asyncrat | hxxps://gofile[.]io/d/aVrwVf

Analysis

max time kernel
994s
max time network
965s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06/03/2025, 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/aVrwVf

Score

10^/10

asyncrat xworm discovery rat trojan vmprotect

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

wvYzXJB8AcoThwbK

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

127.0.0.1:7000

Attributes

install_file
USB.exe

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Detect Xworm Payload 4 IoCs

resource	yara_rule
behavioral1/files/0x0009000000028056-1100.dat	family_xworm
behavioral1/files/0x000700000002805e-1110.dat	family_xworm
behavioral1/files/0x000700000002805e-1121.dat	family_xworm
behavioral1/memory/460-1123-0x0000000000540000-0x0000000000556000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000\Control Panel\International\Geo\Nation	XClient.exe

Executes dropped EXE 4 IoCs

pid	Process
2004	XWorm V5.6.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
460	XClient.exe
2284	XClient.exe

Loads dropped DLL 1 IoCs

pid	Process
460	XClient.exe

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x0007000000027eec-420.dat	vmprotect
behavioral1/memory/2004-422-0x000002183AA80000-0x000002183C98E000-memory.dmp	vmprotect

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857468799021948"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 44 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings	XWorm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	XWorm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	XWorm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	XWorm V5.6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 010000000200000000000000ffffffff	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\1	XWorm V5.6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	XWorm V5.6.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	XWorm V5.6.exe
Key created	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	XWorm V5.6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3996797005-1442104920-3698332314-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	XWorm V5.6.exe

Suspicious behavior: EnumeratesProcesses 63 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4544	Venom RAT + HVNC + Stealer + Grabber.exe
2004	XWorm V5.6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
2004	XWorm V5.6.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4544	Venom RAT + HVNC + Stealer + Grabber.exe
4544	Venom RAT + HVNC + Stealer + Grabber.exe
2004	XWorm V5.6.exe
2004	XWorm V5.6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 5016	4896	chrome.exe	84
PID 4896 wrote to memory of 5016	4896	chrome.exe	84
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 2808	4896	chrome.exe	85
PID 4896 wrote to memory of 3884	4896	chrome.exe	86
PID 4896 wrote to memory of 3884	4896	chrome.exe	86
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87
PID 4896 wrote to memory of 4556	4896	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/aVrwVf
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffaf7c8cc40,0x7ffaf7c8cc4c,0x7ffaf7c8cc58
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4020,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3296,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4948,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3300,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4460 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4960,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5328,i,1345897405544638856,4987178926464484729,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:832

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\" -ad -an -ai#7zMap3468:106:7zEvent23973
1⤵
PID:3396

C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\XWorm V5.6.exe
"C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\XWorm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2004
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\l4mjacge\l4mjacge.cmdline"
  2⤵
  PID:3388
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1818.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc54E08887CF16427AB8F95E75BF65A55B.TMP"
    3⤵
    PID:4444

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x444 0x48c
1⤵
PID:1176

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\" -ad -an -ai#7zMap23398:110:7zEvent17985
1⤵
PID:64

C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe
"C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4544

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1920

C:\Users\Admin\Downloads\XClient.exe
"C:\Users\Admin\Downloads\XClient.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:460
- C:\Users\Admin\Downloads\XClient.exe
  "C:\Users\Admin\Downloads\XClient.exe"
  2⤵
  - Executes dropped EXE
  PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8448b6ce67f0150b81196c57b31bd808

SHA1
e84bc52b99252c66843947d26095c564863c75d3

SHA256
59bfb9e0a59ca8130b7cb2b98d006f718e1fab76ecc45730b92974154b4aa29d

SHA512
66a78520bfb6807d7262f31807f591c5db2a0ae182ec6100eea3bcc8ee7b07fd53ab7fba511c4daa0e5e6b9fbd963d5a750a7f3ab9d9e9d0c551cc03992a2b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e867c3da9978542c6c015880c1bd8907

SHA1
33c172e36cc71d5150c11ce25d6f26bb92a00e87

SHA256
a56f84e9d516b8e6ca7cb9201530fdc51926b4e5edc2722d2b27b77c44ea0d55

SHA512
57eda5c18717b948189f46be2e2f074b3d6e27fcdb098733897c0deb5231b8f5f724410effbc6d12ab4c42a261205742e9f82d25f54e446ba0a05ee49f785562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b1ac2ee1c686f687aa3049b9f3441935

SHA1
a8c51fbcd3c2f7ac53f771fa10d5b8743f8116fd

SHA256
8ee68841d2cf9f21239e406c1d21865db7544404f023e583dd01ab366a33f10f

SHA512
edf11147e6e12fed1daa80f17aa57f58b6ed3c06b748f740fd5a7849dd6d0b31572a1a3841d83ee98cbb9cdbac210b07488688b03adec65d2e293b03ac781b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
ad5b2ee2ef80c1e59aab3b5a6b6962aa

SHA1
fc87c01acc5ed488949903afc696455689fda502

SHA256
ab6ff32f5107cb56aaea1356d4f5bfdba49d56bc744946cdf5167bc4a7f1a7ea

SHA512
f96e00d59fd8535d791ca8c6fb1cd7d62e8f454a799a73aa27674000dae17495fc163d5766a4a0b0d3f540f4e410ebb72eeb3cf4ba010b484864171bce43f94b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
ba96ee84c2ab604af76728015b4f73ef

SHA1
f16b9cb6f1a60c13c5ac9698517e82e33eb317e9

SHA256
80757949ea64750bc7859e64674e3c27d670f2a6f7218224f330a9ed0c4f94e3

SHA512
4ccd592302051391916aded1578bed8a1a18ce4c555e4ae739cdbd855f71440bcf7bcad72960341efbdb8876475c4e6cbde68b3091a1c35ddccfcfb46f9d79a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5859807a38aea0dd2092450b312ed014

SHA1
65ad5787ef86d3566f7ae95288e3af91bf1abf9a

SHA256
966175fafc23efa8e15a64c9b61e0af6046a4fe713e3706fdce0b8ce4160ef2d

SHA512
4e40ab737668b08e78d6e911b387320da0ee0f25a935d7843d2944303f1cfdc0ac12a38dc94db6f72feec6c7d8902a3d676393f54653532b19fac6b1ebaec86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
976bff6ba2be691feec3fd3bb7a3bd73

SHA1
0ea71f068178aab4ce64e4625754e76ba0e6daba

SHA256
2aac6ce809a30067d9efd97d91a048c59be034986d3eeb3d5d46c312eaae58e7

SHA512
462d9a22fca82c643697392cdbe0d7625c9d18e0a08e9f106d3bd6b698eae312b1c44c040e5a8886006d7f97f62393465ec8027a77984c5246e8504e22e407b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66273a77c15d0c29f8972f6cafcf61d5

SHA1
e5ad1eb62d37c150da381a17c73d854448bbb683

SHA256
4a20bc137d11e731d9cfdc58c0645e9c5fcabe193299d66a0e96b3ace6aff38d

SHA512
023adced831f967a8a915514b53474a3fa6dae0bbda8458f52e0fd3f8488a2cad43c67b3086a15204ebe4ba1de3b63bf03977a999f4853f56cf1bce20825f5cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f3045c7820129176a9987cc4e571f79

