hxxps://github[.]com/HexShifter0/Xworm-V6[.]0/releases/download/BugFix%2BNewFeature/XWorm[.]V6[.]0[.]zip

Analysis

max time kernel
899s
max time network
846s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-02-2025 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/HexShifter0/Xworm-V6.0/releases/download/BugFix%2BNewFeature/XWorm.V6.0.zip

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133829300129243136"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\XWorm.V6.0.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5420	chrome.exe
5420	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5420	chrome.exe
5420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5420 wrote to memory of 5520	5420	chrome.exe	77
PID 5420 wrote to memory of 5520	5420	chrome.exe	77
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 5100	5420	chrome.exe	78
PID 5420 wrote to memory of 628	5420	chrome.exe	79
PID 5420 wrote to memory of 628	5420	chrome.exe	79
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80
PID 5420 wrote to memory of 5800	5420	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/HexShifter0/Xworm-V6.0/releases/download/BugFix%2BNewFeature/XWorm.V6.0.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd34f9cc40,0x7ffd34f9cc4c,0x7ffd34f9cc58
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,13933595323499221791,15149370694927319993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,13933595323499221791,15149370694927319993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,13933595323499221791,15149370694927319993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,13933595323499221791,15149370694927319993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,13933595323499221791,15149370694927319993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4528,i,13933595323499221791,15149370694927319993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4352,i,13933595323499221791,15149370694927319993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4564,i,13933595323499221791,15149370694927319993,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3524

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
aef5cc1541caf611a9993f119a214135

SHA1
03ff430dc47032585a012a621e2e1137e42d4b2b

SHA256
9002d86fe6faf3e05a4a99c6d89086f3be5ffd758ef2f9e0b48c5b158d89b460

SHA512
ed01d3c2f3680ddb45157db266ef7155456a5b36bf251703d01d1111a74304ff6e2fff8fbe60c84b9ff55e2f3187c3c42ecbce3e9904fd2c1ede9b49d3a91538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9e38770aae3205fe05c7dd3d0920b697

SHA1
a3a82e88f43a4203743d2e46cc94ecfc85f2771d

SHA256
52df86f7a0e3c683d468ea2ac362cb1c9b710a8086142a0acd4bf2b8b5173412

SHA512
eff5e4f6739af180d661f013abea3f2268d186415ed60f5da4e6a9943456a40867851b2ab96a0530ec557bd767fb23e184604db7e72c3f005c3511b1f3627f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ed0be8ec7fb8bd94b4e432902b7eefe9

SHA1
3b75d78cce255e308236e6ad168c4630c39c9d51

SHA256
27f7290c0b4dcab89b7f8ef298267c54d058d31b6607f9f6250fdf60d6090982

SHA512
b6000f426c1aa17513845a48de8066c2f583c46b4115e28478f3bc69fe0acaea1dd74256a4fac1854942732c3fedeef5bae788b783f7f13c202bb5965581c266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fc655ccc6c443b12f16a30d7d0551888

SHA1
cb542a60863bf91df8420929f451b230fa050833

SHA256
9ae3b408194e0710b192a1802012ab0b723a9a644b37f27477c119e711dbb564

SHA512
2346756c017959f01b90daad46c76f681ca31cccca427c6cfa7bbd7ef96feddab952cdd1c40d789c1d406ce30ef01485829f6634e2c343e8fef8b90be770d103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ca12d245db72210af52da091a8074a55

SHA1
63f9876933c32452540df3d582e54b777443ed99

SHA256
60fc7b4e4834e2d64383a89320005d9df81de8a1ad6b387594e7b3516a58eedb

SHA512
d45126e1bbd8239b15692f13fef5c272dd42526ee799facc067831c639581e82043f90e94bf51377da8a2ec96b1a47539dc938a91c0f52209f5521bdd72f6dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2b1146a659ce68b5d05c47d4b5d2a528

SHA1
d234496ae00e82905fd4bd5ffe21c58d5ba2e4d6

SHA256
28b9569c7474511bf3a016fa108729b4a13a440845bee3c4b8de2a2df7a8c69a

SHA512
ff592d89a7cf33e3d09880fb2086ffa06635bfe8d1a46b136b4e74474e166ce4a0a0e792f615b13440ccf46e442376225e2ae85024a672591e22c00e576d4325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a68cb84afe1e7f9733763d6edd9c34a1

