xworm | hxxps://gofile[.]io/d/aVrwVf

Analysis

max time kernel
911s
max time network
845s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06/03/2025, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/aVrwVf

Score

10^/10

xworm discovery rat trojan vmprotect

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

WEBbdsdrbwhcwXPr

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

127.0.0.1:7000

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 4 IoCs

resource	yara_rule
behavioral1/files/0x0007000000027f74-553.dat	family_xworm
behavioral1/files/0x0007000000027f7b-563.dat	family_xworm
behavioral1/files/0x0007000000027f7b-565.dat	family_xworm
behavioral1/memory/4120-567-0x00000000000D0000-0x00000000000E6000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Executes dropped EXE 2 IoCs

pid	Process
2488	XWorm V5.6.exe
4120	XClient.exe

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x0008000000027f30-522.dat	vmprotect
behavioral1/memory/2488-524-0x0000020544A60000-0x000002054696E000-memory.dmp	vmprotect

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm V5.6.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857033678492407"	chrome.exe

Modifies registry class 53 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 7a00310000000000665a2f18100058574f524d357e312e36425900005e0009000400efbe665a6717665a2f182e000000ee7e020000000900000000000000000000000000000025ac4100580057006f0072006d00200035002e00360020004200790020004e006500630072006f0077006f006c00660000001c000000	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	XWorm V5.6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	XWorm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	XWorm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	XWorm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "6"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	XWorm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads"	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "5"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	XWorm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1095212214-1383118828-1037266802-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	XWorm V5.6.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
3800	chrome.exe
3800	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe
2488	XWorm V5.6.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2488	XWorm V5.6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe
Token: SeShutdownPrivilege	3800	chrome.exe
Token: SeCreatePagefilePrivilege	3800	chrome.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
2796	7zG.exe
2572	7zG.exe
4036	7zG.exe
3108	7zG.exe
2488	XWorm V5.6.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
3800	chrome.exe
2488	XWorm V5.6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2488	XWorm V5.6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3800 wrote to memory of 4604	3800	chrome.exe	80
PID 3800 wrote to memory of 4604	3800	chrome.exe	80
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 3836	3800	chrome.exe	81
PID 3800 wrote to memory of 2024	3800	chrome.exe	82
PID 3800 wrote to memory of 2024	3800	chrome.exe	82
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83
PID 3800 wrote to memory of 1416	3800	chrome.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/aVrwVf
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fff31facc40,0x7fff31facc4c,0x7fff31facc58
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4744,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4660,i,5638238100668998160,4940953590741670938,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2968

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\" -ad -an -ai#7zMap31675:106:7zEvent14217
1⤵
- Suspicious use of FindShellTrayWindow
PID:2796

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7715:106:7zEvent7083
1⤵
- Suspicious use of FindShellTrayWindow
PID:2572

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\" -ad -an -ai#7zMap16430:106:7zEvent32601
1⤵
- Suspicious use of FindShellTrayWindow
PID:4036

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\" -ad -an -ai#7zMap7429:106:7zEvent31679
1⤵
- Suspicious use of FindShellTrayWindow
PID:3108

C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\XWorm V5.6.exe
"C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\XWorm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2488
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\hppayu1q\hppayu1q.cmdline"
  2⤵
  PID:4696
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES20C9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBA42539E640D48278D43D48897D6C45B.TMP"
    3⤵
    PID:3220

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1868

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x488 0x4e4
1⤵
PID:540

C:\Users\Admin\Downloads\XClient.exe
"C:\Users\Admin\Downloads\XClient.exe"
1⤵
- Executes dropped EXE
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4385eb215c4a917497f0abf08c1d783c

SHA1
9b8a04b5087497cdd9a5a156135de3ff61de3981

SHA256
0aadbc74abd1ff8297ed9168b8d11ac3efab690047279e5725e37ac658153b6b

SHA512
ec13d86224029bc5b66c287e4fa267c0f82d6814ed5c49fbd8d1208ef01a93ef1b3ea55ca2803e1367f959449b261cf56cfdb106aaaee0179286a4ab5d56c261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7f3031514a067dcfe511bf1dddc6cda8