SHA1
e025a4d54b8e08f8062ccd3d44896c4c39952a6b

SHA256
3e039326ad36b398955b3ff3a349b6cb1a32bcdfe82c5f5023c8882ba9656d54

SHA512
f92f10e0eb463f4c48440c00d914a8932a3be93db48e3ede0b0a359e71fafc7f340ff02c4d44a565abc044f319201f756daa126e7a23c2e59bdc768ce8c34650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
167bd8932f1e9d62c2499cd5e90dd88f

SHA1
d448a4d798ffb0ff90b7378085847a53fc9b210e

SHA256
7090ac5514f3264cd3bd3368c82f67cc34b6273bd4891809995ea8536a54cdd3

SHA512
cd4debe6d3cb3d1e14a5a2d0de699353a013398b1bbe0e8e7b72e21db68e0a8334e7ee37491caf54b9833cbd1981774030f2e66831766ca354b6729a66d8bfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7b1f3ec67b12c88e34ce29203f56d77

SHA1
7a686827a56d85769b385dbba0c8255ea75c2738

SHA256
18ac3b4417ede24c99ffd40fb0b3404979a9a5726ade4e59c7cd54400658e82b

SHA512
378b82ce6e00ad00c34b063cf1c5ced5f3659b2f96ff97b962b7531009a51a19f953538b9c5dfb70caef9cf4805b4cc68aeca4886cfa19809fabab0733958969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93ff3186e9cfa1f639b3b5173c6aec07

SHA1
ac849f31e4465b6ac33228c8003314e1adf93ce1

SHA256
b23793adddba1270efbc45b0d9473889edf4bad2e5a9b9fc928331b91e20044d

SHA512
2941d75c58a2005f6821aba874e7a565f09fe0c80b77de2e8ed953fb00c9c70330071fb2c0b65b2dba087846994696189694a1bef54f15ac0f4d95534f006458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31053b72a2d9d998af7222ddc18aaf58

SHA1
2db0a06da29d1b7d154e8bfc73232d5ed4e213bf

SHA256
7a9f1311cd1e4fcdd723c8b799148e26ed400594250a36cd6cb277452a1f0e0f

SHA512
3fcadba4911848fe89649079005c1c0b7a26d2dbd416f6de540a30c4b0a1a37c2aa3d27c5a314426f7322bf91a5c50f88ef3bb11b0b8e7fbe46f35b69fba85c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96c2f824ef84ad3c60eb277d5400391f

SHA1
6ca769e4299ba112ea574d363bf0479e3f42f990

SHA256
fd5659cb0b6813436a18a18e40bc2ceeb884872c5548d0d886074754258efbf4

SHA512
d46261601bf3f439fc832542b85761190028b6b7c2e7469024d4e1e1104eacf5b9ea7798d21abac118c14490bb40db285a0265c5e0d7a8f982ace21e81bb2b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
419386dfce4539a7b20f36282aacb357

SHA1
013bd8cbcbdee4ff47098dec32190e80bff31540

SHA256
8d93fb9892ab9894a312970179d5735b6fe1c362bdad1ef98076999ec0be2969

SHA512
6c26ee774acace7f746a9b9d61b2985d6a8759d6a688c445fadfb09542ab388b1840aaea51e47d454f397154eb412f401d7e3c1b657fc821a509db9415c570dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2de10d7e6095f81cf882ed4dd60710f1

SHA1
59962560c15a20df23fec74eb030caa81fb81a5e

SHA256
afaf0ffb872dc8d41375471d2176d631d9ff4f69904fcb1f0caa59c8bb779955

SHA512
7b81fb5fcae6f396e252b89578f96214ad6c4e71af49e8c34fe6bde464941281a034ed209a22084e211bb8d6696228e57097b88f3fa9720322d8b049ee73e700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff3996f73093ede49c38657b9d7c79ac

SHA1
44f39926c3c9d377175e2dc38b4ab1ca8e12c192

SHA256
d749dbebcf1b1e12564b329b2d211098cb330d9cb17061a487ba14deab1fb1ec

SHA512
1d4538abf5d945dcd1a71291604874c262ace2d6d11737d24fc9e7e81e471e4d5cfcadc1b5e30c69534896127099fe8b504473eee07fcc8bebca92a56c78c53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9940d8cd29c6ee7b520f783d3c16d1f

SHA1
7932f1b598152067cb39640c0fcdd3b60513cc39

SHA256
72d0d97a8e97f9f6376072b771938db3f4d26763d56309177076c989554aa8f3

SHA512
1fb185158abceec8fafacfdbf0f3e35358bdf82a2f9981b81f9914986cec45180ef6fb2fbb8c851ecff9592952d961b467082e1595db62e80a942110236bb780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
451417492761555f39f5c1cfdacdf269

SHA1
c1f20eab2872d9bb742574a24d56df355b38391a

SHA256
7f9cc6b43c3a474a8fa7c1d2e2ac7d0bb70c838d8b5942e944622babca4e0c75

SHA512
d95d88d2749c2a51d48a18a37bc18f4ae350f7f091385118e7f6383dbdb621e4b48d2826086679cb1435c13b61049d7bcdfe1f9e3fa8edbf1ea0ef6b016ee099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58d7c46ab7853d41eb011d7a7f92c107

SHA1
5b1aedcb4218ea7f531900572f6c2d368be0b261

SHA256
4ce526910bb25cde668568fd8b91b656b211bbd7232d7b631b1c6c55a640dffa

SHA512
114c81b992bf38090b4636e9ded82711302d195a96b1d9a978aecd3875970b454267c855f48e60283021169e3e25a1401996c3c89d3c760d852ed225c86ac9e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88eb84e4803abb90dd24ec899ac4fc85

SHA1
4c6481a2163dc337f6a1952ea8a842cafa9da7f4

SHA256
1c4e50e413b78b0eea2dfb244cabecce7c4272e0f3eb5789b27b723bfb8585b7

SHA512
a7bd0f0cdd1ff3c6b1199fdf5330b61303e091312d8bb28b3d32e2daf6c0a5550c19b1cca1b00c26a7bfd17eda2e4e3fad7cf34d9c3c24c81e0b0faa60d46b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a97be63e913c816c7e7b8139478783b

SHA1
4c6a54b24274ae1dc1a5aa6dfe40ee771994db33

SHA256
2cae377648a869c8739584d1da83df44967a8182775190ebef46339198bb3fc9

SHA512
0ec30796797fbfb644e57b3a62087015aaa97b94cc7cc65c590e9865e3c9136fdd0fd831d66abb0a6f67f1e6043cf54695a0b55a5bdc414ad1d877141b87df83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f4613bbf93cb89ed652cc6ef5b4d481