SHA1
0b2740583356e563a4ffe4bb76d845a582ddff91

SHA256
cbf3e252e160d51465a5aa47ef6988fcbdb3bbad1698ae06f50ea8c326985366

SHA512
72f63180d472ee10b8cced708e66cc3d5a9caadbe01d829f175c3de77fc919e6df83daa4c23af5605f6234d6e02b34c4fd662000d372b3fe86db996e4306da59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76f4dd22b38294523f434c181be43538

SHA1
b8a60ba58543840699aac9695a0e0fdb17217bf4

SHA256
2339f3249a27f515200358dd7bbdc3295e33bf09f88221623845b9a32620ea30

SHA512
0fc2f5dbe2acb0691ef970530120254d509a2a27b91dc5d9372c20aaf069e7486d29745f4d3c275ff6c5fa305f68c7268d22e634ed1cfd8e3265a318295d27f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c370f812611dedc3caa01e0bd0d5ba8

SHA1
32e892f8106f498f8e8a08b569db8aac0a64e918

SHA256
d5c14a5666d5b87d810c647989e1ea1daed039f2ce626a7568b25b785135dd4c

SHA512
ecf5114dc12a0427bfab320eb70fc5ba8416e4c7b4e418397ddc5809ac58bebb766e69fcc4256b358ce6d6e3a8f2f7beed6120e18ac2c364da1039892372ac3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e02e918d535b0659f742d5b1b89f74d

SHA1
47e19373548aae142af04bd3caa9e9d657916534

SHA256
4323000f9ce48934c2f49fde1ffb98aaf537e78248291bf4f0fbe8d8d9888f66

SHA512
576daa1c4bd311cb4c6987695ebf5e18005c54435629c093a75bb4e61fb773f8dc6d057db5a5c0e4f13d7ce9f7c2d9cf26b9cff4099dde61017f9a16cb6be004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b1363edcca10c9349eaf02564144032

SHA1
0a418f2496902be314f591f9d2aec4c940d0300d

SHA256
b68e3b0b610cba55aba5e16b341fec5901c79ac2adc61c0255455498a1a9dc4e

SHA512
7e4665af6a171c47bff79e1a7b96f0b7fb297d94049d33536772c9a60c2a1bf2362a95d3061b95ab3dc2564f7fb5baa557cdfef8bccee89661916649fefbef53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b5f4bcad6b301cdc97f8a250a6e17bb

SHA1
8397d63736303d9331777149ec4fca00d81d9179

SHA256
01991291fbdb83bc5fbbc54c901af3f71b27875841dded685bebfbfcb4e1223a

SHA512
c79f30dcc9205d49a46c8361677834d24a609d35fb95c533a048b981f25ce33549bff45ed04722fdbf40396fe5f25457b920814e6f2f5c2ed3304e6c8516740f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3b225d7f41d0babcaa963874bfd8137

SHA1
0c6529d6f14a968de41b757e77725dfc3c396f7c

SHA256
55def4f3d4e1d084197ec8ca00dee2e25c2df4d80ecef0df8955b3c5d84b663f

SHA512
ecbb6d230e4dae94952d0f71fa7de7909176b24ecea69739e5d44214bf07f76cda44c8c02520b2ac19c8a0387c668313fb3055fd00b8ce03526fb24711ff7e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51be80e529583a407522a2049cb703e2

SHA1
77f9339c86c9c709658d8c7d12fb225e8515a406

SHA256
a769b562aa4fa251c15ea3471d5df68feb3fd4571193f1421e1db0ccb3969983

SHA512
6160cd312937de62ab6cf0f66eb5f17a5dd699301def35d9e75b8f188d051cbfe1e2707b82cb534438256335fb3c1f8d4850761cbaedbe3f321c519d106d3749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
edb7927475d41c864d978342730f4d83

SHA1
2c9a9db4f1877cee8e7a158fe10d850669896d48

SHA256
4013cce518e07e5f8d070c3a4da7e6794ce771f24293177a024bc2f1c7aff1ac

SHA512
f9aa69f937025b2dc7b7b72be3ef5343c0c1781f995b95ea98995bfce3c57946f517e2c5b37f8345b98d57978cdab329d6ff9780f57f263da1b5c24c429ea8da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f705cfab25b830b2028a4e63d62224e2