SHA1
df1c27a714559f1b19b9695d445b7e7e0ef2de3b

SHA256
de19af6b74805ffb8e2a24ef343ef1d6a4e8090e2d0f10b378db1d55a0ce6935

SHA512
3727a2608ced6a96ec2a6b84928ed955c4f1bda8e1b4dced4f1a054d8378f7dca543b0b5c5b23291c018e4cf9d20a49653ca91b2b15a830ea5c3bb8daf052418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6d11be9d5d8567eb1e87e2314ed4ef60

SHA1
b6390bdee6a200259a1895f136339788c958eea9

SHA256
00cac76a535f823c6bed933e8130ff658f64e6127bf98f819868a624175f6272

SHA512
f4e1fe0896d1960b00fdf0bdec21486f47023a8d826fac3f16911061553f771fb6d8da7eb84a40916f9299cedb1c15f2c613473d9df1a5c8151a863a01edbf75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
bb56be27601dd79380c17b573995a4f3

SHA1
d42f70dda774f0ed886c9ca1bcaae9e356253e2e

SHA256
8cb7e27c315f0a8404f2eda09bcb18cedd5366d278c5f660bff22523d62fe1a4

SHA512
de8466b95b0852d7d70f4a8b7807ced0bc88a9ff18705f3de0585e0acce24b338ae4885c80c8758764a890fe851d00ab10a8a35a8ef0732aca0b91827f2fc3d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5a1d7d096020310c01a7f8222d478806

SHA1
325da229592beac8a51346d463cb5a8c3109e54e

SHA256
fa8ff256b3bbd52979d1bb4f03bd460939a88521ec795afe3a9a48358bb1aec0

SHA512
dfca4b2c39fb77ce85f35435bd1d67624b92de49a9e6c814d07b5ad6c27600496eba5d52e5dbe0cf1300ecbab807a4952c64ba9a48b5860db0a84cbdc993adab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a81c880dac27d7c5480af63e0f9764e

SHA1
fa757248cd39d69a014e7afef7b8ba1d6ddd112c

SHA256
de4f6f701f3a2dd7273b3a1173f24a59b8842e813858d00aeeff52f98da7ade3

SHA512
ece5705e5f606224eaf703290e3b37f92c8ae8db68f006e5d1dc81f8dc4d80d59af3a7b1d5e652c91ad3bc13f8392aecf4b31ef5b2290500fcaba08152df1904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a93a2876471e5a2b40a6a3e7d2a498a0

SHA1
0df091c86ddc87a303ec1d55be468850657ba88e

SHA256
dccc9050025d952354ca1c75b50d3e4109b684e00af2137a712f206785f534ae

SHA512
15d98e20ec108040c1a2c94b2018c5f85d1de73e29daead445fa67b057b8bb8037efbe3ec71142929d77b2ac6c843e62574cffd8d6b99c94f6132434223d2119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76861eedcc87657d4e3c81104d51de83

SHA1
a412b15a9882d88df2d7f4f22156618aed9bdfda

SHA256
6cef54f855a5938a9432233807bfeb09dd748d813e1e3c2d31f66e0ac97e06fc

SHA512
97a78279bb22da658695e35b389c048cc59a0a084d579953f080ac4dee905a735640ace8bf3d5f2fc44daa5e4d9d7473635ca3dd21a446a053a44d22cf661de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
548aaaed1c74597d01f752b282ffa1c0

SHA1
d35aa9c0f21c5cc68660b898155c750c0aae3fa0

SHA256
af9eaad38725bfdc06ce721ed7035f9ffc2f443eb24311ec96146ef9f1a21b24

SHA512
4a4f116a4b827dc76e167e3f0f2a61d3ff18865eacea0ef5e62aa75bddf8e13dea402bf4138c6d6d3884f336927ffb8903f6312133f177ceeb553ae7418f90bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36c16d029f8afff0395b7c54819d557d