SHA1
11b29746afdf3c5b01cbe2ff71a85deebe8f249b

SHA256
89a5a513c7f977952fc3de600a3f2fac1cbdf2bf59e92c852d51a786fd43f7e5

SHA512
222f497caa2d61cd381553eca2ca96e85a3aaf11c7a33f12b8b60c0b53def0437fa66aac2d83c90ba0b2054d15baf21194f4c4dd5bb10241fcc9edf6a6af3e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b286712a8d90677284465eb7d46d13d

SHA1
7f7a76762518db094afcbb6f74a4a95ac88c591c

SHA256
2bbb3b7053f3ce45090a33d69a2b361907a10eb84eebec605cab0c7fad7c355f

SHA512
f614bb05cef497d7c8382addc5ef92efaae057a836c56c1cdc65fd0e1c682a0e60ee779f4383667e169171b62c01665e2c18fae43ded27eadbd1018332ea924a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4780f3232ab3e078fe7cd844541e780

SHA1
660b7b918c32a196d51e106e2d3bfcdce15d2ab5

SHA256
c4deb319353d3f1f7656087e426e8b8fab05a4ab3e064fd3fb2300a61670f635

SHA512
60a4138d08e601b6b0ec5b93852a6810e20e3c1f16d4666bf3c5c795c6ffa1edf12e9e5ea7b2aa6d87b96e5926aabd532dae257518c02f218fbfe59460607dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98f7cf25f263a36ee949da85bb6e355e

SHA1
b14804345d93c725191df8c23174a3cb0cd73e7b

SHA256
65bc88dbaae6c04463dd7f83f8978b6549dfa762e37d901c37c442dc8595067e

SHA512
0431ba733b894023a44f2d43b54519497c108ccf6430e9d66eecfb2603dc2018e0df15628241c764aa7554022c293f2075dd000f4ed947de0a75f85a9716a2fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5355b1b17da90d69d5fbf1bd97caef8c

SHA1
5b110b1dba1290ecd25ea86dd6c941a07dc9015a

SHA256
0fef6d6007ce14569d924a8a89d477930fab26a116e58cbd15f524c676337fdd

SHA512
5bb31d96e3f1fdbb64d6cc9e30ad37934d9a38b85eb782aacaa474ad3c682b7c07dba2b76a72f906b466016aaa6cfa3961d115f83dc62d5d64d340df6d5fa316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
751b2716c614afd9fad2c263d29be41f

SHA1
a7ab37809ffae25b57000355984117c81d0d0311

SHA256
97b989eac390aa7a79694cc23d64410c39f9e02d7ef18e1490de3747cb0dda35

SHA512
65468e4ee8281f484361efcb13b91c7b8c5dc77da43844e27a6c77b231c5ceb71c1c8da12be6c10621d96d9880c5a4cf70b27c97f825d127c379dd3a638e12c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5f8f74ad24362e9892a3fc0fca799eb

SHA1
f9cfbd713867ffcac25a02b3831e636b2842080f

SHA256
5930ca695805de80ce55a509a8e100616303d64a610821a5927a1e743a9ab933

SHA512
6e3b3aa267c3a2882ae17d74ac3b2c573283f54a43999dde3fd76096889d489f7787648becb3ba3c9cffe8872ee6cde6f6c16246680640624dd86639ce740bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a69b8bbb1b5ed0f551d757ca2ecef245

SHA1
386af25ac375d58256cf94370603dd0b6cb92525

SHA256
6ac3e9b39e7a66ebcde9e0d492e65732a654dc4d081a9c0944a9a7d3edfc22fe

SHA512
decdb20777c9f47639c45d7c925f85fc8f092dc19305c470350b68a8a94a4f6d4c1ded332018321e70f4a341a5ac4931083333fea61d50c272114cdab3135419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc01eebe9c243a004968215bd3aaa4dd

SHA1
87b3891a2d371cefafc44314f9aeedb897be1a8b

SHA256
5c5b30a160cbe82ed2ff1f4d40f8143d79091a2638aa70cd7ca539a5e8a55056

SHA512
97f592ce66251844b85f7314d3ff0694bbd3ee4fb02113b40d88a2d6aff440913ea30cf324a7239c14837ff5205519efa329f2d1510eff5c5275409f15895682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c16d007fbb4cb55867965ddd0f722ad

SHA1
e57a2f668727d6014771a0c573a5df92fd88141f

SHA256
bc00405f3577df624c1320865546b40f22cdae52ced1afe6f9fa75f2786714d9

SHA512
9766544fc8dd20ec746e64aeac6ee7f8438c149a34f4cbdbccadcceb05a6ac387e5355642943154c2c504a468a903109f5a4d51c4e77010369c2b36d14a97dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb5bb6ab4ab4bfce1f92c954f561e9b0

SHA1
ead7c40ac9e93b3acb7371604baacaceabf024c8

SHA256
662b0ed98347019cf59112ccf099bc00a96a92111d0d602e002491396f3218b6

SHA512
0b3bbfbe762cbc14a64483acf1804cdb69eec0e3aeeebe882060a4487212d7eb31cc6e9e9e0c883982eefa62b6cefd0f42f7b8a6e204922b91b98a2d636b5ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1edd590a408c6b3373ebf0f84b535ff5

SHA1
8907947fbac381c7c64cc6d66b2f07ab9d6d3f68

SHA256
13756d79564b9b4cbd400f2647b6c95df48abb6b7530f846744746c72aefed5b

SHA512
f67645eddc05f52c3181456a2733c5ec24139b60b4db068482ca31046ea5d69a804c1720ed45da70da67cc2a56e308047dcb5098f9e265da575f82b99686967c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
11b8cf4bae678c89c3d4dd712cb7b234

SHA1
e68f5dac413eff439f827eba92e081be50438dc6

SHA256
3948df67a0a153d012a7341fa5ff507bd15facd6e8e2531ebb75aa83af5652e9

SHA512
1da731f2227e224349f1dd74bff3a290589520bd0875cf81f34b17eec76fb5205993ad1dc3d6e8aa2a455eacbb2a1dd62f2cb00595aca048079167b1719d37bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcc5b05b3c868493dfb91667fb2cf8dd

SHA1
b0a5aedc120fd66f9894923a1d72493ef99b2272

SHA256
20fc7b7716b470ed8c79ac7129ba9ed4e1d04b66e5c73bd8937642897b70d558

SHA512
87ab65b8ef7d4c3b93fcd61184914e0905dd7d00f49bb81a2533fd33df168c849e136491cc879a67d3ad353515bd3a8ec838fee6fe5abfb3b67200fe60cc8469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0257820ffdf7e8c69b4c2db91146a4a2

SHA1
b542d6d13a2c20d5eb596bbc5fca65f8bc9008f2

SHA256
9c9a6caad3363d32cd90cb2bfe37b3d5a82d81429ab021177772698dfaf2cb2c

SHA512
c0b968e54b5620c78991462cd39fc612f0456e1430048aeaf77ba44fc270a34f17e75e7d10343ebefe317ca2fa688734d8f7a4bf5388e485ef68bc56d1cb8c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1f5f3802b0df35d45092efb47957ac5

