Analysis
-
max time kernel
1799s -
max time network
1691s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
-
submitted
20-06-2024 10:45
General
-
Target
XWorm-v5-Remote-Access-Tool-main/D3DX9_43.dll
-
Size
2.3MB
-
MD5
7160fc226391c0b50c85571fa1a546e5
-
SHA1
2bf450850a522a09e8d1ce0f1e443d86d934f4ad
-
SHA256
84b900dbd7fa978d6e0caee26fc54f2f61d92c9c75d10b35f00e3e82cd1d67b4
-
SHA512
dfab0eaab8c40fb80369e150cd36ff2224f3a6baf713044f47182961cd501fe4222007f9a93753ac757f64513c707c68a5cf4ae914e23fecaa4656a68df8349b
-
SSDEEP
49152:dbCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nW:YIIBnW
Malware Config
Signatures
-
Drops startup file 2 IoCs
-
Executes dropped EXE 28 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 37 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 41 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\XWorm-v5-Remote-Access-Tool-main\D3DX9_43.dll,#11⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc586dab58,0x7ffc586dab68,0x7ffc586dab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4180 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4204 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4512 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4960 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:82⤵
- NTFS ADS
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1740,i,3626641728613103415,14824196686308289636,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Videos\lol\XWORM-V5.6-RAT-CRACKED-main\XWorm V5.6.exe"C:\Users\Admin\Videos\lol\XWORM-V5.6-RAT-CRACKED-main\XWorm V5.6.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "COM Surrogate" /tr "C:\Users\Public\COM Surrogate"2⤵
- Scheduled Task/Job: Scheduled Task
-
C:\Users\Admin\Videos\lol\XWORM-V5.6-RAT-CRACKED-main\XWorm V5.6.exe"C:\Users\Admin\Videos\lol\XWORM-V5.6-RAT-CRACKED-main\XWorm V5.6.exe"1⤵
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
-
C:\Users\Public\COM Surrogate"C:\Users\Public\COM Surrogate"1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD538afa85aa1870b4a4dca37bdab93004c
SHA194a3ddc37883d102bf88118d80826d972ca3d809
SHA256c6084aa495a329133e1d96e67c587246e24a7e7443e0c7f779fc2f85038063ae
SHA51218045feed91cdb2cd21a91d11705e11fbdc1f0980cb2ffa03bd375649e3bfa709d35f9e21d2c0497bf49ab0aa48a502ddec331e010f11a9d6dc79195cfddbe64
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5d4701ffb9ffbc232e04e36e3d22eb9f9
SHA1da325fb3e136c8b14e7d6a5e4781ee79ca0c56b0
SHA2568fee42f0710f3770be4756e29db81f586e0f07480bd1013c87865a10abda3ebf
SHA512973b623f15b16ab90fde77ccf05808bedbb34339d62c166c9617c8a75aa69dd115104053b39cdf034944adfee70c96495c94de9dd649abe150d05ce0c199dbee
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD592af8471b010b178ebc3191eb25d90ad
SHA1d71f2641bf6184e5d313973ccb4e550e5d92eceb
SHA25681b388bbf44a5b7dad1fa4470b0f929e84a2a8ca479832251b8aae25eeec2b1c
SHA5129ce0a220c6b8f9fc50db1c384d7f72bfaa1875690b08438d9865fd5b90fa94dad45eeb1cd2bad5494a0dbf032b876adf8fc3c38883e4d4684b132e8d165ff3dc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD502c80c995a40e7f8e7c9c68790d87a55
SHA162a845a132afa4d877f7ac51aaf209e4dbff4ca9
SHA256bf9b61211b97a72714bb843d1919aedf95c57154bc9865763a06b0fe748399a2
SHA512dd095866d4c8513985d16636de9eba4fbfb7e6e5293a933dbe386023273fec52cd88818d94840da17697fc8bb09b0168cef470b780e05111e94e1edc972d5105
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD52b3aefa88e3d4de84e6f2d734bf0b7a8
SHA16f87bdf42d74830096cd11a79109c2457df06392