SHA1
0f04b404665e22e31ce6362a71535e5a427e483f

SHA256
8cce58e564d0999a7ac204102e82edde0a0bad043c50674ea8ceded543df0a7b

SHA512
00a3c7e28de07a01dbb3afa5e49a46a8c9ca73ddc31f01f3bbdf320d78cc12d807ce11894273ca1f9506d770fb8aea50740d936f69283af73235c3c02a5c0a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc3001bf12c44ae0431a62a10fb506a1

SHA1
27656a044922a463655b90d93c99503990584779

SHA256
656afc40c58e48c4a47de1660b76acebf206e2f94659fe2eded3714af786e39f

SHA512
d2257cc201470550ba942d4084d3301a118718d7a1d00f4e282943b7bba94c277e0b985d68a05fd2aa68498d9131d6fdc7b3a5c984f4ccb27a75de9dc80777f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa60de9efb5e7b40de1c595d070fa391

SHA1
4ef9268204e3216f0412c403a4337308eb48f1e4

SHA256
0ecd7d9f0e4f4d96c519b87b10aea416c0dd241a2a5e2eb7dd7c14ea3f0f3ea1

SHA512
093b7c7a630ba6082df69bb040704ba5ba6c8017e8c766a2a2280d89a143fcb26e7794fe64a772f3e0eeb00271ccba5a9fc32432b7edea15c478571c0f339a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcb991a709e3d1d5c742a668e313cadd

SHA1
17f16bf4a41503971feeea5329b34edf026a3460

SHA256
a174a7e2da90c01ccbe3271c8ed9e17bb4cdcf50792c89a4519c5f5ae2b86ffa

SHA512
d1ca3036e93396f9eae3f66633527db818a26b79af43f62f43392c93ab7597897b4b6009b1b6ba2337fa650207e95314c4cadffe34ed14aef184644566041b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5556becb413096a528006b73570a4b15

SHA1
13a692be15016768b21b76400bb45e5466453d5e

SHA256
1bb53d9bd70f7f70167d82a8b9c9898b2db7385e5dba43f983729974d178790e

SHA512
74465fe56d2371753e9ee1290d3920b7cbc45c99adb41d33d8a64b2d35ea5af126c44e5e296cba5cbd7d5cac82c6624807a54b352c488d045db0621e1fdfd892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20a0e41cd856c91f5b5176330a4e9dd6

SHA1
40e0aca75f24b4b846a8a9066a67e20cf8707896

SHA256
7e3daa7c15548918c6f635160198304744c2d8c3a0f69881b9ba33fffe1693cd

SHA512
71cdd934c8328134029f0e08427255463cdce8cef662baeb7fbcdbd27e5e1694e881e60e69adb1af37ffe0e792c9d411e9edfe0fad9c1d230033b15ca466b1f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bf06983a71141627c1a7d9eb79d12dd

SHA1
c8e1685c6062f0ea280bb2b434b68610ab2d81a5

SHA256
be830a583feea4399fe8fca857dd623f113f0a3ec7151a77cf111b4ecde022fc

SHA512
7abbd7f192a61aefcb4962acb78b179fab125302579c337ec554204a950dee91559806466b3c3575a62c076436cb71ea86c5609408cb2fd2f526cf7f0eb32778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba8fa5422ae69bfa487fca387efa9744

SHA1
71bf483506b910d0889225a4e979e30e3d02f571

SHA256
52895a34080abe17d00e5ec09b952747a88787fed2eb8073b768e90533dfb15a

SHA512
d2e9ded599dbb30031d0c8e4470ed8ef5227ed648239f5286424cec7db3c214f84308a88b8f41dd9ebb5c1c8e00f581c332935670e62de13c724b09fce44d0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce987a1cd311a7b17d237813920e931d

SHA1
c0d40d4bc50a6ec889ea64e5ca9994724d750ff0

SHA256
9cec01dc90bd66fb034cb4ae3f8282ef06d574519af3ee1693546bc5754503bc

SHA512
2457c0532b3c5718c206340217eb9080b19d1d15f5acfb72c29596cae3f5fcc53346d5cd01f4d64c678832cd47d025189c12d7cb1f75ccfd9be18aad025c0542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d249fbe9ee6670b10bcfc9cbf5eff45