SHA1
17a9244db524fbdb05636d0d03e6939ccb99d76b

SHA256
ad357c43a1dc7e25ef3078bfdfb45f7eb788c87fa8d150e4d31d35c35d0d6121

SHA512
63197e155960da77a10a8690bf58b67c0118ab30a59d43d915f6303ac9a39012f635e7d562a4e8a786eb8e54870271f4b0635aeedcee6af0355f1718ba03b6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
427b62bd6d142229967029cd650957d0

SHA1
b74bbd6d1e8fd59492c485e8f67041a2eddc61a6

SHA256
2413caef932c7e5fb139f2f18006c894a092d878da516b43cb74996a42cb571d

SHA512
9404223379e0a051713ba688b5c39f1335160e794a91c21994056c277dc29dbd461995a2f130b214dc0e1d89cc46ea7224ea9e15d318a66f3f1f9bc55922d8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06754701896f7b3ac6d114428da09227

SHA1
451cfa975597718f68151a9d6013fa6a57d5e198

SHA256
9326b069f4ef240458ed31b1aba9acba2c61711f0e6c2cbf75e9502e27358d3c

SHA512
f0daaf319c8647e485ae8f15124eebd08f470fcec818257d9d7218964309b30bcc07746bbde5f582dad82aec870f8cc359c314b42403c7a348608502e20cb7b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c276fb8f5cffcc35b4798560ad825b5

SHA1
95cea00364a2ea0c4c5096d6eb54312266637267

SHA256
abe4a5d3884b41edd088dad512daf880fde664b5a70c15b76e049821ad6cf398

SHA512
49d9d961bca71306ae1ea66b0758f5bb9fa99cb55e10bb30fdc8c0ef8518a9875ca250d97a975886ead74f5001b95c51fe94db159c34f540ede70d65e16dfb90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc2488e0ceadd364e7fb87daa726657d

SHA1
1379c12d862eba14bd55dc43049652593111bb87

SHA256
e39ece5e9ac6f33db165dd2810f5ee2b28147e857b63a15074591a9e1f73a4eb

SHA512
e61d585656c56503073c7fd04ff175e3606fa0a58b61b2e06279e0812d373f4c1c23e50623008eb7f09966a660716c3ff0423a4f29bd83f155e37121bf10f9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a660e0513c11c994b460e95a0757652

SHA1
edaa17466e264b42bfe1a6543376adc4f020e722

SHA256
014054306e9b783ffd71da7b783c914f1b87f78ba00f5865fac37e48cd629c0b

SHA512
7f9a4fa0ff252e10bccfdb13328b49e7e392a40ad7a07df13c0c623c565c97f21cde363b9e40b0f003283778f1c2dcee211852e14ef88f1834335b709f137ca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10a97b8bfd51aa6a1dbe20f082764d30

SHA1
8a9c259834a433fdcd1103b9267da5f0a34dd2ca

SHA256
d8c8e01a7ac3fd34235e4ce5d2d8536a658641517a67c4c5d2e8348cce0f7be7

SHA512
5bec2163807cd8e8b137cf6e89127e40bcc9318ce7bc69a01437dcd4a489583b69e5e9811d5658e287c79e062f6b7f9f94e43950866fda1d209a761c986cb3a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86ac4294ae0f1b2b70a0ea7b07753b2d

SHA1
6c09504b1d955b26e2b4edc10790725b074da80e

SHA256
56043f80be65b1d0e3f07d3a0d952c868162b2b9b526bde23faea55942afe59a

SHA512
8770611273160cd5909930a3cb7782ec2635334a74afc2e9f482706a51c53f5b69d46eddbfd224b155a9380e41bade3ab4fa86a1dcae4df0006a9dfe7e3fa4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1af6d7d8659b76403254671e87bdd040

SHA1
80525566b7973f4c6594d4a2b84bf61eae66853e

SHA256
71847e4848cc5e927626415ea87ebe8e2436c774aa9e57769bab9bafb89c5fa7

SHA512
ba892dd38bc56f64e32194e2c69ffc0078f630f82487776e6c179c689b2198bc6b53b8358519bdd330ba9a3ae8d3fc460800c4754013e576b73eb80845d1c5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddef7d6132159c68b583bcf539eaf9a0

SHA1
89a7b96e1e5f9aadab18fa3d667eb28151d99d01

SHA256
f1a0ff415289c39409ee08bfbfd32127d69a0591f11d2d0ae6d56b39444a1486

SHA512
3e14022ed9c6d49814e7b303eeab00150a9f99af43438bcb90400b2f5b3d7ced04aef886caf687a9e7d977a90da65d6d550ecceb4335db574c0211471c18df3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c3ee1964830e3d895939b6783ef9a78

SHA1
94332a82c5bd89b306b517cab52eedf4ac663439

SHA256
c75d4a985850057c46b0a8c9b4cfe90efe769a4e7055d5595e2cfc9ed39b52b8

SHA512
7632ab5df1b183de9ea4337e2e0cff8636f26a9f6f41b8118afcd5aa61a8813431a5d2f20be22e8c2ddf89316204bd1f7365f348209f9e36105b05a629e61763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f4fe2aed893f155ecfb997cd776b312

SHA1
f92b58bc8049b281e77d60d3f91df15f06edce59

SHA256
5fd7d7a8ca18f420d1f82d0af6391d671e3da5d9f089eed9c01ff943bbb02aaa

SHA512
3ebb61e38dd8664ce40003facd4abf64c8965148783adce35fd76a7bda5c362b1c24fa181f7b749e68365872eacb5fabd095efe1003a8a1b2fa85174cb806395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f83884eca2fb742c4bb5caeca656bf6

SHA1
53c6427326b06ad023f7500d22801449cbd2a598

SHA256
919c0c4d8efde8872f5e33513fa01f0fa39cd10601df4137aaec2a5e467c4e81

SHA512
f67d2064ad6f993cade6bbe493c21591215f5c167787089337191db757792759c6ba686a1c2d8e85b4e8b0d51d47f1080272ebdba8cc0e928fe29894fb5d0c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3cd03c5cd27d4d71ed7eaee9235e57c2

SHA1
df280e0d740e1b044e3ba6ce5817b23753206fc0

SHA256
865d05c9ef398727f7fe9511b7e1c74ccdc9daa73cb51811eb6cd3ce127dde0b

SHA512
8ec101c23377c83d6f71927a61a2c11af1b20b905ace52510e18f6c912d0de5cf51906cca469dedaf17f1bdd30154204b653ce8730d75477240ccc4383d73768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
001889877e90808e257ccd8d767b17d2

SHA1
5a2bb6336b83ba75d2c4b7a8b4e18c37724e7088

SHA256
faee256c27f79fbd6323fba1effd30874ae41acbe766c1da7f7cf994abc6f6a8

SHA512
5234527e6452a8aa6028cc2ec805eee20290f6fdb7c629bfc6505c4290a397b6d0bd8fba4040f91eb82118da408fbff21036d6dfff3413ca64e4d683f84f0693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8df97dedddf8112f4171b73c5fc518cf