SHA25648491f4ebe0dd07263a119d370b384022baabaefde37c33b7ea96e89339f32b3
SHA512bb99c0aa4819794b844463bcb3af8af28a4b47b9f1f46b2fa38fcfc9e8d9a2b0d978e4b84c5267a68cc2992d520f42dcb24219ff8a29cb3b11724149ab381284
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5e1ac99cbfd5bd380131f6885ad3547e3
SHA17fb94677f92e5133ea837548a4beb1313924aae6
SHA25649c1f28af48751dd95b6b03303b560fa78ed1aa0bcba9a11a44c0b54407d7c0b
SHA5124b983c54737bc416d4be61bd5b56c25d8bc9e06d403ba8be1b78cd036a43325e993e599b329b6cd5d8204f82eb5b9cb02434843bf83ae1f7b352e12bd683e957
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD54bb6b25ff4b9a6720129ba0a6ff4d662
SHA1c93b28d2a5f04bf5cb0bd3a4001d3cc99dae3805
SHA25678965a091efb3c4ae08479d2f1e26025d13939bea0fc5e6c32103af6fe924452
SHA51221fef9d12142d19d1ec82df398adae33b64562cc39707125dd49be7076acbe97f177a63115206dd7f453b8bc393ed932cddbed9dcd743bb12d21791febd9b92c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5ab37374bbc004a057129f8d2b7458fff
SHA15f9f649adce63afd9c5f1cd77b8b9f0649af003d
SHA2569998bbb5054876e8a5f321c8b520f9c132387a7ca9a522ba2644edccc94658b5
SHA5129abda2e88e12c33f11a5128bcc8e783154433240966cddf2447cc2dd5978de3784fc8b7eec86f696d256dea29bbee457d61ed0bfb76060f5f53e5679b4fd1f3f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD54c0dcb3e9a5b8970cdd3962aee1e7e5a
SHA18aadd97e786aec1c3ab63cfd0c9c068142f9b2e3
SHA256e6ce9c0d1a31546fd4456ffe0b9d7bcd736881581f2f41d0c0bc1d8f1a4d3eff
SHA5120819e817a8ccc6b716cef73ec113cd5ddcdc3415ab6473de8ad0c14448025f4f229e32d92d318ddfccc4e13ea254875e2f6e27882d3cc9354018e2253cefdf63
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5f0fa6308021df48c47cfa6fc9da951f7
SHA1abb6dbf4d7399b717cb37d2f8b4bda5bace9313e
SHA256add3fa3d29d203fe18a30a1ee9e3737d876b6d4861eade57aaa947fe41094842
SHA512811c07389921cf4dc65af164e7c16d17272a5e90234d31e0a26eb1688d8f244ae63972cabe47bd48324a631983a53cd624adf24509cb5afa54b9926c6ae4bcee
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
523B
MD54e10d474763d5484c44562d5be6bb9c4
SHA11fbc7c13dbdda1e9652e013cb25e48be0c953045
SHA2563de99571bd8577747ba9e4d0235bca4eb65be1c70e08bee01ce9d2d142052165
SHA5125209bd33fcee2fed0d54088f072489b7981294eb0b08ec112afdbb392c74f699dd6e5aeb9200a1dc546543e7adbdc0b64f249dffd9a17f10a40ee28464e813c4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD589d05988a9f10e26e50fefd795d49d3b
SHA1a445de6406bda8b5a6cb0dd672632070bc1a6c2a
SHA2564e6ab2b73ac14e50ab2be60c8390a31278d7f05d974d5a4279bac939e56585ed
SHA512e4e6d406943c7259589233862d1172e1e833e593619b0b97d6c34d797a0fc8faf3b338dcd34b8e0ffc8f763ee8ae57b2ccc7541c1a9556cda5218df6fcea6250
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5c0a9f432824db13927b7796801bdb7fe
SHA141ce2ac71a1b810528b683e8f2cc408a3c94c6a3
SHA25652a6f133c634432b8cfc6dc19b735a9dbbf94b34203d03a651fe5b086fe96b26
SHA512d8285229148fec5afcc75875d3237ed7024cd500f63b237ac214c99f011c2c4580ed0e49fd4e0af59e909c526b46401d55dba43a43d6d87d04e5369c46399dd8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD58b8168779a54b1ee7aaf95566c266cdb
SHA1e767a9d5d168ca3bcf8d371b9d53e8e144fc6a09
SHA256096b7c09adad5f737f520bb6118b9f5031902608ca51a8b49417d5985ea1ade8
SHA512a4053889a118ac308942250ec09b89c2d7d7ceee1a6751fdc15d694ced154437a6f2367bce1b4c011950009e11a668f600ac74d7faf3e3c0f4f851eb106ea846
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5348806fb93be68adf9dccfcdbc3b0e52
SHA1d31a4cfa6dc9233aa654aaa3c5253ea9bd912089