SHA1
198b40305cfbae57dcb8c1392e9ba23a19d0ce71

SHA256
2c9d72dfeee72a57d348ca67a1dd8c7cb8ea7734f7f3116142a2fdd575b9f994

SHA512
399105b21ca4316b79295e18a1fddb489c4a50adaa0e6d479348e67729aea26e1e548d6fe0cb7762adc0344741bdd14f642b4a7a8d8a26b2d0e1ef7131edcc9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9a16c6f0318255ebe40a00a4eb8eb5e2

SHA1
670458a87fa10c7802e38a03d4bf65259c0a2a74

SHA256
a6f35dc0e108c0d7c46867d9282ebf1a040933688ed1c3c8dcfbb9d54e1daa2f

SHA512
9900a5a330f1220ace7a6e71a290f41ba32612d7c4f9bfde0363e03b18f1df59677b6cc207cbf98c83d0e38cf326951f5e6ae45227b260b3838c3ccfeb55a442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42559327ed0f86dacded259686dc23fa

SHA1
cd3d91945afa6b53a551d92c8586564c7ec0e447

SHA256
f82f898dd5a986c1b639e0d0563f8fdbdb4f307c74b62d599ed935770a7b86ff

SHA512
d1a36898c26cde961c915bd02e1e1d2f9c709e0f2473a7ed956dbca8fae491954996080684d9a1e58e1631bd388b0fb10f97b4241e03b743cb5725b221be674d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec5350ec4ba5429aa4c20ae6c9e62681

SHA1
b322e14c190c20ad2fd06b95805f4c176207b36b

SHA256
36266cc63c480f650298e2bab2c1d8196a7734bde54c0f89dbb862d58bf502a6

SHA512
913f798b4affa8f15ae8ccac7e17c58c3c42c3de630b2e07a979fe369c442064500d54c8e3889414151a4845d5955abd0f3d501eccb2e625cb0bc52640b6d6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a119424241a13a73897333c308df7703

SHA1
04bc0f1cc2c41bd3ad53c1119ec6d4d17869016c

SHA256
1a1e61a48b399871498b337634c6db42e87ff8b2f42dbdb57ba3ca41adfbeaf6

SHA512
1c51716918eeaca6ad4a73a1382872234fad3652bb795a72549f9079a4c2e2092bf87a574b0e9547c7e8927d15af3be55b9b028dd9d2be4de30dbbe33bb8679a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9de80368a12003fb6b08761b9dff1dd6

SHA1
c3ebe2401a01b7ad6f6aebe3722bbe0d638c8c28

SHA256
3386c2eeae560ea51f3163681e65f123e8f21b43eb8445627ee9982f3655e220

SHA512
0a4bc6d5d7ffb34a5e95b719cfdbe1342fd22a1fb982676f30ffb6931854a67b4f3a11dbb9eb0912b614dde587bf2016762ec16183a05b090aa0b470fe0f0d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
900559c970202eb39264c2eb1bc109d4

SHA1
64a16519e59806fc57f0b1a768d0f51e6f04e947

SHA256
c23b0816828d12e9f63f0026708f033771e49ed4f8fad8a3e06d46b496c1b3d5

SHA512
9324ba608c60aa393eb21ddd7df994e2ef147a78864b2a2b95c9bb391d0426874fffdc069e15f86315560220592db3dc1c5e05f73ead6c3ec63d8900360d3027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f11b4b292602cea8c390b6212e90b05

SHA1
a953369bec62d1170c51ca227271fcf09bbd2d1c

SHA256
353397e4d0f8d588cf62057391429a1504cb8bc43788672d27c3ecb34ddb64b7

SHA512
d9b86756c566342b2ba39922149ce66576e8612e19cc5f8112c65527d9dda468459096d71177e26f733e8131b87bc94dcab2c756757af7e8594a9e065efe36d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75ee7d8e26f6878d69fb83f25bc0daad