SHA1
9617b4898a8fe05d15ac0791a7f5cea5443c83d0

SHA256
9c46780aefe0f72aeb3501189830e49cc58b02e565479c616aa31197d91f08ab

SHA512
db7eb65bf1979fb18020ba93b52197e5e81173806e476ac3f610d21b0d4f98c61299013f73f854aefdbcd9580a97284389d7f7b156cb23afa013d452a3043554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c6d6aee8-ee8f-4e77-8d64-be7e0083c824.tmp

Filesize
9KB

MD5
7deacfed83bae94593bd13b187d68673

SHA1
8eb47a48d4b01e819e686a50f9bdae7254a0085a

SHA256
f57fd2e1a172802b25bebea1584bede184be34da37631093e8c199484bf4e8db

SHA512
a23da04a495498076b18b21e97808f7c5b20c157d9519f3ea731941de35ad92bfd3cb98008a21997231b1ef9d32f6bb4113c070a1ee6694ee09e1c32b6ee3c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
cdf8b41072f35ba40c8094b95658e628

SHA1
aa562e2ac26d5359bf8b333e25a9af64e4f3c88e

SHA256
129e5eea1c0723c1c5d87e7edef8484dae67afc11765a0e4bbe2768e52ed27e8

SHA512
125340b26f4f28f8aec3bccb5dd52510b5473bc7df1ed4fb35a1b0a9ef9f48ac5cc1790fff33a9c98ca1a3334e6091712b47c8a1af361be766e457a0436a6421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
d184fc1050f0847b28f2bfa8665caee9

SHA1
0ca68c4b72a22b3896b10ba13c0ff7e99d1159de

SHA256
e2002d63566ac3f9038d1deb1fd4f32a28d04fc2bdc4bd8a640a5b55b566bacf

SHA512
758d2c30e59f687d7630c11654cc02e246c3eaa58f4bbcc6639808ef454db8ab99fc36faecdac016cdc9b32571144a93b8c8d81d750e291e249c81ff8a1b703a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES1818.tmp

Filesize
1KB

MD5
e9cf7e04700313cc86910922871fa354

SHA1
fa3a063b94a9443ce9bc6de19225232f24cc8758

SHA256
74d4ddcc584723115d4238111909def384ef4b9d071c3d91a5bffbca9b753e1b

SHA512
84f9ce3d1ea5b71168e625ec6ce848b5ad7695cf0ac9b19dbe144d60593accc3ed3541ce4214c8bc9248a0b7bd4f27d043b925e17d50aa3e3096183642c82d24

Download Submit
C:\Users\Admin\AppData\Local\Temp\l4mjacge\l4mjacge.0.vb

Filesize
78KB

MD5
29d402a0fff3f60fc6c5541fe54ff1ff

SHA1
2c7b6f8f170157570399405694bec2fa8c631dbc

SHA256
36c3150e42fdc4f106722d3b9b4f6ffd3d573e81015deca425cf8b76abd57629

SHA512
11c54fc8bf6cbab79b826bf8b341673cfd5160dca35e0758cd25c2a42add669cead956bfc641efbddf9d4cf75b2e24a7f5c090977a8c15ba7b79f86ba45ecb07

Download Submit
C:\Users\Admin\AppData\Local\Temp\l4mjacge\l4mjacge.cmdline

Filesize
292B

MD5
8c4417188e96c91ee4dce8af25e65c7b

SHA1
c12b4c230a63619700c40adf3e6426753fc4fcf2

SHA256
aed48a19fc387c787865d485bc474479b036eef4a995d356c977d6162682bdf8

SHA512
7bbdb975faec0dd8555c96b59756108bce19870d813626b88dfd3a1f8a5497581ac4bbc344697f379f72df221aaee0abbe0362d66687ecbd12557719de66af5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbc54E08887CF16427AB8F95E75BF65A55B.TMP

Filesize
1KB

MD5
d40c58bd46211e4ffcbfbdfac7c2bb69

SHA1
c5cf88224acc284a4e81bd612369f0e39f3ac604

SHA256
01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

SHA512
48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.Desktop.v22.1.dll

Filesize
838KB

MD5
e59c802bbbc1ebc554f3f7b6a3259ee1

SHA1
fdb4fa99e15d6519f18f7afe972fb2b128c5caf4

SHA256
d13e0c266cb9b98a911bbb87fd94cd9e5125e3bff93bb9b1032271e7507ef2f6

SHA512
34aa13fd54fa262405e68c5f915192fe02b9d2c6560f36c5a5c93ec399407b47996e2d4ed88c22286cc6d578a4356353a9540a729684272611350c4665119e73

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Data.v22.1.dll

Filesize
5.0MB

MD5
5c3017ec9073a7a4f3351440c3daaa8a

SHA1
ee1f73f8618439fc8a42f38b32760367bd5ce6b5

SHA256
e8d4940767c992e14acb77ba1140d5dac56683afe5096e1b08408b0767466e33

SHA512
5d98631f754067e659400183134024cc2a4c22ba4a43ddf592791e01eca5cf1530eabcc4ee34beb7507c56dd02a80ba4704db389753a3119657e1d822c68c02a

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Drawing.v22.1.dll

Filesize
291KB

MD5
cb877cd3b77a37f8e279fe7dc6b4ba6a

SHA1
a03989c1144a57e9088daa40f829a49298135b03

SHA256
bc0d40dcdcc9f3e2e7b7071ffb033811bb094cc6a63907c994acd5415b577930

SHA512
8dbbbe8606bd36c2efd4f456840c9cb5dd4966097f3a6a0e81104fe4a50695adf558612d74fd31978728455f699f6623e73dfd5e3fcd405e0afceebe83ddd97b

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Printing.v22.1.Core.dll

Filesize
4.5MB

MD5
9ec835a4e269f978eeefd7fd8bd5abb0

SHA1
e36a07167bd83d713703a84f3c2c2b8f86cd38f5

SHA256
e4d60cac9cacde3cab841854b4c5348df89a4e4027b62de09184a3ddbb81a5a0

SHA512
2a72b3615215b94d1b7fce3c9ff28042c4c02ec655e3fdc42008217979b65f39fff9cb75a35ac1426a78aa2f8c0c00354369cdb5b5df155efcde8651878de4d9

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.Utils.v22.1.dll

Filesize
20.0MB

MD5
07adc748684fd33a198f2dc6eea12666

SHA1
28f62a05673447a3a347aa6a01ae8cd518126956

SHA256
50cba5304bf0a620c119a610e73f545fee688462860706785db507110739a093

SHA512
893829cb3e1a27e5cbcab9a3b7ef290b1ec74cb21fc46358f2a08a3149d54bd34258046ac47387ad5777d794478230bf2605897e7259ac7a0241dc1272e121ab

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraBars.v22.1.dll

Filesize
6.5MB

MD5
8f335dc88eb706a7b50f45a3fd308dee

SHA1
1bcfb26b7e945fe29f40a1f2ad19c4be4d590edd

SHA256
3f31296a5be7c607874f4fd3e66df9d2c460edbc5c4b41ee5ce93534786310ac

SHA512
0d42472c287497878a08393b1b39608c0f466520b1ed9aac83fdbd25171941d40d0d0eb1012503894aaac5a5b64db7ea8d280df6d5f7afdd15490d4cee97ea00

