f08908aa79
SHA1 ef58f92c6180640eb844acc04d22847085239c6a
SHA256 ec9b5c4b96e016e357e313bd74eb57205539908ca719062d1faff67a4e6e217b
SHA512 96871a046c4f80093d135ab4b7cb7033573e71846fd964c4bb0e1dbb299f6a4f84ceee6b5c583914daee5b6bcada1e9c11f370378395ce49e7d26cbf8104a5ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86b2604a9efb24eb40f48f580e7a276f
SHA1 5ae81c80ab5963ec1a2bf6b6eed1168235e67beb
SHA256 5eed8a7e91e530b36c14245dbe1ba8269a345f8205be6e16837e841507019d40
SHA512 5d25a2e2e981f5c5e0d69ab4fd79c491c5bec552dc53e232a9d1fc41d1f5b0322bf94e4ec254680396da76a5d7b3911d2083d878236addb2c084e7a81c84cf0f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 357039826d3310fa741cfe724f0c3702
SHA1 b41ce360fd8cf6caa6d6801b3d38f0c130c5163e
SHA256 48f39bbddca2cc187a3326157024628a6167b9ac57abcde384d306da8c141486
SHA512 99316c163a493dfe4109f8ec96fee0b83e09102639099e06ea8a9f2aa3c38aaf7d2aec3489a4651fe6e5aab3e83ab4f7fc16885597262f4f4399900f9eff0d12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8dea033ada47a346cc5edd3df863445d
SHA1 1b03b0ffde27feed884aad55c2e75444e925f40e
SHA256 c4d0ad71f7e258ba31f0abab2565a72d3ae70420e44713948c7bf0bbaf35f382
SHA512 03d7383601186a717a9d974671fe189a35cf615f6c62cd9c614d92aee5ee45039bd15555971dbd8791137e1b869aba7cd9bf8c95ef7f568938d6b1282fb21e78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0345a5575b25b98888ebb491e2ebfd5
SHA1 5db92ecbffb04eb73dfd5bb573b715a804f3db83
SHA256 19044dfba8f2dd0b3e846b0a799f2fe637b688a8eee6ed89c3bde9d69d83c9bf
SHA512 f411bd1d8496643d43184ac4fe8dea090395f869e45c3b741d3c84602888b4e56031200980c49b3f099804224094207d13e55c3daa964f4043a661c69072028f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31bc3edd33bdc84a28e3cda6857e54c5
SHA1 af756e205413e900714635327932081bace616bf
SHA256 d541e8c941dcbe23b1acbdee3a4c41744d6d1a37bd70ceaec66da0d10ad7d24d
SHA512 566ebc1b2cfb51aab3b73dcf4a3769ad4f5c254374f6c0fda13140609873653da29e94e85a69b634123ceef362dc2626872311f17738072a30d8cfc2adba62f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eab9ef4d51d98795a229388f8dcbddaa
SHA1 57d762fe84e5436016c25ef3034005a46d719de7
SHA256 7dd676c202afea53ea33d1ad43b777d7908434f9977e9e986e260d0eef2f4035
SHA512 83852b4cb0c6e188ef1f1bbfe0db77bd4c88f9e1577148dabc804e15e21e2d899e9ecbd33327a5a964ec8c4886e54d389f8751c423833882fec2637a547c0566

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c6c2c52b51c243cf6d30ce8c8c51087
SHA1 73a38c4cea66096d1687adca3f53dc8ebfc4e3fb
SHA256 3187597498921e213b267386aa0d2b450d45454ddde7bba39b761a63ef47966e
SHA512 810f52efa43c0603c2765d09c9b742abffdc6cfec37f3527dd73867e04c062762b661fe7f9f022addcbd6cc21294b412d33b76f457165440eb237ce3527f6284

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe54805b46cea73c1c39574cb7b76725
SHA1 aece3d19ad155c442ef1f2397384cd5186b42274
SHA256 470796911b338a13522c5aaa7abe88c7a3566dfac4e2bb425b01bc528489a348
SHA512 353606aae3ba615623d21b0f996c0df3e07d19137884c17ebbdb45d024d2bd2c6221687fbe710b52f7d1e3f5b43d905c7a7342b7a0010c01128ed2d33b62c954