SHA1
c405a5a221d0294bd056fd5fcd246fa970d73ac1

SHA256
337fbefb3f36c24562db34cee7fe46cbbf77ebed4ecf06f085558b345d1d646d

SHA512
3ff63b3897adc347c7b0f00ab0bcacf0fe3e1f4e3b1424418f11066dd25ab48aa71b1f03b50159faec8087fc25667f85e5fe9f764c7b5a5f039a091e3ed50980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fefb2124c7170bb836a399fac3d668cb

SHA1
39bcc77f50495784f2ce97a39a025c13285fa4f0

SHA256
4c5195c10cb91b05b24c52ab2309da52be1c190168072f794cbf0869853ed823

SHA512
f6c39ecaf585044f46af27de5d4a0f67efdd12ba4de8ce4fb0d62cfcb2fe7949902aef348039bfb18bf3bd7080e3b11123fc9b82ee0c2b9936dbe8abf298cc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed9913ff657911f270dad776611ffce2

SHA1
a07915f90302cb5af8ddff27180d6d7ce2bb95b8

SHA256
46773e8db622f39eb4b8003cb44f1e881c772e90f466eb9b23fe446bfb09cfd3

SHA512
4942d1aec0767f11560f503a3dff91684aad66d271fc2d299d96ac720d7d5b6e1ff3335b20b4913f7f3c41a613cc716aeaf05528f32a2d1f51c37594f3011e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab5351dd104383a505687afadd1c7f72

SHA1
7f0a9ac9c85a25486ba6cfbcea8adc0625c9298c

SHA256
1de5d1c3e7816a9ce5003138043c4e512db69076a7b4c4fd7fdc41abe94ce58a

SHA512
93241754a52c36e86495960db31f4abed15bb35188c028f0d2d41e76819443dc25c4554a8bd3f195a146dde35c091908a969f38fd0fc73bd75008991112677e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5505f0e521c88a0947b3a312c9be61fe

SHA1
fdb673b95c9b4617461b88a32ca1631ef3fc0b51

SHA256
f23a44b5a988bd75b21646d8123fb2419169c70aa585ecec6b6a986562664643

SHA512
398781ebeee541f28bdc455a19602cda052e0bb8ac2712c9f22a234011cafda6ad85420f1bf8cc2d9d1a18dda73ac428a95b7bc30384fa7a2a82aeac81ce8855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5431172aa9d43e6be1baff58f607f603

SHA1
6b9efee266f38594e10b3052bdb6cdd396deb2ea

SHA256
1eb91c05d7e9c6e9584c1ec97d05c7d3ef798f0975b2797f5ebe76240a04a0e7

SHA512
ea53c6ff6f06c33b3348539c3c2ed9aa47136e156636cc5966512a8f2bece3a7074c0d92afe34738530dc33024d908e6450a82ee941a501b5a3d205c6d89e545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3539b3dbdf05ef3285cab8cfcd27cf5b

SHA1
d24bfcd57fc6f86aa09529da47247d20aa560c5d

SHA256
a960faae6af700a9fb1a80ae65a319468b5bda2b07ec620ae4e3c0db772902dd

SHA512
32610a9434c347bf36defde7e5471176588eed360361d83ae2628ed30e4c97ab9172963f25c6d2e775b0ba7254864cbd8e9f06dc12732d99a8820aca2d5ab24a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebc097cc6f8164a2f9680d13fdad93bd

SHA1
09916994612c71b925bfa42e0a1f4eed84817f9d

SHA256
0ece7b374a53fd604673c51970f1d21807cb630a43a32d2161b7c025c590d72c

SHA512
89e3bf10fe6e0c3d801bed7ee000c357b318f3482c57e50d9ecb8849acec0ae59b0e23c5d7af452689a1e0597856b5e312c763a4846dc03a7215266f8f017089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d96fa223f115eeedda019daec0adfeb

SHA1
e753f991528f048e73ccc00fa07e960681068718

SHA256
c09d0415f81567c70c05cd692ca6e442914c780630d55208b6442b3f47589bb0

SHA512
e1e84895ca5e943868d2223acd2223436f8efbb8ccd56f19ab0bc83ce3f7734e2a4298eb8cea13946a405ce071bdac607091f83b7b432ed822fdd5559ed1d581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd5a4fe6818c696b7a0049d4a3e2010b