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraEditors.v22.1.dll

Filesize
7.7MB

MD5
9a4fa4e33d64f44451fc4223a5616355

SHA1
124caceb4e82537403a4b5e9b21487c369b69559

SHA256
fc4e229d2237af90eb1b76205b543098ee958cbc7558d7a6dab41b5210fdaef5

SHA512
869b25aa356a957ba361b4fcc1b3aa8363e7bd23a577538f904995ebaebb8a249398e35cf381f5ba06baed95c8dd3e5d6e3aea8efe5ac8e48ca2482c9d549bf9

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraGrid.v22.1.dll

Filesize
3.6MB

MD5
8478f5aa3de612bd2cf5e9356688d0f3

SHA1
84103d2abee8976dcaac172bcb9e064dfd06a890

SHA256
ae22e7bebe5c4b59363c5980940c64608d1a35c6b5026e0e088605132187c8da

SHA512
d0f3cbf8144c733266e05b2513603f5b44bf6fa359bbff86c3d437e022ef1d6451ce7b3f335d116438346aeb3d93bc5a82a6a548a7b1795f72991112abe6750f

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\DevExpress.XtraLayout.v22.1.dll

Filesize
2.0MB

MD5
45d8d7bd5e30d8b5da44f6a60e331c87

SHA1
301d5dc4a8a1141234559df872ce219c1c7efccb

SHA256
e6e670bf76dc46e959f74b09d3c6e614b2121975456b00041e32bd7f5001253f

SHA512
23b303f287e0b77d221e8cd24cf2933d4976e9b61dfc9bd03c9f365d44988a0a7ce2e81366466dcdff981931099964ebc04293de2de039e0322eed9ac911291b

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\MessagePackLib.dll

Filesize
16KB

MD5
06247396be54c6ebb06fd6ca84ee80cc

SHA1
51fb23ff498a47c0be900ae43a7030f98794eb59

SHA256
669e42b6c6e94dc2735f281aa5b33c0d398b91960158ec556e521974b3be5843

SHA512
03d93f22aaf1bc0dc4d26b130aa1cb1668c14b854ff84803c8b2cc74625cda44970dd5be1b17865986eabb6966a7d65c226282becfd7963b72b8035990ffc299

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe

Filesize
14.2MB

MD5
3b3a304c6fc7a3a1d9390d7cbff56634

SHA1
e8bd5244e6362968f5017680da33f1e90ae63dd7

SHA256
7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58

SHA512
7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\Venom RAT + HVNC + Stealer + Grabber.exe.config

Filesize
3KB

MD5
a1c2a2870001b66db41bcb020bff1c2d

SHA1
8c54c6a3564c8892aa9baa15573682e64f3659d9

SHA256
0aa9e3ab5c88c5761120206eff5c6e35c90288290b3647a942059705ef5b75e5

SHA512
b3bf53120203cfaa951f301b532849cb382d2404c9503916bc1ca39925a9a1530b01045f341fc75d47d65130d0187dcbbf4288b9ef46aa81624b59ba7802794b

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\VenomServer.p12

Filesize
1KB

MD5
65efef16af8b2bb993e24ca1fdb3f3a7

SHA1
e205dcc888582eb51d0ee9690d37a7b75138f715

SHA256
c40f74c79715de4c5265dffd643d7bd5dda2caa09ca84e620bc78f7d27df51fc

SHA512
29581484c44849ccd0ad9bd2c9058fc56f3589019baf4b833a5fc8ceea0e488a357639c92cbaf977f74d5f2d59abb2b8ee7a607cdc67c6c14592b4bd9c3a5215

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\cGeoIp.dll

Filesize
2.3MB

MD5
6d6e172e7965d1250a4a6f8a0513aa9f

SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b

SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

Download Submit
C:\Users\Admin\Downloads\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (+SOURCE)\VenomRAT v6.0.3 (SOURCE)\dnlib.dll

Filesize
1.1MB

MD5
5cc2bb48b5e8c8ac0b99669401d15456

SHA1
02e9ae08f3ec364834eb3ffc122f1c90e1b0e95e

SHA256
648950f725fb0320e09c52dcaf81764916df96dc62e7429ba67daea0acb784ea

SHA512
2867e94cee9f89f1cf85ad01083d75f4bc0bc0e551b2ffae05581828994f2b01a458ac7a7c94a45e8c40858ecce197f7ec23482ee13ef3f1bf82b33b89b3b420

Download Submit
C:\Users\Admin\Downloads\XClient.exe

Filesize
32KB

MD5
87b50d5afe8d7912c0f3228e228a5d32

SHA1
ba128dca2ccd4a73b6f71c7350fb09fff6eb46da

SHA256
e1219691dfe176ce6405890dec3f148e1dfa1d07848a9cd9cc566af3e460f54e

SHA512
56e8f9e45de40aa8325e0b8763b02639e2c28352db67c9ed893882a713207e56755ad7d346e675890813a349d33c07744d386297b6c1b5de307765bb071c21fc

Download Submit
C:\Users\Admin\Downloads\XClient.exe

Filesize
64KB

MD5
fd72535a1915727391de95360b5a2701

SHA1
978210e7b492ba52fe248c55abdc7297bb12fe89

SHA256
50538988a9136441cd49ccc6f406bbd4b4e6ad66d6ac927a96d928dda4c10030

SHA512
0b049f4b3030074f6ebc1c5d3fbba4f31c7c2f7c0eb890324a5ee5a3a096508f7f915d3671adde0ed81c8fb7772d8dce65548236acbe5bd7ad95e61ce9e79d43

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf.zip

Filesize
29.0MB

MD5
c0241c872960312fd3071cff209fbc5e

SHA1
131e432ea6128bbfb6bc1092012d4afd8e2aae27

SHA256
20027c560483941c10d60098ea22ee973b647ad934377be62c88ee4acb2fc465

SHA512
085c3324c4994eab79205f3522b31634b1963a7bb02a52a9820bd1e80a2ee150d24c370fa619f8f421b1fdb8b185bcffb21c42ea6f7f1352f2202b6f224afac6

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\GMap.NET.Core.dll

Filesize
2.9MB

MD5
819352ea9e832d24fc4cebb2757a462b

SHA1
aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

SHA256
58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

SHA512
6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\GMap.NET.WindowsForms.dll

Filesize
147KB

MD5
32a8742009ffdfd68b46fe8fd4794386

SHA1
de18190d77ae094b03d357abfa4a465058cd54e3

SHA256
741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

SHA512
22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\NAudio.dll

Filesize
502KB

MD5
3b87d1363a45ce9368e9baec32c69466

SHA1
70a9f4df01d17060ec17df9528fca7026cc42935

SHA256
81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451

SHA512
1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\ActiveWindows.dll

Filesize
14KB

MD5
5a766a4991515011983ceddf7714b70b

SHA1
4eb00ae7fe780fa4fe94cedbf6052983f5fd138b

SHA256
567b9861026a0dbc5947e7515dc7ab3f496153f6b3db57c27238129ec207fc52

SHA512
4bd6b24e236387ff58631207ea42cd09293c3664468e72cd887de3b3b912d3795a22a98dcf4548fb339444337722a81f8877abb22177606d765d78e48ec01fd8