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22744a3233b50e1efcf7d075826106da
SHA1 72d1bb9fbcf65c34a7302c9c8aa5db6c7491b47a
SHA256 5faabe8f17a9fedb5ead9b3038b6079976830768756481e7265b12e1297c20a1
SHA512 f36384005c11687b48b8bd174fa16f1febb7348d274da176d9320ec2ddb90aa95ad2624266c83b5b85f71c29efaffe0774e29ae8b785f9fd65459143532e9a3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a04f9e5228499f62987d2bd4c49532a
SHA1 26fcdd474b7a18c45194de5f9d974f5d2369f93b
SHA256 f357fe38ae733717861bd8367241462e18e426d94bced5d100cefd688250962b
SHA512 51152c5a22825ba0c227050f5a4da15429b80689ede85319deb47f4eb4644655f454118377a1f0d6e8be6e7601178425fe159fd1d5420f196641f76fa848a9d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bcde43c165d608ca537595d199a43ee5
SHA1 08e1cf895d7f44977c01322102efbaea66769842
SHA256 e345fa70ff378bcb48833a24a3e468760a72a624bb2a3d9f616dc2424b21879c
SHA512 fd656317255496941228abf84ffaedad84324be43ccb93da3761212db150a808a9e2b6ff537b1e0c7fcac2487414cbc3a5484b721fab8145ec5c046df062ba1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ad4340b013c04a366e6837e75bc5cd2
SHA1 e6dc4e7c0b75795352c928d76ab79bde96f1d468
SHA256 ab4aff57d9074bb92c19e6705770a853d92501c1d9b0e5bcc644a6c9947df6cc
SHA512 cefc368b7e2d3655c41d4768f7b0cc1927f38720b176456b0aa43ac26b690eb7c09c85d1d65607faa70a46baa35c5b29899558b310a68aa23a8443c843f3f835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53b2d42ac2948b94d5801102b330ad8d
SHA1 4b04c6b8f256e7ab02e86a9e3489e5f395fae888
SHA256 16092093518e6132df1f0b4cb5786f1f1654ec1de421d6a411b8b7f4eae8ff97
SHA512 67475f3c4dce1855d112800891ecddb0a3c5cf2319291f9bfd9708423465b75a0ddc35c6e66c4eb1acb2d3523d4dea9aca3f7cfe86cb349783b4105ae583a37f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 130025d5828238fbd78b19ee350d5795
SHA1 c908c5663a4a8cda94281f14b0c21db3c5109cb6
SHA256 1402e7d345ba833b029cf4988d7973c9168fdf82cfae95c1c40e14e5f0c88b23
SHA512 ebff919825b427db4c59c1bc97ceef88699c35698bb8ab6386ea37c5d1c737f39ee29a80f77165883fd245811a3a53ae874c86515be1c8eecda94833237d68b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c3ebc5bebefa2ef3289b49ce91af37b
SHA1 05e78b582a375a617eb022d327197472d8f14e6d
SHA256 dad1737128a1e3cebc9670744735140d5f6e013ab95fcc7378715d562421f5cc
SHA512 cccc004e5e439a0c630faa124c89ec24c8d9e0f9a9e2ac7dfaf3ce1a56d400c87bd4ee1aa7fad8d6e609e3ab04b8756cddbf967cf5ea044d4a9029f38e5d207f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01749384973622dfbff31f6fec6cef39
SHA1 e1550c47a272dcfe5492ef40cd9d835e50a2aa6a
SHA256 b0efabd8c48eaa23dfca824f13c882c414bdac145e893602e7da5d39a8ab1a00
SHA512 2692df445f8450a757413d77819a167a41b59a34b535dbbe76e79070dda80b97bcb9b6554c36e207ebde1a6f6fa0d0610749058bf6c50f6afbd9cdf7c2fa45aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 202d828eb45a8d98f20efc233f4f1597
SHA1 71a3dc3c84034c7ee66ae32d891a21c2a1f2595f
SHA256 15c520f063fcaccfb5a64d7d0b13f770b45ed711a47de5da98b9418e2c612d08
SHA512 e2a395befce19c5883b870f342f20cd2ab00a0f0c23c686a31d124037e23733cde54828a9c6fbb1e44e26cfe2f0d46a4c22a89a677161f7a4eed73a128d944f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c0574d252c7247169ff3c56d12039fa
SHA1 376158d0114d0f6648f03f44709e31255e65f850
SHA256 dc2a017e6a3178275343d46ffe3a731b6c8fd2e2be2657784b2ae5bd6e94a57e
SHA512 50e23bd07aaae4853f3216100394932f8187d1b26d042ce090af10b65e6f4807511041936db8da10b2a96dd294c491418b6585776316ca2a1779f5035d16b56f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6cd46e55fb96e36423f2a3cd449534c2
SHA1 5b10748c104637fcedefbae914183271af97b821
SHA256 391a22409ee04303677d7694702404361bdf4173ee63bd8547adb94653fc8222
SHA512 3d43198d9e6501f0b33631b21b6dad7846de6e0d0824217a67c8e2409acd222a2a3b00eefca5bd4bc16b7bd1e6522705a6082e5a0568c41c68158e4af8943e64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be5b01963df85c8f86330e496c178bb2
SHA1 b84c447141dd4ecb072781104890b27f68419a43
SHA256 e8517974d7deba05ff10446c240f9469ea2d121537c5711cefbeef9ae7421f0e
SHA512 937ef0b7c5e9c4464c0de722d3da20e86238bfc81f91dd53aeee193068f03eacb3817c8dacfe26a64f70945ecbae41aec6cc5f4995b06a1f5a3ccb9fa254f760

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de487a341b07101e2579f851f8e403fc
SHA1 a3822584aeaf20f0fc98cec946a9837bb8ecff3f
SHA256 566fc6bd044f9ff42bfa2017596155e9d8b233027535c0c2a308d1631f552fe2
SHA512 3aa7e7f98d73ae4465857bfa53a8a8505670aeebd1357567f4a7aacc38e65a13e7b0c14e727a6664266cf95db8b38fd4c9ced7b641ac3b211168f28033b6274c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f07802e78403eb13aef4950ad413290
SHA1 8513b5db619a0c6d5d03eef81f4b4991dfb36b1f
SHA256 34d501a01bc6d665f28ec69722fad1ae60bb0423231c38c2a698a94ac6548317
SHA512 d4a46617d935541d30d668091cfb49bdf1c29c2015fc6b25a9c66780958f887d705a77da45de7fb3c2e845c56cf74416ac3901f46a11f77acdeb01859c50e710

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43e8297bc29ba1dd3bbdb01a61c420a0
SHA1 ae05bac71afe1be06cd3b7ba0545d0146733b8fb
SHA256 1d7335e8df0ef400a8a53f47d59a7ed385409f24c21e7c5e72a82b3162ec4747
SHA512 bcd936878bfdd1acac69549cb488f88fa4671f47142447d82c4ff206b7cf88bea1d3ed36ad9b5f7d03f191c966b05e6a982da6261231e1cbdf21467834787a75