SHA1
f103854e7cf66368257c95267747f9944735300a

SHA256
204b3bce08d3a46c9aee57870e16438e8c70dd1d2ef0c2f8b30fa90762bf47f1

SHA512
9e78acf17042e3524398c726a47b853fd138116aef640fd82e92461acb52ee2ca27e5353097aeccd73c1d747893d38fda34534df9861e6af998b5ba66ca68d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b98aa386b7dc0ef64274a93eac278df7

SHA1
3c1f40cb2d3198e726f3855bf1a30ac90c1919a0

SHA256
5f69feadd2edb1d21af54b3536c3762256361c1225760029ef18a7dbb6db640a

SHA512
59144c65b4782cfb0f0fd5a58596923eb2f032305a9946278741488fb4014d982827ab986cb5d83f842ac1b295e58885737ccf0158c52b3bf3410b059633ab39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f350dbbc1b26f0d4b3c46d2e5ae7724

SHA1
fd9ecbc4ac301f4958e3cfc77293e4f1469e1fbd

SHA256
8bd50be6efb3c52d49b524a38616a13dece34ad8d2466876559805260bef3290

SHA512
6819fd23807f0e0958ba242eb651838dbe1b5da9b66bcc3b9c099ee8884ef5c01d7673212120b5be695a908888e2372e1f3ac59ed2ff1c6c50c8ea53c62b38e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d151d53c89f5d7ad8f89e04d688d46b9

SHA1
891046ce835db92530c8c97c4f570c063be9cb84

SHA256
6fc5d82285f4698c867214e9acfc37586a6fb2c131674b73f36f66668d12a53b

SHA512
dd8983425d4d31d31d4e4bd739fad2ef2147f1e8cb0fc7d5b5aa429a539e2107d3f4eb09b3502cb08761dd49c8e80c964260fbdae73baae72fd7dcddc0420dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b0db3c2911cf934613e58230b1a42bd

SHA1
542f495d8fa9a1580acb7e04a25f520524a024eb

SHA256
060cf52fa47ab8e9a3a33cc5c0015a6a1e8adba6b87b4c1737a481a6c47c5c04

SHA512
adb48d246b4e5f12bd43c758f69db11301418008415403c48dd71a10ed88e9ca00263d12b4f23e6403f5a97f0adca606ff05b06cd4cea7600dbb6c54a84975ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0acb6d2fb1d5c51cdde5ccd80c251380

SHA1
22886fb153b127649bc93be365aa6ef25a3f893a

SHA256
390926ad104354d748923553290ef1eb6b6d6230c1861796cb8e5839546e3113

SHA512
06941f15ff43fd91aead0eadc09f2b6da11e6fbc15ac631e7a7cf8456e8cf31ad80185b14d7ac59c6e5f2cbdb43bbe4258a28ff5a1874bdeeedcf5f29e88d16e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
961b1aa616830f2fbe38bc2e9439f772

SHA1
f6329ababe28d24f444dea8f90ae373eaf513f21

SHA256
a2f57985c032aa97984c218848bdbbdfcc9ba560b16cb0c4ff224ed1893aa52d

SHA512
cb0a25aeb4a00ed3d4d3b812b7c9a95a5351b13ffe392f60dc4cdc69050f4576cd3caab4e02ecb4520b28a02a2e524c540f8657f5699380a1e5f01c48cd678fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dda72b71254a654dc668b68dca1b0ece

SHA1
00b4feed75ece95e1097640b708f859024b3e3e8

SHA256
596c82ca53343bd61ad00f133cb8dcad96cbf098a0a380fcb4a5d98343fdf1dc

SHA512
b410c1dfb52fa24e025157e0c3a59e3d6f73ad480bb1ccfdf380ee645265f2ced6dbde682fb46769bfe5b22a8793eb652d43911bd04cbc35f4fb9023806a58c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
637b4425a64d640fec78376653b2d12c