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\Chat.dll

Filesize
18KB

MD5
59f75c7ffaccf9878a9d39e224a65adf

SHA1
46b0f61a07e85e3b54b728d9d7142ddc73c9d74b

SHA256
aab20f465955d77d6ec3b5c1c5f64402a925fb565dda5c8e38c296cb7406e492

SHA512
80056163b96ce7a8877874eaae559f75217c0a04b3e3d4c1283fe23badfc95fe4d587fd27127db4be459b8a3adf41900135ea12b0eeb4187adbcf796d9505cb8

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\Chromium.dll

Filesize
32KB

MD5
edb2f0d0eb08dcd78b3ddf87a847de01

SHA1
cc23d101f917cad3664f8c1fa0788a89e03a669c

SHA256
b6d8bccdf123ceac6b9642ad3500d4e0b3d30b9c9dd2d29499d38c02bd8f9982

SHA512
8f87da834649a21a908c95a9ea8e2d94726bd9f33d4b7786348f6371dfae983cc2b5b5d4f80a17a60ded17d4eb71771ec25a7c82e4f3a90273c46c8ee3b8f2c3

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\Clipboard.dll

Filesize
14KB

MD5
831eb0de839fc13de0abab64fe1e06e7

SHA1
53aad63a8b6fc9e35c814c55be9992abc92a1b54

SHA256
e31a1c2b1baa2aa2c36cabe3da17cd767c8fec4c206bd506e889341e5e0fa959

SHA512
2f61bcf972671d96e036b3c99546cd01e067bef15751a87c00ba6d656decb6b69a628415e5363e650b55610cf9f237585ada7ce51523e6efc0e27d7338966bee

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\Cmstp-Bypass.dll

Filesize
11KB

MD5
cf15259e22b58a0dfd1156ab71cbd690

SHA1
3614f4e469d28d6e65471099e2d45c8e28a7a49e

SHA256
fa420fd3d1a5a2bb813ef8e6063480099f19091e8fa1b3389004c1ac559e806b

SHA512
7302a424ed62ec20be85282ff545a4ca9e1aecfe20c45630b294c1ae72732465d8298537ee923d9e288ae0c48328e52ad8a1a503e549f8f8737fabe2e6e9ad38

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\FileManager.dll

Filesize
679KB

MD5
641a8b61cb468359b1346a0891d65b59

SHA1
2cdc49bcd7428fe778a94cdcd19cabf5ece8c9c0

SHA256
b58ed3ebbcd27c7f4b173819528ff4db562b90475a5e304521ed5c564d39fffd

SHA512
042702d34664ea6288e891c9f7aa10a5b4b07317f25f82d6c9fa9ba9b98645c14073d0f66637060b416a30c58dec907d9383530320a318523c51f19ebd0a4fee

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\FilesSearcher.dll

Filesize
478KB

MD5
6f8f1621c16ac0976600146d2217e9d2

SHA1
b6aa233b93aae0a17ee8787576bf0fbc05cedde4

SHA256
e66e1273dc59ee9e05ce3e02f1b760b18dd296a47d92b3ce5b24efb48e5fb21b

SHA512
eb55acdea8648c8cdefee892758d9585ff81502fc7037d5814e1bd01fee0431f4dde0a4b04ccb2b0917e1b11588f2dc9f0bfe750117137a01bbd0c508f43ef6a

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\HBrowser.dll

Filesize
25KB

MD5
f0e921f2f850b7ec094036d20ff9be9b

SHA1
3b2d76d06470580858cc572257491e32d4b021c0

SHA256
75e8ff57fa6d95cf4d8405bffebb2b9b1c55a0abba0fe345f55b8f0e88be6f3c

SHA512
16028ae56cd1d78d5cb63c554155ae02804aac3f15c0d91a771b0dcd5c8df710f39481f6545ca6410b7cd9240ec77090f65e3379dcfe09f161a3dff6aec649f3

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\HRDP.dll

Filesize
1.7MB

MD5
f27b6e8cf5afa8771c679b7a79e11a08

SHA1
6c3fcf45e35aaf6b747f29a06108093c284100da

SHA256
4aa18745a5fddf7ec14adaff3ad1b4df1b910f4b6710bf55eb27fb3942bb67de

SHA512
0d84966bbc9290b04d2148082563675ec023906d58f5ba6861c20542271bf11be196d6ab24e48372f339438204bd5c198297da98a19fddb25a3df727b5aafa33

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\HVNC.dll

Filesize
58KB

MD5
30eb33588670191b4e74a0a05eecf191

SHA1
08760620ef080bb75c253ba80e97322c187a6b9f

SHA256
3a287acb1c89692f2c18596dd4405089ac998bb9cf44dd225e5211923d421e96

SHA512
820cca77096ff2eea8e459a848f7127dc46af2e5f42f43b2b7375be6f4778c1b0e34e4aa5a97f7fbabe0b53dcd351d09c231bb9afedf7bcec60d949918a06b97

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\HVNCMemory.dll

Filesize
39KB

MD5
065f0830d1e36f8f44702b0f567082e8

SHA1
724c33558fcc8ecd86ee56335e8f6eb5bfeac0db

SHA256
285b462e3cd4a5b207315ad33ee6965a8b98ca58abb8d16882e4bc2d758ff1a4

SHA512
bac0148e1b78a8fde242697bff1bbe10a18ffab85fdced062de3dc5017cd77f0d54d8096e273523b8a3910fe17fac111724acffa5bec30e4d81b7b3bd312d545

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\HiddenApps.dll

Filesize
45KB

MD5
ba2141a7aefa1a80e2091bf7c2ca72db

SHA1
9047b546ce9c0ea2c36d24a10eb31516a24a047d

SHA256
6a098f5a7f9328b35d73ee232846b13e2d587d47f473cbc9b3f1d74def7086ea

SHA512
91e43620e5717b699e34e658d6af49bba200dcf91ac0c9a0f237ec44666b57117a13bc8674895b7a9cac5a17b2f91cdc3daa5bcc52c43edbabd19bc1ed63038c

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\Informations.dll

Filesize
22KB

MD5
67a884eeb9bd025a1ef69c8964b6d86f

SHA1
97e00d3687703b1d7cc0939e45f8232016d009d9

SHA256
cba453460be46cfa705817abbe181f9bf65dca6b6cea1ad31629aa08dbeaf72b

SHA512
52e852021a1639868e61d2bd1e8f14b9c410c16bfca584bf70ae9e71da78829c1cada87d481e55386eec25646f84bb9f3baee3b5009d56bcbb3be4e06ffa0ae7