SHA1
5d8187f731bda49518ea776ff571404cd1336837

SHA256
173ad7fc9ec47f5de231805d5a39da503bb0cf9568d519fb9fa29632fe7c9836

SHA512
8ef0850f0603ed1ba26fef1140bf0957e9bcb20de950e2cf0445116796007f0ee22d3346add99d4a1148dbdfa768368b5edaa792f947a156c514ddc649a6c47d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f42514211ac7f4e6dcf909d901f1f9a9

SHA1
3025ccbd8b5f25205b6e468e8a2792017aa04777

SHA256
8f02b18ee21c25b733b605b187f80cbaa304d2cbca7ba8e5d49d8b5217ed94ea

SHA512
317859688bc80e5267ac8a4e6f255212bb0893abc5873f7310aa9d569cbe2d704b018ae28430a82438f04882dbc714a540b24a5a6ae2a09f3e67746a70043678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d33f41e02f11ff19a73a68e115a76c1a

SHA1
fa31a9462438f191473422d6e2dc07bf84587740

SHA256
0c0f30a04d1e4c09a937bc4078efd12b25da71140e502e58e02ea1685ed2a6ca

SHA512
e617e698a6311a6185b5a99a65d9104bf7310889211f3b0037d66eaf8ba4dca934211537cbb926aac08f735e1c6422eddda52eb960ee58e7f27f5dbf10a6d318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e47332a85b27d25c25814005e4b28f6

SHA1
1a084f5bf737def4a66e55bfe9a985141695c813

SHA256
b6d70b82130701316f26a200808dec04b439e6abd7239c6c481262c1a656e7de

SHA512
c135f55e9080d95c4984af93559278088e4db8de75cbfcce4179f23f24d81cb77976809e4aa9dcd0a558cd8811777285a942052de3630eaf46d6dbc6ff65128a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b2e5afb8c51c336518e1edc5c430306

SHA1
7d4fbbeb7976082c06de3474c3e44b3b1bbd6bc2

SHA256
c6c4a0b10e30978b2e6d28900ccb704339807f0d53f998d39bba5bbd30733dba

SHA512
2bf08381f0915ded3d4b8922064661431db5ec787327cb5bef27aeee7175c26a35125ed253ef8804f3a0cbc6040b5988969e2b2b948a2f01c0a885939d4c67ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed5c338064f6f08aa9eabd98ade79bb8

SHA1
0cf3cc9979875093b5c1c030199007b718e29ddd

SHA256
14b5ee1ab074792271f217de3ed93b82061ccc58362d3280f7ccc61e606be0f8

SHA512
3efacb5dd719cff20490e6a699bed2a26999f389ce18fceea131a1520ff196f1f97500390cdd6465a79b8a5953f39b476703d75f80b0919d8e677ad189621e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d49586ee6aa218daa8b51481e17a0902

SHA1
d98707f928b9de0a11149fb2332a20eb260dde14

SHA256
1a7749acea6f3ea03cf8088d9ec58f8e0ef6bcbd91641509b117394a21cb2bcf

SHA512
6201a59f3bedce25893e00d5b2d458f35f1a0a455acfc180dde3087662a1274abac3aeede2ed9561cfa172e26927cb8093b68c5856977698c6be4d8c82bbb0ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8dd4278dc7e831de4b8a6f4bb85f0cfb

SHA1
3e47f77156b2758b94af7bd21756a71820110822

SHA256
c8edeb069d3ff97cacc00fccb1bfb36563a7d31bccc76917eaf75e7d015a0e6c

SHA512
54772ee4be0cdb90336c7f88b712e996626c6353a4dce9a444cef18c9972b349374ee0f21bd19c001489691977f6c613dc7830adc3eb4235c7d7b02801de60bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
60c7a842e67ac4c9df560d2d0c81f403

SHA1
2e4a93f50735f5ccaeb8b53f66219117522c0c4d

SHA256
1b1531d308fe2087c9e1463e1aec146eb8bcdf25c0c4ca9d58bb4649e27e8fee

SHA512
f915e2f0f512e1734cfcb3faa0a60870c9359861c931c3a64ad99af7b58b526f0703c1fca38a0f65f8db1cef9157c8a15b3b9202d100e31e1320ed62527dcb09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3558ad17103fdbdb8aeef42c2cba1307