SHA1
3c58fee21ce90957048ee08a8746d682cb5e4eb9

SHA256
fadb8dbc3ddeb00ec2a3cdcbb1d6ac1c4553a6aea7d477c210f7c31447858d83

SHA512
2cc87272216dbfb9125e60ff55a0af86394821f34ccfab2ca0cd13150259d76e54c48374a578225342bc9061ee244c2c8e3855ac9ea69c0c7229d072a84a2405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd4579cca411e9d52c96782d9bb18f11

SHA1
373ed84abb7cce9777e39678d9e5c88e53d737c7

SHA256
c3a7b3d6951a5ce155518b3347960e96a002aecb8ccdac643ac49c652bc2fc8b

SHA512
08310a1f359e1d365fb302e6dfed72c917007c0d9a624e261443891868ff5a2c6fadc0260cf97a8846d3f430797003d7898cd04b51d217369c0832a138e5dd52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa0f77197cf2137dfcad31301a248b17

SHA1
1c843470b90b7bf74ab697b731901304f4cb531c

SHA256
24cc28bc405f29af0f526675a648e9f4047838174830080ce436dc54ada374a0

SHA512
6315cc59a98d3eb5a9257583e5f5aeadde5c59f81bef3e05594a32c9f672398b6acc4ca0bcd7352e8a00fb3649f62a55f256e5c2e437bd9805089f226e844ee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
0374392d7814dd1623723144c38917e0

SHA1
bf60acd14ca6b0b724343524b9378db9db635165

SHA256
b462a5de22cb465adb3b61e936543e52ac024a95b41f230959b565832c3ea789

SHA512
bb33dba230ddda69e4108c410b3cdcb30dbaa7e7510bc64dcdc330d5b08e15efcc7893600d9f0dcfebcb549f4d6c807993bffd5ae4decee9be1423f325f30366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
83cbe08c344cc462ad188cb59f0dc2e0

SHA1
8cb85b429146dcfc09fb84fa9da9ab21741dc898

SHA256
4b132fb56e208c525b1792e874317283888b611c18ab416bff5d97c092545d0f

SHA512
de01c88188c6dfd68ffc2363ec67f4bcadfcb6156be55c4569cdff6f79954c8b034cf1818b2051d73422846124eef76d36c8ee02a222458d3fb27cc1710f2297

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES20C9.tmp

Filesize
1KB

MD5
bc29eb64df76529bd4d392514395cff1

SHA1
499ce53aaa7b11a912fd43c8381defafbce65379

SHA256
b78b23609811a72d028310e2f2b162fd3c4ed4657c378fb9d4d41d86e9b64f88

SHA512
26fdfbe395c9f42259d140ee3a81b082c802985292abaa031f5a1ea8403873222da0e7dd7ac6a5aaecc0c131e835f55bea6dd8967ff8a9f9fdd9731b4308f62d

Download Submit
C:\Users\Admin\AppData\Local\Temp\hppayu1q\hppayu1q.0.vb

Filesize
78KB

MD5
db4119a13baec3127d376417bd864714

SHA1
f835b2d1b6e4de33be512cba9c4a62e089b6faa3

SHA256
31ce5417cc28717394c803e9b15139c8389f92d7670e2174b6b2fe5c8cbf9dde

SHA512
fd5460b89310688333d29795674f90edab7a600a8972c4da6abe52d02a70173c8a039f827a4528aabb26305890a64baf08ee4620aaa42ce9c1d11e71cca44b0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\hppayu1q\hppayu1q.cmdline

Filesize
292B

MD5
18699d9a5aed0867ddf8b0253ef9046c

SHA1
27c7bf5f9d360cc6ecc8c5d1447e9978730e12af

SHA256
9bc599c44bbaa13ba20390279f74beb790f1fb442016e9ec58d42b6d8d58cba6

SHA512
f980b6c4e6f9e891a1617f7eb02c3572e42a4d179b2048ae399500949527383890472740c66fda06cd881b3ab39ccd145b1eead307c0ed271139fe02aad0583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcBA42539E640D48278D43D48897D6C45B.TMP

Filesize
1KB

MD5
d40c58bd46211e4ffcbfbdfac7c2bb69

SHA1
c5cf88224acc284a4e81bd612369f0e39f3ac604

SHA256
01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

SHA512
48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

Download Submit
C:\Users\Admin\Downloads\XClient.exe

Filesize
32KB

MD5
8b660f211b7775e145dfa5531487a53a

SHA1
4be2b2388058804dee1a3a9838a38c5665f3b00e

SHA256
9dbec50756f36fa2297a6e29294b6ea54ce3c0b4a07f79210625def0374923be

SHA512
a4f7c46409a36004ea91d9e1518f70a07871b9e66fb6dfe41d1ab59ceff8e609e5744c37aa8815c6ef72ea520ce36acbf296e691c8b6173c8d1823c9632dda07

Download Submit
C:\Users\Admin\Downloads\XClient.exe

Filesize
64KB

MD5
e42bb9e1a05bfe232e93af453b1666fc

SHA1
b04b59446ad3a4e1bb864658bde3a1c45e40dfe5

SHA256
52891928fd3e386e9e48f162c66dd21e0fe34570e0a81279a192bc8bb1fa8173

SHA512
35a72432411732aab9803d7efd4055d014eaf0e8734dd52f42c9021983546e4964d105683d6e9614ccb5fcf87b4f68bc75b15fe9eb675b11f7488dee4c53f259

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf.zip

Filesize
29.0MB

MD5
c0241c872960312fd3071cff209fbc5e

SHA1
131e432ea6128bbfb6bc1092012d4afd8e2aae27

SHA256
20027c560483941c10d60098ea22ee973b647ad934377be62c88ee4acb2fc465

SHA512
085c3324c4994eab79205f3522b31634b1963a7bb02a52a9820bd1e80a2ee150d24c370fa619f8f421b1fdb8b185bcffb21c42ea6f7f1352f2202b6f224afac6

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\GMap.NET.Core.dll

Filesize
2.9MB

MD5
819352ea9e832d24fc4cebb2757a462b

SHA1
aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

SHA256
58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

SHA512
6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\GMap.NET.WindowsForms.dll

Filesize
147KB

MD5
32a8742009ffdfd68b46fe8fd4794386

SHA1
de18190d77ae094b03d357abfa4a465058cd54e3

SHA256
741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

SHA512
22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\NAudio.dll

Filesize
502KB

MD5
3b87d1363a45ce9368e9baec32c69466

SHA1
70a9f4df01d17060ec17df9528fca7026cc42935

SHA256
81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451

SHA512
1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\SimpleObfuscator.dll

Filesize
1.4MB

MD5
9043d712208178c33ba8e942834ce457

SHA1
e0fa5c730bf127a33348f5d2a5673260ae3719d1

SHA256
b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

SHA512
dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\XWorm V5.6.exe

Filesize
17.9MB

MD5
49f6c848fc3b1f32ed96b08bca221e53

SHA1
0c1da68ae22f31f61ded840a42515793e1432a24

SHA256
7926286cb142cc3d2511cde859dc78ea4d9a26b5007c80bc33879fc3e5800c0c

SHA512
1cb5fea83ccecf175ec1ed6e381bf09f915115458869f05ebdbfbd2a92b6ec41f0a5d004e0bf74a80ccc68491554bb7df95d10242f22ce1429a2bcff124b5ba1

Download Submit
memory/2488-584-0x000002056B9E0000-0x000002056BA92000-memory.dmp

Filesize
712KB

Download
memory/2488-548-0x000002056BCA0000-0x000002056BE08000-memory.dmp

Filesize
1.4MB

Download
memory/2488-578-0x0000020564880000-0x0000020564902000-memory.dmp

Filesize
520KB

Download
memory/2488-582-0x000002056BFD0000-0x000002056C2B2000-memory.dmp

Filesize
2.9MB

Download
memory/2488-526-0x0000020562700000-0x00000205628F4000-memory.dmp

Filesize
2.0MB

Download
memory/2488-524-0x0000020544A60000-0x000002054696E000-memory.dmp

Filesize
31.1MB

Download
memory/2488-580-0x0000020564820000-0x000002056484C000-memory.dmp

Filesize
176KB

Download
memory/4120-567-0x00000000000D0000-0x00000000000E6000-memory.dmp

Filesize
88KB

Download