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\Keylogger.dll

Filesize
17KB

MD5
246f7916c4f21e98f22cb86587acb334

SHA1
b898523ed4db6612c79aad49fbd74f71ecdbd461

SHA256
acfe5c3aa2a3bae3437ead42e90044d7eee972ead25c1f7486bea4a23c201d3a

SHA512
1c256ca9b9857e6d393461b55e53175b7b0d88d8f3566fd457f2b3a4f241cb91c9207d54d8b0867ea0abd3577d127835beb13157c3e5df5c2b2b34b3339bd15d

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\Maps.dll

Filesize
15KB

MD5
806c3802bfd7a97db07c99a5c2918198

SHA1
088393a9d96f0491e3e1cf6589f612aa5e1df5f8

SHA256
34b532a4d0560e26b0d5b81407befdc2424aacc9ef56e8b13de8ad0f4b3f1ab6

SHA512
ed164822297accd3717b4d8e3927f0c736c060bb7ec5d99d842498b63f74d0400c396575e9fa664ad36ae8d4285cfd91e225423a0c77a612912d66ea9f63356c

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\MessageBox.dll

Filesize
14KB

MD5
7db8b7e15194fa60ffed768b6cf948c2

SHA1
3de1b56cc550411c58cd1ad7ba845f3269559b5c

SHA256
bc09b671894c9a36f4eca45dd6fbf958a967acea9e85b66c38a319387b90dd29

SHA512
e7f5430b0d46f133dc9616f9eeae8fb42f07a8a4a18b927dd7497de29451086629dfc5e63c0b2a60a4603d8421c6570967c5dbde498bb480aef353b3ed8e18a1

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\Microphone.dll

Filesize
540KB

MD5
9c3d90ccf5d47f6eef83542bd08d5aeb

SHA1
0c0aa80c3411f98e8db7a165e39484e8dae424c7

SHA256
612898afdf9120cfef5843f9b136c66ecc3e0bb6f3d1527d0599a11988b7783c

SHA512
0786f802fbd24d4ab79651298a5ba042c275d7d01c6ac2c9b3ca1e4ee952de7676ec8abf68d226b72696e9480bd4d4615077163efbcda7cff6a5f717736cbdfe

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Plugins\WebCam.dll

Filesize
209KB

MD5
71a9109ccafa90550c1c879a304d27f5

SHA1
c77ce45aaf8b2d8aaaa2a41833275f3eda78046d

SHA256
8d413b40aef41e53557d91f3b3ac64cfc13adb0f8c3edc364e7b8501170e2657

SHA512
fc92190d8a889fb088b2e8c2e4ea4751fcda59eff076b205da7c420b2f26564c1835d6ff1af470b583ec2ec92c0fcfb472e443e29d33f538572e6edd36c8c47e

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\SimpleObfuscator.dll

Filesize
1.4MB

MD5
9043d712208178c33ba8e942834ce457

SHA1
e0fa5c730bf127a33348f5d2a5673260ae3719d1

SHA256
b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

SHA512
dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Downloads\XWorm 5.6 By Necrowolf\XWorm V5.6.exe

Filesize
17.9MB

MD5
49f6c848fc3b1f32ed96b08bca221e53

SHA1
0c1da68ae22f31f61ded840a42515793e1432a24

SHA256
7926286cb142cc3d2511cde859dc78ea4d9a26b5007c80bc33879fc3e5800c0c

SHA512
1cb5fea83ccecf175ec1ed6e381bf09f915115458869f05ebdbfbd2a92b6ec41f0a5d004e0bf74a80ccc68491554bb7df95d10242f22ce1429a2bcff124b5ba1

Download Submit
memory/460-1473-0x000000001D6D0000-0x000000001D858000-memory.dmp

Filesize
1.5MB

Download
memory/460-1123-0x0000000000540000-0x0000000000556000-memory.dmp

Filesize
88KB

Download
memory/460-1446-0x000000001B360000-0x000000001B39A000-memory.dmp

Filesize
232KB

Download
memory/2004-1124-0x000002185AB40000-0x000002185ACEE000-memory.dmp

Filesize
1.7MB

Download
memory/2004-1131-0x00000218624B0000-0x0000021862792000-memory.dmp

Filesize
2.9MB

Download
memory/2004-1092-0x000002185AB40000-0x000002185ACEE000-memory.dmp

Filesize
1.7MB

Download
memory/2004-422-0x000002183AA80000-0x000002183C98E000-memory.dmp

Filesize
31.1MB

Download
memory/2004-1133-0x0000021861D10000-0x0000021861DC2000-memory.dmp

Filesize
712KB

Download
memory/2004-424-0x0000021857D70000-0x0000021857F64000-memory.dmp

Filesize
2.0MB

Download
memory/2004-1125-0x0000021861150000-0x00000218611F9000-memory.dmp

Filesize
676KB

Download
memory/2004-1095-0x0000021861F10000-0x0000021862078000-memory.dmp

Filesize
1.4MB

Download
memory/2004-1127-0x000002185AD80000-0x000002185AE02000-memory.dmp

Filesize
520KB

Download
memory/2004-1093-0x0000021861150000-0x00000218611F9000-memory.dmp

Filesize
676KB

Download
memory/2004-1129-0x000002185AD20000-0x000002185AD4C000-memory.dmp

Filesize
176KB

Download
memory/4544-1023-0x0000017F498E0000-0x0000017F49900000-memory.dmp

Filesize
128KB

Download
memory/4544-1014-0x0000017F49870000-0x0000017F498C0000-memory.dmp

Filesize
320KB

Download
memory/4544-1040-0x0000017F4C230000-0x0000017F4C23A000-memory.dmp

Filesize
40KB

Download
memory/4544-1004-0x0000017F2E2F0000-0x0000017F2F124000-memory.dmp

Filesize
14.2MB

Download
memory/4544-1010-0x0000017F49940000-0x0000017F49B92000-memory.dmp

Filesize
2.3MB

Download
memory/4544-1012-0x0000017F4A230000-0x0000017F4A308000-memory.dmp

Filesize
864KB

Download
memory/4544-1008-0x0000017F49C00000-0x0000017F4A112000-memory.dmp

Filesize
5.1MB

Download
memory/4544-1025-0x0000017F4E260000-0x0000017F4E472000-memory.dmp

Filesize
2.1MB

Download
memory/4544-1006-0x0000017F4A9F0000-0x0000017F4BDF4000-memory.dmp

Filesize
20.0MB

Download
memory/4544-1018-0x0000017F4E560000-0x0000017F4EBF2000-memory.dmp

Filesize
6.6MB

Download
memory/4544-1026-0x0000017F4D3B0000-0x0000017F4D45A000-memory.dmp

Filesize
680KB

Download
memory/4544-1022-0x0000017F4EC00000-0x0000017F4F084000-memory.dmp

Filesize
4.5MB

Download
memory/4544-1053-0x0000017F52040000-0x0000017F52164000-memory.dmp

Filesize
1.1MB

Download
memory/4544-1020-0x0000017F4DEC0000-0x0000017F4E25C000-memory.dmp

Filesize
3.6MB

Download
memory/4544-1016-0x0000017F4D700000-0x0000017F4DEBE000-memory.dmp

Filesize
7.7MB

Download