SHA1
5b2da39e5611d37156e315e6be638be469a6cc93

SHA256
1e20bb655b69d76708a1ff783cc3a1fb9a7f6ffb4d5526ace40af7ac63435612

SHA512
94203cc3c69970014086d8ecaabefe2424ddc9d747ef69427573ed6eb8b17ce0ac5ac62240e549be5e97c9d99d86a5f2d4efb7ecdd7181bbd42b781d12c90118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78f6c92f773c9045212a4a0f78a6f649

SHA1
49c604d95481ca42053c0975b5556943f180244a

SHA256
4d8e37e416bce6d6c275854e967a7a6c0d0d99164693fafc1edcc0cd48623745

SHA512
834e94b57ecb2ea1a8035ca51d623624f12d286ec1f1b0a1038cbc5c7cee09b1e38e4e2720236684978ddab8d9eaee87a05df9ebcf6a904bbb19a93743057315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c4decba082145101400f584647bf6ee

SHA1
2ea7496b123f2b5084d46e6df906ae7fcd1e6a0e

SHA256
3ef011d7e7a309bbdc62eaa6d17d3259fef1cdf351fc1c2cffdab2be00d89ade

SHA512
a1552b5010d1784dcaaf2f4a6a71c90f8a699d1a094034d3ba5769300f6e2e31913f2203981f1a9df0457f13ee2ffebf9f98e74771d6fcc50fafbc7698534c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06b1a3d34c1e6c595478a75f1ca46754

SHA1
0f4ee3263a5bf9b3b70d0ffa907464cbca387dab

SHA256
ddc9a8c20de187de8349128fc9cd915e4b88dd00ebb26ebaaf92a1fa91e34e54

SHA512
a4652202b7959575106e109cffd9be6fa535b9128ef50888b84507ecffc2b9b33a8002dc94bd4d9749a7aa3102e501b1497b040eeec0228258f2e62c8bb72ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9078f084ccf0dd773dc2eba4a0a7217a

SHA1
658ccc94fd3c48eaad13fd76f86c9981968828ba

SHA256
9f426faeb41d965390ba5c7c68e295de3b599ca329d4fee18e24ceabb8b1e3eb

SHA512
3d23f11fb3547c2374201321c0d393da01de2e5f13f63ead7772c9996ecce7119f7d34ef1a3a1fa5768b1512ed183cdedb9f73c02325e33134c3f0e59c2e7479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc1176fb5adad8d27ea2704ed2e73dc7

SHA1
11c2ba044c70f8516db71da65eacb97457402937

SHA256
df77b8957d502904c91407be71075b4e86cc93ce656585d934d86f0f8b3073bb

SHA512
d63f4701e51447195707435f4071bc15a9ab0493c34ea180027d5eb52b80ce84562e45f6f98f1d6b6eafc87cdaa7c2c688df0b618bea9e364001f2a2b735f033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40a7f789f1d2ccfa40da1ac26681f0b3

SHA1
647fb9beb46b442b309e82637ce3cc47cb528c2c

SHA256
b612a9ea0b37f1ff6832c573c040df1de0695aa0cb0ee8887d5061c2a97ada6a

SHA512
1959f7311f32eff02d01ece15f2adb5602f538c3baa376dd80b5b1b1ff5e71ee0a70eef6a05a36ec2ded71991f571483e9984041dd4f926d055b6a635996731a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8db1d137e53f18473dadff76c61227b2

SHA1
ebd6117bd8c5c4ab9a04328ebd68bf5023041710

SHA256
dece9c0ab13ce5ecfac117ba9cdbcafa986e48c692832226ede3d16bcc3c4f98

SHA512
53a07730a38a1fb086809808c75bb3989feb501576d44528596b9c9e542d6841cc4424b59a365b9fff85e25cf9f07f92c6afe7497942e58e78bc145ffd19ea8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85c3074992f4fb1341e980b4b31e2e5b

SHA1
ea26408410ee507f850f7d64983e30588a7dce40

SHA256
0902c18a3ea3ad8ff46d42c26d5f090d65847ddf108c03aef2f4e845db12b289

SHA512
e789e8e377833dac2694ef634b51c93af2f78d4fd5d30a3d4ebca795a18cbf7b46a1ff7f2adba23debb973fb16821f5d924cf543e6ba642b5b28e0ec8a671105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fc6af97014c7d290d36814183abc0de