SHA25675a25878fa6fec53464d12a9555e59efa7bcb9449adfdb9f281a024c1c19eb8b
SHA512f010db6a745d5386ee398c0833794f724a18e789fdcd047494838af46ab67f055bb6a0a4ebffdf6f6013c4f2c75c5e6ada2cb7bae08769eea827b80cf668a9d0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD58a7ea9782ad1b3f5e24edb8e74204618
SHA1a99a0d7d3a6ae19b1dd8e9e4daf0ff9172e7c5d6
SHA25694d68c1537a7eda35ac29467af488be8aab1240a7bf936ee7d1c41e299cdc4b8
SHA51228723a370673e64656b0b8ae4129ad9eccfdfb6a3451e6e95522ac9916744e4037aeaed71b3abc2e9cda7a9bdc387a76780f42d632e57086cb46acb81fc87e11
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD5ea8b6b7df2fa3d694b5929aec07fdb63
SHA1a66ced1c7683eda987930ff026a5210fb708922b
SHA256d96d3ea947b003cc5fa99ab5043e63f186552d3039ad970eef3639bc25a1ec8c
SHA512b8924d80c3b82886debaf594a58215cabedc1a715da23183f82b0da67db77e1a13470a09089beb6024cf374dbf31b6e5cd86cc798613e048ac1cf40a7bb3d817
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
278KB
MD5cdfdffbad416f6331267c913971a42b7
SHA156bcfa69de5c0ba238a40ac7edfb9b7439223c9c
SHA2561c23500c0df43511590ca2f2af6a2d9cff54b11a698e852d746e55dc859c80aa
SHA512ce9d57485b2832d630c2079506ae8fda3c4f518bc20f514ddd550bba77e6d83d0210373d8c41688806f882a36cf7da1d520eacd512704501ac424437416ba0c6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
92KB
MD590fc631f33e1c1041a668278588d40a7
SHA1c780ba4f04d799dc51749191bedaddcf9c9e0916
SHA256d83e2b840f4c20eae61d9e989ad5998e3be81259390576070dece891435e1172
SHA5123bb4116ef66d74c1c350aa7fd5f22e3e9a87b7db545cfc9770a5065d01df6498050d6a750a248a3ad5c63f14d5806fc73de8ddda7ea457465bbc1b10737d18da
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b10b.TMPFilesize
83KB
MD5a43ab5c0affcc59f68bb6e21f5d16f91
SHA1bdbf29a5c0b4d87e22eb59d7180d405024700f22
SHA25664cae505c26f0847b61a762297a27d3d11b1b6adc1b0751c253deae56621f023
SHA5127e16a9df670d0ce53d7d40285702b6e52187f9bc14a043ab36717f98cde338808c7ab72f9c3520d6fba1c9306683d8240a8523aa3889207e3aef424c8f29a0a6
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\COM Surrogate.logFilesize
654B
MD52cbbb74b7da1f720b48ed31085cbd5b8
SHA179caa9a3ea8abe1b9c4326c3633da64a5f724964
SHA256e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3
SHA512ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9
-
C:\Users\Admin\Downloads\XWORM-V5.6-RAT-CRACKED-main.zip.crdownloadFilesize
16.3MB
MD58e449118e72361933c00bd134ba5bbd9
SHA1e1ff9d49d04804779b08f07a6b77a84806f3fbf1
SHA25603091681dd4b73c8835530a54a592d55bc11fda05653fc00d9697a9a52b9aef9
SHA512edffa9347cb8ff8f1d18388826037d67ccbd1765d46efd7699bb0b4acd7203cbd07f2bac1b669879059d777d0c35bd66eb4a04f84d55130829d052a49dd28b4a
-
C:\Users\Admin\Downloads\XWORM-V5.6-RAT-CRACKED-main.zip:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\Users\Public\COM SurrogateFilesize
476KB
MD5bf1ccd2d127e4ac0dc4ad6307cd1b62f
SHA1fc95eb4ec00d3b745fb97f7f8f140cfbe51c23ac
SHA256b32c1554a1a62e6d4c30bad330e5146016fe11521671536c669b429b895e5a11
SHA5120b6fcb5596904849c5d1ef7439af2849394a56a5f64d337b85cfe2158c8aff2c2a6db5a03c5464520537ec5a203f4c784db4e47d48dc16efdfe064a0e831a3ce
-
\??\pipe\crashpad_3688_SCILWWZQCZYGWSMBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3104-334-0x00007FFC53CE0000-0x00007FFC547A2000-memory.dmpFilesize
10.8MB
-
memory/3104-378-0x00007FFC53CE0000-0x00007FFC547A2000-memory.dmpFilesize
10.8MB
-
memory/3104-333-0x00007FFC53CE3000-0x00007FFC53CE5000-memory.dmpFilesize
8KB
-
memory/3104-332-0x0000000000B80000-0x0000000000C00000-memory.dmpFilesize
512KB