SHA1
16f691cbb1c7ee41caf2e0014b8f0df2106f87b1

SHA256
ef425886eb6d9c2567455269c971e3d362206d36ebc381e8de7a844dc05228e8

SHA512
b2190273ecce1b2e267068f1a8dbaecd8e42df6e2a153143fca0c6516ccdd4166a4d0b377fb27faa6e3438de0820cdaf769b72e8ba41885c16dc6bb6b45e9ae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67bcab53f10a96581439353d577fb968

SHA1
7ff1c15394582b244f0808960186ac71b394b8f7

SHA256
b66c2c95d7e4eee4b823f70877051692e0f156388e6ad496b89a9d94f50a140d

SHA512
3abab105e722aff9097a5f04cd596e7af6cd55ac4be7f4b7f740246c974e32dee792a474cad911fde0d92892c275ebc08fa3e0aa8735198458e60a7faceac122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee6821d4b650915c4b0869b9edd87652

SHA1
0e69d59b9c448dca9cfabe5c3ae0b62b3be07322

SHA256
7576745c7bf6524cb289598478d1b639bda011f39b1a363efa9a9336c52febc8

SHA512
14c8ab8872e2b75394de391bd4cc4ee8531fab5e0619f821fe1a38885b2e9e9a7d4d47d5a82cbd6a6cd80d0cf7321c360e349c7b42b3c7966e3be8564418af40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca59334e6628ca61678cc8aef784e950

SHA1
adec6fb036ce2030e2e0f4a69f8df0f7a03236bb

SHA256
d6d894b77dc3b74bff6a19c56ae60b6afcc0313a60555b4e366a5e8155cba506

SHA512
7c67559a68c33cf4e5dd7546d3c56029764ebe354b5a6c17c6a698194866ad344a352fe29b36c1543ee90e6bdaae2d95932094e7c2b38b063d48ce8868b81c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
215b9a67594a8f0b0e17dc020857f638

SHA1
48a617e05920aa5000d0fe552bc2ea86670938a5

SHA256
8107ff0fb73575751fff18f2f73dcb82e2f4ec85af565f3675145cfaf75341ae

SHA512
34ddc0d9e341f9362bd12ccb6972bf0a479ad865a3dd3b8d9b072407d77872ee126def1937f39973d91a17f305a22727b4e28435e3b1005254974adcef5f9ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb7a900e8a839805ed19d40fda9416e3

SHA1
bcbf412294f90bc5fde58f8398d2e37dcafdec77

SHA256
afe68acea27a04abbba4b6f96f4e548e36d272437eb7ef61d339fb971d069d94

SHA512
dbd49c42463c809b13eb3ea81d46eebf062080ac42074f567e2cecdf895b96d2e223068ce0875c8accdc60dbb35db39576d70ba1afdc74a358806472ba49fc0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1546afe335978e0a16a4c28be35855d1

SHA1
936c448d5d5852f85945e1d4ae348797d1262d9a

SHA256
ff302fc1dc516b56ff3f6583824e3cd9abd551108d6ee762ea49fb426dd400d3

SHA512
a9cbc620e3b69ff8abc0b83736e36f8ed20f7d84d58564ab442389e3f1615a4588b56b2be43933522a2ae0887558e75d57b823edc4783e7ac2df7749f96294fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f0913da726bf0f0fa4175f4a80b16d7d

SHA1
f9f098c55acc87d056200cbd5b168920af8cf3f1

SHA256
a59e30ba4c94661fd90da70fa4dc32aec73d8ea57ba10b34852618f067f04aef

SHA512
5ec8264454b0888c54e144192ce1058a0d13a002f1316331299c7d0458f1cd07621b30382147f0df7248caa9d2f3e17352aba0eea00a217dd50391ef5683b0e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
5493bf5856f111d297a447b38753774b

SHA1
4bd29d2beb6261b41e071b37e5e6946b673a4d71

SHA256
095620a07cb7643ddc3903ae48f537ea5be1f7d4943ba3b6c02ac8a819571639

SHA512
99f0a586f7188b523e06a4b9d7291dba7ceb88436be5551852ad4e6c504cd84c259fa79abd3a27e9956136ef87dc6c2ee17199ec0f5dc7eefc678aced7cc0e81

Download Submit
C:\Users\Admin\Downloads\XWorm.V6.0.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit