xworm | 6ae2b903b9e73ecac6542c15a01cfa044c06ff575b8f86e44e03140a35bea87f

Resubmissions

20/05/2023, 17:02

230520-vkggkadg24 10

20/05/2023, 16:58

230520-vg8fwagc2z 3

20/05/2023, 16:56

230520-vf35rsgb8s 6

Analysis

max time kernel
144s
max time network
143s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20/05/2023, 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12.bat
Size

49B
MD5

354ee47d9b7f0877aaecd8db36e01468
SHA1

9bd07f39a7b4980f4565c6a3a47f15d783707df0
SHA256

6ae2b903b9e73ecac6542c15a01cfa044c06ff575b8f86e44e03140a35bea87f
SHA512

20735574ef7634039d9de979e088193eb63d0682c602d2ecaa0296b72e5636de41b53a802d6ce205fc7334c7716c4add716de87205500c0384a55a5265a653f7

Score

10^/10

xworm evasion rat trojan

Malware Config

Extracted

Family

xworm

classic-lovers.at.ply.gg:11647

Attributes

install_file
AnyDesk.exe

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/files/0x000500000001a4c2-996.dat	disable_win_def

Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	WScript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	WScript.exe

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk	AnyDesk.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk	AnyDesk.exe

Executes dropped EXE 4 IoCs

pid	Process
1624	XWorm.exe
1504	FireWallOpen.exe
1544	AnyDesk.exe
572	GUBootService.exe

Loads dropped DLL 3 IoCs

pid	Process
1048	XWorm V3.0.exe
1048	XWorm V3.0.exe
1048	XWorm V3.0.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
47	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 5 IoCs

evasion

pid	Process
2184	timeout.exe
2944	timeout.exe
3028	timeout.exe
2036	timeout.exe
2556	timeout.exe

Kills process with taskkill 55 IoCs

evasion

pid	Process
2892	taskkill.exe
2732	taskkill.exe
2876	taskkill.exe
2188	taskkill.exe
2212	taskkill.exe
2552	taskkill.exe
1816	taskkill.exe
1692	taskkill.exe
2872	taskkill.exe
3048	taskkill.exe
2452	taskkill.exe
2036	taskkill.exe
2608	taskkill.exe
2216	taskkill.exe
2632	taskkill.exe
2700	taskkill.exe
3012	taskkill.exe
2932	taskkill.exe
2112	taskkill.exe
1652	taskkill.exe
2104	taskkill.exe
2964	taskkill.exe
2856	taskkill.exe
2496	taskkill.exe
2256	taskkill.exe
2996	taskkill.exe
2720	taskkill.exe
2268	taskkill.exe
1808	taskkill.exe
2084	taskkill.exe
2640	taskkill.exe
2908	taskkill.exe
2952	taskkill.exe
1964	taskkill.exe
2144	taskkill.exe
2076	taskkill.exe
2132	taskkill.exe
3000	taskkill.exe
2320	taskkill.exe
2280	taskkill.exe
2312	taskkill.exe
2932	taskkill.exe
2624	taskkill.exe
2828	taskkill.exe
3008	taskkill.exe
2832	taskkill.exe
2412	taskkill.exe
1296	taskkill.exe
2804	taskkill.exe
2508	taskkill.exe
2644	taskkill.exe
2760	taskkill.exe
2080	taskkill.exe
2752	taskkill.exe
2912	taskkill.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = d02726ce4d8bd901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F45EE221-F740-11ED-B4DF-5E76FDCFC840} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 901448c84d8bd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "391374362"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000743fd071976334797e6012501984d1f000000000200000000001066000000010000200000001764de35208db285eddb6ab438aab6c82a839530f60ae2dd0e8200ad08a6b427000000000e8000000002000020000000a4ffc271736028cc79a5bf00fff928842caf12515df09a469e70b1b71b889f4820000000aec8f203022ea7b672bb1d141322114a909d0667ab8fa613375f879bd674593d400000007eedc1156c62d0edcd3f73ff9c1cc5e2758d495b3e333f12d15571323277bd0c5fd94aeeb9b5285c7b0707ad61e2c16fa4e543def56c361059db8dd3d4ef6303	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000743fd071976334797e6012501984d1f00000000020000000000106600000001000020000000abe663bac635484df756b721e70683f84b63bd4c73907af27d910be13edcfec3000000000e8000000002000020000000a0ad49d7104af81e65d708cf6cab66b8f229ece659cae3f0bb833b211ec15d9a90000000d63613f7a75f99dbfb780686b8f6365e4f27126a7e9fa8fd6e19c06cee6518a0de271b671b8b9fbb62b2b89f668e64a4c844375d897bbaa79d9f2116106e1f0b87ce4d4ec705b6b4f3eff8dbe33d78462c109cf1787c404edc260a15257e3a2c8b87dcd0ccaf02a58d589b4627f4dda397a37f7e7ceae1a5e364f61485bdd7f209bc971ec5fe690fbedcd83870679095400000001e77112a58fb23957c73a538595cbb5e0f3ac9c3c10c164e1c94dd902bf2a0f18457b8e73601a823e3ffb330d19036a54bf2ef6dd648a00a31a4a789c181ca3d	iexplore.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1824	PING.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1544	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2064	powershell.exe
320	powershell.exe
2120	powershell.exe
292	powershell.exe
2104	powershell.exe
2196	powershell.exe
2412	taskkill.exe
2232	powershell.exe
2340	powershell.exe
2492	powershell.exe
2480	powershell.exe
1544	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1504	FireWallOpen.exe
Token: SeDebugPrivilege	1544	AnyDesk.exe
Token: SeDebugPrivilege	2036	timeout.exe
Token: SeDebugPrivilege	2064	powershell.exe
Token: SeDebugPrivilege	320	powershell.exe
Token: SeDebugPrivilege	2120	powershell.exe
Token: SeDebugPrivilege	292	powershell.exe
Token: SeDebugPrivilege	2104	powershell.exe
Token: SeDebugPrivilege	2196	powershell.exe
Token: SeDebugPrivilege	2412	taskkill.exe
Token: SeDebugPrivilege	2232	powershell.exe
Token: SeDebugPrivilege	2340	powershell.exe
Token: SeDebugPrivilege	2492	powershell.exe
Token: SeDebugPrivilege	2480	powershell.exe
Token: SeDebugPrivilege	3008	taskkill.exe
Token: SeDebugPrivilege	2312	taskkill.exe
Token: SeDebugPrivilege	2608	taskkill.exe
Token: SeDebugPrivilege	2700	taskkill.exe
Token: SeDebugPrivilege	2760	taskkill.exe
Token: SeDebugPrivilege	2832	taskkill.exe
Token: SeDebugPrivilege	2856	taskkill.exe
Token: SeDebugPrivilege	2892	taskkill.exe
Token: SeDebugPrivilege	2908	taskkill.exe
Token: SeDebugPrivilege	2932	taskkill.exe
Token: SeDebugPrivilege	2216	taskkill.exe
Token: SeDebugPrivilege	2268	taskkill.exe
Token: SeDebugPrivilege	2080	taskkill.exe
Token: SeDebugPrivilege	2212	taskkill.exe
Token: SeDebugPrivilege	2144	taskkill.exe
Token: SeDebugPrivilege	2632	taskkill.exe
Token: SeDebugPrivilege	1652	taskkill.exe
Token: SeDebugPrivilege	2552	taskkill.exe
Token: SeDebugPrivilege	3048	taskkill.exe
Token: SeDebugPrivilege	3000	taskkill.exe
Token: SeDebugPrivilege	2412	taskkill.exe
Token: SeDebugPrivilege	2752	taskkill.exe
Token: SeDebugPrivilege	2104	taskkill.exe
Token: SeDebugPrivilege	3012	taskkill.exe
Token: SeDebugPrivilege	2624	taskkill.exe
Token: SeDebugPrivilege	1296	taskkill.exe
Token: SeDebugPrivilege	1816	taskkill.exe
Token: SeDebugPrivilege	1808	taskkill.exe
Token: SeDebugPrivilege	2076	taskkill.exe
Token: SeDebugPrivilege	2084	taskkill.exe
Token: SeDebugPrivilege	2496	taskkill.exe
Token: SeDebugPrivilege	2452	taskkill.exe
Token: SeDebugPrivilege	2320	taskkill.exe
Token: SeDebugPrivilege	1692	taskkill.exe
Token: SeDebugPrivilege	2256	taskkill.exe
Token: SeDebugPrivilege	2132	taskkill.exe
Token: SeDebugPrivilege	2640	taskkill.exe
Token: SeDebugPrivilege	2732	taskkill.exe
Token: SeDebugPrivilege	2804	taskkill.exe
Token: SeDebugPrivilege	2828	taskkill.exe
Token: SeDebugPrivilege	2876	taskkill.exe
Token: SeDebugPrivilege	2872	taskkill.exe
Token: SeDebugPrivilege	2912	taskkill.exe
Token: SeDebugPrivilege	2932	taskkill.exe
Token: SeDebugPrivilege	2188	taskkill.exe
Token: SeDebugPrivilege	2996	taskkill.exe
Token: SeDebugPrivilege	2112	taskkill.exe
Token: SeDebugPrivilege	2952	taskkill.exe
Token: SeDebugPrivilege	2508	taskkill.exe
Token: SeDebugPrivilege	2644	taskkill.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1148	iexplore.exe
1148	iexplore.exe
1148	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1148	iexplore.exe
1148	iexplore.exe
432	IEXPLORE.EXE
432	IEXPLORE.EXE
432	IEXPLORE.EXE
432	IEXPLORE.EXE
1544	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1148	1732	cmd.exe	29
PID 1732 wrote to memory of 1148	1732	cmd.exe	29
PID 1732 wrote to memory of 1148	1732	cmd.exe	29
PID 1148 wrote to memory of 432	1148	iexplore.exe	31
PID 1148 wrote to memory of 432	1148	iexplore.exe	31
PID 1148 wrote to memory of 432	1148	iexplore.exe	31
PID 1148 wrote to memory of 432	1148	iexplore.exe	31
PID 1048 wrote to memory of 1624	1048	XWorm V3.0.exe	35
PID 1048 wrote to memory of 1624	1048	XWorm V3.0.exe	35
PID 1048 wrote to memory of 1624	1048	XWorm V3.0.exe	35
PID 1048 wrote to memory of 1624	1048	XWorm V3.0.exe	35
PID 1048 wrote to memory of 1504	1048	XWorm V3.0.exe	36
PID 1048 wrote to memory of 1504	1048	XWorm V3.0.exe	36
PID 1048 wrote to memory of 1504	1048	XWorm V3.0.exe	36
PID 1048 wrote to memory of 1504	1048	XWorm V3.0.exe	36
PID 1048 wrote to memory of 320	1048	XWorm V3.0.exe	37
PID 1048 wrote to memory of 320	1048	XWorm V3.0.exe	37
PID 1048 wrote to memory of 320	1048	XWorm V3.0.exe	37
PID 1048 wrote to memory of 320	1048	XWorm V3.0.exe	37
PID 320 wrote to memory of 1824	320	cmd.exe	39
PID 320 wrote to memory of 1824	320	cmd.exe	39
PID 320 wrote to memory of 1824	320	cmd.exe	39
PID 320 wrote to memory of 1824	320	cmd.exe	39
PID 1504 wrote to memory of 1544	1504	FireWallOpen.exe	42
PID 1504 wrote to memory of 1544	1504	FireWallOpen.exe	42
PID 1504 wrote to memory of 1544	1504	FireWallOpen.exe	42
PID 1504 wrote to memory of 1648	1504	FireWallOpen.exe	43
PID 1504 wrote to memory of 1648	1504	FireWallOpen.exe	43
PID 1504 wrote to memory of 1648	1504	FireWallOpen.exe	43
PID 1504 wrote to memory of 572	1504	FireWallOpen.exe	44
PID 1504 wrote to memory of 572	1504	FireWallOpen.exe	44
PID 1504 wrote to memory of 572	1504	FireWallOpen.exe	44
PID 1504 wrote to memory of 572	1504	FireWallOpen.exe	44
PID 1648 wrote to memory of 1316	1648	WScript.exe	45
PID 1648 wrote to memory of 1316	1648	WScript.exe	45
PID 1648 wrote to memory of 1316	1648	WScript.exe	45
PID 572 wrote to memory of 1256	572	GUBootService.exe	46
PID 572 wrote to memory of 1256	572	GUBootService.exe	46
PID 572 wrote to memory of 1256	572	GUBootService.exe	46
PID 572 wrote to memory of 1256	572	GUBootService.exe	46
PID 1256 wrote to memory of 2036	1256	cmd.exe	48
PID 1256 wrote to memory of 2036	1256	cmd.exe	48
PID 1256 wrote to memory of 2036	1256	cmd.exe	48
PID 1316 wrote to memory of 292	1316	WScript.exe	49
PID 1316 wrote to memory of 292	1316	WScript.exe	49
PID 1316 wrote to memory of 292	1316	WScript.exe	49
PID 1316 wrote to memory of 320	1316	WScript.exe	51
PID 1316 wrote to memory of 320	1316	WScript.exe	51
PID 1316 wrote to memory of 320	1316	WScript.exe	51
PID 1316 wrote to memory of 2064	1316	WScript.exe	54
PID 1316 wrote to memory of 2064	1316	WScript.exe	54
PID 1316 wrote to memory of 2064	1316	WScript.exe	54
PID 1316 wrote to memory of 2104	1316	WScript.exe	55
PID 1316 wrote to memory of 2104	1316	WScript.exe	55
PID 1316 wrote to memory of 2104	1316	WScript.exe	55
PID 1316 wrote to memory of 2120	1316	WScript.exe	58
PID 1316 wrote to memory of 2120	1316	WScript.exe	58
PID 1316 wrote to memory of 2120	1316	WScript.exe	58
PID 1316 wrote to memory of 2196	1316	WScript.exe	59
PID 1316 wrote to memory of 2196	1316	WScript.exe	59
PID 1316 wrote to memory of 2196	1316	WScript.exe	59
PID 1316 wrote to memory of 2232	1316	WScript.exe	61
PID 1316 wrote to memory of 2232	1316	WScript.exe	61
PID 1316 wrote to memory of 2232	1316	WScript.exe	61

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\12.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Xhackerprog/XWorm
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1148
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1148 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:432

C:\Users\Admin\Downloads\XWorm 3.0 (1)\XWorm V3.0.exe
"C:\Users\Admin\Downloads\XWorm 3.0 (1)\XWorm V3.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Users\Admin\AppData\Local\Temp\XWorm.exe
  "C:\Users\Admin\AppData\Local\Temp\XWorm.exe"
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Users\Admin\AppData\Local\Temp\FireWallOpen.exe
  "C:\Users\Admin\AppData\Local\Temp\FireWallOpen.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1504
- - C:\Users\Admin\AppData\Roaming\AnyDesk.exe
    "C:\Users\Admin\AppData\Roaming\AnyDesk.exe"
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1544
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\ProgramData\WDSet.vbs"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1648
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\ProgramData\WDSet.vbs" /elevate
      4⤵
      Modifies Windows Defender Real-time Protection settings
      Suspicious use of WriteProcessMemory
      PID:1316
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableRealtimeMonitoring $true
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:292
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBehaviorMonitoring $true
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:320
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2064
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableIOAVProtection $true
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2104
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2120
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2196
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 0
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2232
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 6
        5⤵
        
        PID:2412
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2340
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 6
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2492
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 6
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2480
- - C:\ProgramData\GUBootService.exe
    "C:\ProgramData\GUBootService.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:572
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A1FB.tmp\A1FC.bat C:\ProgramData\GUBootService.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1256
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        
        PID:2036
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvir.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3008
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im regedit.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2312
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im msconfig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2608
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmc.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2700
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskman.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2760
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvirlauncher.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2832
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmsrt.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2856
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im avp.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2892
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im MsMpRun.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2908
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im adwcleaner.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2932
    - - C:\Windows\system32\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        Suspicious use of AdjustPrivilegeToken
        
        PID:2036
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2216
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvir.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2268
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im regedit.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2080
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im msconfig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2212
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmc.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2144
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskman.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2632
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvirlauncher.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1652
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmsrt.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2552
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im avp.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3048
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im MsMpRun.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3000
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im adwcleaner.exe
        5⤵
        Kills process with taskkill
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2412
    - - C:\Windows\system32\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:2556
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2752
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvir.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2104
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im regedit.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3012
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im msconfig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2624
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmc.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1296
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskman.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1816
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvirlauncher.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1808
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmsrt.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2076
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im avp.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2084
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im MsMpRun.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2496
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im adwcleaner.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2452
    - - C:\Windows\system32\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:2184
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2320
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvir.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1692
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im regedit.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2256
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im msconfig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2132
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmc.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2640
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskman.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2732
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvirlauncher.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2804
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmsrt.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2828
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im avp.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2876
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im MsMpRun.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2872
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im adwcleaner.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2912
    - - C:\Windows\system32\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:2944
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2932
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvir.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2188
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im regedit.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2996
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im msconfig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2112
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmc.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2952
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskman.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2508
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im anvirlauncher.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2644
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im mmsrt.exe
        5⤵
        Kills process with taskkill
        
        PID:2964
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im avp.exe
        5⤵
        Kills process with taskkill
        
        PID:2280
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im MsMpRun.exe
        5⤵
        Kills process with taskkill
        
        PID:2720
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im adwcleaner.exe
        5⤵
        Kills process with taskkill
        
        PID:1964
    - - C:\Windows\system32\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:3028
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c ping -n 3 127.0.0.1 & copy /Y "C:\Users\Admin\AppData\Local\Temp\XWorm.exe" "C:\Users\Admin\Downloads\XWorm 3.0 (1)\XWorm V3.0.exe" >> NUL
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:320
- - C:\Windows\SysWOW64\PING.EXE
    ping -n 3 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:1824

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\GUBootService.exe

Filesize
115KB

MD5
676b35482c7a682eb5dd8f421ac74306

SHA1
4220aaf52f88c07e0c5c113f91e756832bd1c281

SHA256
7335ee04321aaaf56e994a9d385d9eadcd3c37a57362d087052d63c169494cef

SHA512
85c2d6ae7aa5b2641d591586a95d8e8e5ba7b49245ef1055f1ce1a9948e295d80b174f8052bebb8c57edf099d982b5618b0fd4dd5d2943bd5e2567e3feadc4b1

Download Submit
C:\ProgramData\WDSet.vbs

Filesize
1KB

MD5
3183ab3e54079f5094f0438ad5d460f6

SHA1
850eacdf078b851378fee9b83a895a247f3ff1ed

SHA256
16da599511714cce9fd5888b1cc06bdb44857fc9147f9a2b5eed422d9ae40415

SHA512
31e996ae9eaf26a7292a6c3c0d7a4284228dec13d082a82f0b5f8825cd265a249e266b5a99c755f41dfd370ce8a179ad29780311c1f49f89dc80f5e4a99ce31e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
515712ce84228f7308ce2b10c64c1eb5

SHA1
93f0cd800e7e5c74d9de433f01e0b6e35c867400

SHA256
984f09601d96d610bbba59f0e13e63dc83f6a76c3a2e971ed526f45c313d8217

SHA512
ea7b9102c04fbb716166f757ee7c6d9b1b37d0eb19967b1f7f10805f622f5fa149b5fdaeb6bc1523ec8089048bfc6636597949a8f3c48c8a96c3f79b2d91caf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fce7ecc26cdb1240feaf69b50e4346c1

SHA1
4cd7849bedee492b9a76e1045ff84b587f8b8fb8

SHA256
cf92f09a13e152c69dcc72cc17b14b7a451b41daf305df60fbabac9dee7753e7

SHA512
49d137d79e2162bb0cfc533ca48fe40b54271b6815e4a86e757e64fb75ceb01086b4e6f1f56f700fc393ce4906f313a7168c0584f2a4fdfbf62443659e9bd62b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6b0ed1e98e5b0962e7dc0d50eeb14f0

SHA1
54f2f1d6e2411628abee5db66431bc17de805825

SHA256
cae46fb08281d593da33bb2d4b68e86f2a71c9622f63246674c93ac622dba674

SHA512
e371a16f9d342febb81538fce518f0478094c07c3c23048b6c3be7fdb3d98b0f8863174715653cdccf3e8d6be3cb8196e48dbea1335a7807dc0a6418b12f7580

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffcf90070c9bda5cab8371ef8d35b39f

SHA1
0dca761b9c8391192d52f44e31542c87b2cd256b

SHA256
bf733af4a8d17863d98827fa2906e9d1eea1be7615bdb6ab5362ea76263f9b57

SHA512
85bf40021a9258f0f3753d641f5d0e5502d5d8e4e43f2c3e7841bd0d0f1743216161b1e747879ba4ff9bb00d3983a0b1cfd3278b3d74c749650492b45a69da17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8a8c8acbd04691bd9e083b3c542e9b3

SHA1
fb098fe0067d5f6a2eaf0bb0761930efee9ea074

SHA256
589181bb7d89b94473a61510f58d1822ed57495e306386539d2ea349371d8444

SHA512
5400d199c3250a1dbde9ac8d29daa84d8f6cd363d7e2d367d67e8de197caae3d34547ca5b4a0bdc7856472b820d4e272fdbff451a410107f92b14bf6b4fdf4c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10338791dfaf18c5f30c69c1079d42b3

SHA1
0e43349b325b732fccc126ad19a2b23c85f711fb

SHA256
d7383f63f37ee77c265c8dc70cb82f27e73ed9ec4251d3829e1cbbda348f36d3

SHA512
b3a45833c6ce501094306df77a87d1d30e91b8fef9195bf21aaddb2f6b1bb248126cdb9d2426439b2bc81c4ce4c1275da8a55b5e3b9ee83e2fd50bca53553974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa97133efe1bba22e066f5c6c5803068

SHA1
1984c40658f0bb1ee8ebd20824d9b594c634e78e

SHA256
e24fb97a3c0cc373b4b2033d590fe36a4b9a78e099516df29cd119c3fecd2692

SHA512
7942c102c418b8d6a0ddbfd13176fe29687f75c2d40b95b9543fda50beb7aa3757e4c72b2c75e68e2857c33063ba75dc67a883250839a6c644376b2cee760da4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3675e926fcc0da66bf4cd82d85c56ff

SHA1
8ea552b524e98722dcfb4a46333e3e1a78022f8e

SHA256
3a13ba56262d16246d867f15a728990e41705a429e323b293ec547c039d423d7

SHA512
d3f332f34207c5a65c40be5cc4c459fc54cf229600bdb2557000e4f7c9f1ca56c28b5eb1eff69f7947c754eb2a6be6a57db0753608df9a8e4c8036862713fcae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee211cc8e9b22d6012f9d778a50114a5

SHA1
b2e0666894d2f78b8902c769381b1c82d0daed69

SHA256
21d72d3ab0071eb2e53cc2d85423d44bffa65809596c644c6b0d873e66732ab6

SHA512
c6723d9c24360713bc1a77ffb66904f115d26280103842d9f335d7868e513e0476193063a9a2a9252b456809e7a9ca9794b1794a7c536beeea08d916a9b1c9c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
178145eb6154fe43cbe76fbddabe173f

SHA1
0f82015c6ee5851e4b24215a96492b9d40bfb84c

SHA256
3365424baa26d3a848dea374b0557bbf93618f47dafa72cbe2e159ab7b1c0819

SHA512
42c8d654baa593f2e6a619927d335f19b298b4655cd5adc9b303b52b651d148ce8f25711e46dd1138b9c2971f64ce9a8d04212b170dad5f8fe597169cbf5d2aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4a867e96fa42434fa59f4e15b2d6769

SHA1
23673958f6e71ff26c998228100f7de027f1c618

SHA256
e1dd0667623cac12a565911130c79dc99fd300d04faac71e9f6278985099f715

SHA512
887a4c3eca43c1da3397915be9ece2ff90bda5ac71c45f28be41e6f430f482dfdcf253e476b57506936653f994519e5adc83d1425ebe0faaf84e39d56efbf713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
f843e1bbf9c794a1089772c2dcbc0185

SHA1
5f8c97b8949cea159e46eaee4cd22b3a2b6a8086

SHA256
10ee8fa5a881f5bb71f9ea63e078cce65a322f16227765b47015391b0f4ba41b

SHA512
1fb5b7ceb557404e0a8af6426c0db932093ae3ac94fdb64a827068926b4147d870cedb27a629557b5705eaaf7915862abafe0d6506394674c06c4536a78237c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
1cfe50d09c75b314968f25fb3aeb83d9

SHA1
27a05b38a48f8b29aeed7d400e930c8db47aa9cb

SHA256
0295140364d9a272b742cfe4e4bd67fdd99df83b5966d589e571ea2876e50a98

SHA512
e07ca9b26f643715c9f27e38aca98d21f4628e8eab784475f29e5d5c51056d7fba3c8231b2a747a50fa258c6822be77dda74b7dac4912859da92fff8df779000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jpkegi3\imagestore.dat

Filesize
5KB

MD5
81bf66857c9781e8e82950c32f01d479

SHA1
0678526d2926b14725ca946422b60667470db564

SHA256
6c8d1119821abe809a22559efc1952a118f58e2538b5432bcd87fca0302b1d5d

SHA512
01d8bf578cc6ebe06aec45bcd26d18acee8d653808f7f25bbb4659a84429f77002f6d131c234ed3cf5d0e7327414cddc609961e8abc7df5ba4b264ed0e0b635f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\app_assets_modules_github_behaviors_keyboard-shortcuts-helper_ts-app_assets_modules_github_be-f5afdb-3f05df4c282b[1].js

Filesize
14KB

MD5
9200feadadbbca8309d5977b36e8ea6c

SHA1
5c1f182157d97fdc3c765f93d4e5d1ddc8d091a3

SHA256
c2703d901b7c6cba74a1e0e7179941d5aca8748c25ae79479a48f562d02e77a3

SHA512
3f05df4c282b95264abf3cef77b0dbf2bc00cfd3bd2af67073107f6d929a29c8015f6404da03b32fcb9b9ec70809a6b4f3b9e3107abf5f19f173c57a36d331d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\app_assets_modules_github_blob-anchor_ts-app_assets_modules_github_code-editor_ts-app_assets_-8128e1-65aa849c94d7[1].js

Filesize
10KB

MD5
6fa8e83f250dc77a6af788f589b0135f

SHA1
edb359c0ea8d889b3aa364b517de0a68c5ba6bbb

SHA256
d2117638196370f8d30f111e2a98854dcfd5f179b3705353fec65b6dd55747d3

SHA512
65aa849c94d72457c6638a5b4654c685bcfc0e77b6958d9aa6ab306ab8ded99142818243ca7fe5c1432d2c17ba61ecdbf659067bda0bada87f4960fa2c735171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\app_assets_modules_github_sticky-scroll-into-view_ts-1d145b63ed56[1].js

Filesize
9KB

MD5
9c15e69f34d72ab01a25575780a3dc9d

SHA1
4834bff994ded22703fbce6e1f04d5a13838354e

SHA256
a382c7be63e4761274ff6e21ef7e9596aa0eb700573a0ead42aea76c36e3e47b

SHA512
1d145b63ed56c1ca14a1cb8d7264bc56a9e0c3a7d11ce67b5b1954b034a9ab4c29d74f72ddf860600dfddbf1b73d38caaccecd5bc51dd4fde166f79d426aa086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\app_assets_modules_github_updatable-content_ts-dadb69f79923[1].js

Filesize
8KB

MD5
ea38f9963d35351c101d238af3a3cf73

SHA1
9ab43d46fd1b2774ab8b1bd7d51b55a6a2a49c84

SHA256
8158702cd486d1cfaf584b4784649207f4c668e27d37c2c3c38fc70d0e30b24d

SHA512
dadb69f7992377066b58045ae7182c82eaf7d8c3233571020172bf70e11589447098c1766954df0c736df3def39f1e3f6f34e6153ad571eaf0f71e06477d29b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\code-536dffbfff5a[1].css

Filesize
20KB

MD5
71c3425f7583dcadfc784957b7982d36

SHA1
03f42e7d26388b2ac82a9fea8207b205dcba6fd4

SHA256
4a71fca66e6845f591452fbab1e55b47d3cc3422669338e19260fd3fccf8500e

SHA512
536dffbfff5ac20768b289a7fb7e33fa91e2ce9264af3b5e3ec1043520b5e5ef4fccd2591bebfe37562104727ca3a749240aa62ffed3ce90ef61e9a29e586d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\code-menu-da1cefc25b0a[1].js

Filesize
13KB

MD5
f6d880c309509987d43bc91637e519db

SHA1
504b065305834069a6b3c7acc07a726738bcf8c2

SHA256
e843b6d6cf094b7ce98cbb4bac745ca475a06f33b37285fcab29dec9aad82c5f

SHA512
da1cefc25b0a815ebe4d17fb811eec30b5f6b62418febafd443d374c8e889e5744526c7aa1cc04923b1209d7a255178134ead1c7c1ca0c480964fa55ec2a319a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\environment-de3997b81651[1].js

Filesize
5KB

MD5
1b85079a9ba25d7ccfa2e6551f1f23da

SHA1
95807b2db9ddb55f1c2d063de80a21126396a938

SHA256
5ae5c1c250b930691353ec3310295d1ea8128ba6b1dd69a8bd0ac08aa3283aa5

SHA512
de3997b816515df468e65014eb9230e603f485f9bebbb1e8f9e28437bb64e15c62e2377b462605099c1f5778324da56f8712ae8419f27628188332283b9644a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\primer-primitives-fb1d51d1ef66[1].css

Filesize
7KB

MD5
75b4206d843040a7d81ac8639211cc5c

SHA1
2fcc5d28e05f27e822f4c79cd2ebcb3c55c93850

SHA256
ae074dc2c85a9557c8b646ffc5afb608a552b57066eecb791fe8f17f5fdfc1d8

SHA512
fb1d51d1ef660b84870b0a4970a8772dba4127aca9ab9fbaa29c734a83de07bd8a44b84b6bb22ed6b9b03ebe7a105bb9072a31a01fef987a6a64edc3b894ec32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\ui_packages_failbot_failbot_ts-e38c93eab86e[1].js

Filesize
9KB

MD5
a290de737f98b928791420949ae972ae

SHA1
11edff4fef75d57bf6de49c03b83169c89efb951

SHA256
948fbb66794a958cdab7396280920287c12e37f7932acb40395d6a3e5d93b4d3

SHA512
e38c93eab86e95dc38b684ebbfb12a98a4c16dd440321a707941f37794404d418517e47862933a335d2bee4cb8e6769cb4e0f160896bf880b20ec83deb009ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-ae93d3fba59c[1].js

Filesize
12KB

MD5
e81d89b97d24210d1fed01b8c7527dff

SHA1
e9aeee63975aa26e1c18fb15e703fadef1044af3

SHA256
b3dd2be29f2c480a351a18ffbe7d3fb4b7f3c7636cddf273bcaaa4d355d479ef

SHA512
ae93d3fba59ca967f3bb0b0e6bc1867b903c647d389231e92e559eca742b7d9f5b1f1c9b79b682611ce40ef8fdb327c76b47646f4d4ae97ddbe531e5008c46a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\wp-runtime-377d421cc9f7[1].js

Filesize
30KB

MD5
bb3a62239043356fd1cabd2fd2a49074

SHA1
2589a58e6cc1df0795343f0b274af49d6e5960ec

SHA256
ad151ef7e45f6c4fdc7c289084349671412838295e7784fc1a7179770b0dbae6

SHA512
377d421cc9f70e301ee6cbc7cafbc175b8cd08f6df35e9e7c8fc90e07ae205d92edf38d0b5d2c0b75ad0bb009233c4e9f5d51017921c75a356a9a6ae27046799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\XWorm%203.0[2].zip

Filesize
8.5MB

MD5
0c1af23cbbfd4b1b215084eb2f6ef7fe

SHA1
4952d40801b329c0f30c24bd34517d49cbd5fb9e

SHA256
c79822197ba99b0f1d49c06ace4c838c6cb3592208aaf1535414641b4eaadf40

SHA512
dac4189cea1240e0d94319972bbb8905886b5e4ce514e4fd031fd542fe447fb541459da9c0e02084de9f7821569a72e3d1e714de7e1b4561604d2810e9bca4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\element-registry-8f404beaf269[1].js

Filesize
42KB

MD5
915ee717e9506ef114bd1d709cb860f3

SHA1
a11794fddc840bb0423020a234fdb9a3d49070a5

SHA256
872aa06880858faa7be7fd39bf5605fcc22db7875fd0ac94a0e0910246780237

SHA512
8f404beaf26991f0c7d635749ca2b5b602bbf8262d9ac5a51c4c0adfddb75cebd23a69fcf20da810c5aa29edadc8a5db672d4775b2c2adb35c423b8416857272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\github-elements-7b037525f59f[1].js

Filesize
34KB

MD5
b3c79d1c7d78847525e892155aaa621d

SHA1
0ebfbdb20b1d6db4c26e7b5c9d2e0ceb49a99329

SHA256
9b879ab92de15af68ceebe678fb4d317bcbb7a4265ac816b9ef23bcbaafff3a1

SHA512
7b037525f59f825114685b4567efc2a4ee22659bd18560a512d2b7bf88a0d485eca485c1ca56e41d3d8631f0fe2622810bb75a692283caea2825b24cc48ae0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\light-0946cdc16f15[1].css

Filesize
53KB

MD5
5235e806bcb88fed6c8c8cfb53348708

SHA1
ab71dbe80857d73ce2ca21a45ab4a216ab1cbce1

SHA256
89233262726664b22e2d2e8a742b89d7439d526394f7413b30a92f304a04775f

SHA512
0946cdc16f1502b0f9aad2daf13882a63691a93f7f9a6afb537da241ef6db703e1173a6591975026f826792a4ddbe79c07b863e2a6a41ec6e7894ef1fa920e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\notifications-global-4dc6f295cc92[1].js

Filesize
11KB

MD5
f9900e70cb1dcc8a67f9f446e5d718ae

SHA1
f7be42badef3fd51ae90deefbc913e74e81e705c

SHA256
3611cb16979f594f606f41f6537a27e431a29d8a883fc1b18cb309b3f5890e7a

SHA512
4dc6f295cc92706460d7f2f96dccbaf776474d47a47889ab69fb549011d0f76cffa0ec1c8f556f8a52dcefe755a4d7d4bc4473a47c710b27223ddced094ec160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\optimizely-1c55a525615e[1].js

Filesize
5KB

MD5
43b9692c8d52a401e01df297c8909f7e

SHA1
4e220e483ed578f5b584924376696b43182daf97

SHA256
1f023599685c7033bdc7c2177a0bae5511efb5ad603232f754abe14f6fd45c16

SHA512
1c55a525615eb64db055405b6d0842bc836850669059ac62779f7615ca61a5a82e0d2a96a5936938fb9e9d652431f4d6c73d8a47c404ca2a9e11ad524dcdf4da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\sessions-2638decb9ee5[1].js

Filesize
10KB

MD5
bc5d5fea43b7e9661b50456a77478335

SHA1
6b8f6d93bfd302cd5ada9b40279205eb12556cdf

SHA256
a02d02064dbc21e677ef0474aa7e111cb55abf165febcdcbfe62d32056be29a4

SHA512
2638decb9ee5cef55a1829e394cfb0d0fff00835713ef1198e08468bbd6d0de25ffe8b78c3261d466cacdc245703118e78c098cd2e2598222e4560aba94cd2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_alive-client_dist-bf5aa2-424aa982deef[1].js

Filesize
13KB

MD5
fa2bd9163204e6ced0bf13f169206c40

SHA1
ea2d13287aef46af1ad0f04b04eada4e8a8966af

SHA256
0c2a6aa4860bd3d3a135d59418bf4e7a00173c3e974842ae436a0a2fbe3da624

SHA512
424aa982deef4fc0969c58c54d1dfcf1b589d6c9da95575e4b5f88ffb03a8457954a19c03b00afbb5f4fa0d64a6d7b7361c0a4737c1d21490d2767eea227e0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_memoize_dist_esm_in-687f35-d131f0b6de8e[1].js

Filesize
9KB

MD5
07545d79324e61d14de7d47e9ca6b03e

SHA1
b73039cdd8e424960b0a8dc973788116bbcb11df

SHA256
ce89ceb01d12fa63f5a5edd4ce856335c85eaa59dcabe3cf38d90f6c0040fae3

SHA512
d131f0b6de8eb9ad4a24a9a4857d9b1eeb4a5004932a3b04ab9c6422a829f101c1b5089a0718a751103388d9eed36f52b9be218403da685e2611ad151432e6bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-ba0e4d5b3207[1].js

Filesize
76KB

MD5
80de3fe499fabcd32f3eb5a1c8a080b9

SHA1
45c7a787dd927214b847550fcd44f37261413256

SHA256
0f0b5c21ea9467b911d1377fdff0272addf7fccc7a588f2f30ec6f07ffbdcb6f

SHA512
ba0e4d5b320783d52465d15d4a36113a8e10261eefc707314d7e6f211ebb57930b7cbf2568017febe5e47cb43749552e6992fcd652aec702110a330364e08506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\vendors-node_modules_lit-html_lit-html_js-9d9fe1859ce5[1].js

Filesize
15KB

MD5
29b126d180066f2cd72287a725af3dce

SHA1
da1a0918b337b6bcda086580271306fbb2d41ea0

SHA256
9417afb32e38d089ae0e18debddaec99629f25af815081ebf426a48066ef3438

SHA512
9d9fe1859ce5c02054af70a2435b2b137398d7f41f2b71cc138333f706bf3c175eccc001e8ba717e80508a10590fd40c91468a9ee60839cf2cf5464c2601deec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\vendors-node_modules_optimizely_optimizely-sdk_dist_optimizely_browser_es_min_js-node_modules-089adc-2328ba323205[1].js

Filesize
104KB

MD5
9677b4415be57695d23cf01aff7514b3

SHA1
1352108c7e38b20693b7d9b0495d01168862507f

SHA256
4992f0543a0d909d6e48123c5c1499bf476e4cae4c1398712707857b50aee18f

SHA512
2328ba3232052ba1f75d4e89607bf6b030cc3889e6dc640a8a7b5005279be25ef1d00fd72c13227385ff8143852f57f7a2063ea6891c80cb3b033ca8c0ebd21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN2GDFP2\vendors-node_modules_primer_view-components_app_components_primer_primer_js-node_modules_gith-3af896-ba2b2ef33e4b[1].js

Filesize
84KB

MD5
9f6934b9c53914b8e803a98b9f54a977

SHA1
642c23d569dd5887a91b68496b59d7a477237b20

SHA256
2ea7d3bcbbd9b0962eaf9f2d659c354fec1fa37ad7936d7dafa52227a8389c06

SHA512
ba2b2ef33e4b1dadf6a47fe50cd0cd6a3c19d605e4db7218460d6a97ed3ef4126a4f04399245c9647dab58bc0aeffaba5a905f9caf4a0fc5b8230b23d91da730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\app_assets_modules_github_ref-selector_ts-8f8b76ecd8d3[1].js

Filesize
9KB

MD5
019ef7d910ab3ad87d523c379439ab31

SHA1
dd97c99ddd637832502230c904f6fe4e4cacf4d8

SHA256
9e6a2cf46f911f800edc46a13a14dbc4d867283c2f036942fd76d13c5c3f4be4

SHA512
8f8b76ecd8d340cc9d4a3a09ef686e0eb0c00549fd15d50199a20412f479f22026dd00dcb70367cc98e249734ce25d03cbb0b585a5156f439c91c29cda78e647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\dark-3946c959759a[1].css

Filesize
53KB

MD5
2820c4c7c0513590c53d244c42fb6fe3

SHA1
e7512521010a3afcf5ca395457473e7963a23ed9

SHA256
c2982a111fe3270b0feec1917715b73a1ad11e04a918c3748a129fbedff88370

SHA512
3946c959759a620244e1e09847f1baaeb2e1aad20b8e0b84ca7652fa14a130d5b94af4047a1db76afa5abacc01bba4d87789d44f959e08f8524b864eb66f925f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\global-0d04dfcdc794[1].css

Filesize
254KB

MD5
2a5effbfaaf296ce901ce3f997149e08

SHA1
d3c9b0558d7933df3e1774236bf284bc947a5fa1

SHA256
b096c40efca7e00885cb78e1caeb4c31e4db9100662228f60c045b9f4b19e624

SHA512
0d04dfcdc79457770a9457282a9ce54184bd35a9aa8d17643564af15ee8dcaad5a453b744811dd53a4a6443ada50b0c7194f90e786c91cf0c7aa4184076045d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\primer-57c312e484b2[1].css

Filesize
316KB

MD5
6264dea995132348f8fbb0bd13604965

SHA1
2c24963a29a8cc2f3fad3c6eb9d664cce9042557

SHA256
edcdf2798ea3d2f53bfd6d72a2839abed123a02848646fac24a54fe6f9af97e0

SHA512
57c312e484b2b1cdf5429cb4f8faffb3a9f1c9a0a7ce91b302dd2235789d744c07c596c9a0c3125ff7a4fe8aee66f42c15f3be37c862b4a8ccb533520244a9f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\repositories-0355d3fe50ee[1].js

Filesize
64KB

MD5
92bc7cc04b72eabdc5d8dadea976a93a

SHA1
efa2b79ebd856edb93184d6548e57988f922ffa6

SHA256
87e182a2a527e7a4c994342d8c40d843a489096bc1fdc5282d42d4f24b39ff94

SHA512
0355d3fe50ee70f466793c0206964c89a67a6bc19a19d05a56577b50adffafb9f08b45c9857880ffc441dcf93de03825ed101ae69170d812bf76ec534bf0b2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\vendors-node_modules_color-convert_index_js-node_modules_github_jtml_lib_index_js-40bf234a19dc[1].js

Filesize
20KB

MD5
335c0961babd1c1c0d898b5717f961ae

SHA1
104c5caf6c79e0a658ea309651ae75d734be92c9

SHA256
981215a3a3c0857405f95bab20d9e8d1eae8a0e757f787c62824bab1330a8cb8

SHA512
40bf234a19dc5a70430eb6893527d5320d850d63bac10e3789ac6ddaaf6bf1682a0ed81f2224bb1ea2154f9ddfe9afd929a1611078ae3b3f43fafe7d584221da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_filter--b2311f-939ba5085db0[1].js

Filesize
20KB

MD5
d376df628c3e73f17c199bae0ce3e013

SHA1
f42e6dc94b32c915d016a12f1c4c996cc886d727

SHA256
ffd4a453e1ee356f34cd69f1768975c20811b3e396303049dcbb490dfc7cac4f

SHA512
939ba5085db0b7179d736c8af4d8338d93e8685f89a7dac485981aee344b9225eb90182c6f8b7cc60fd9965d9492ba04efba9c4fc2b92614b9988c7f275b5540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_github_remote-form_-e3de2b-93bbe15e6e78[1].js

Filesize
18KB

MD5
4388686fd42387c0a5bc31216254aeaf

SHA1
d99abdf9750fef9d0c5f6e0a69f19f1dfd506a13

SHA256
067665a80bebd1b7bbe2e968780f61b3e9b203be4c492e4edc7d6b5b61854a4d

SHA512
93bbe15e6e78491753a96ccdd0a1e8500657f17798485b4c6ae4ed1d9feaf8955019420d1843e2dc9189f60ab1d7a7bb4db56858d8bd500ec27b8818c0968ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\vendors-node_modules_github_paste-markdown_dist_index_esm_js-node_modules_github_quote-select-743f1d-1b20d530fbf0[1].js

Filesize
36KB

MD5
005512a59c929cfe6857ae4aa5b4a445

SHA1
a4fc118a8e3ec2924ff18a65eb6af04c43b6c37d

SHA256
c17f95538fcdd61055b46582d0f102c66342fbfa173f6de5a53f26a1ed49f7b2

SHA512
1b20d530fbf0cdfb7bb55d3e9b89979216267176559260c36357842ddf30b866a249d7406c86d881dfa57b4f43c9a21cd05a2457005fa68956e19c14557a2c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\vendors-node_modules_github_remote-form_dist_index_js-node_modules_scroll-anchoring_dist_scro-52dc4b-e1e33bfc0b7e[1].js

Filesize
12KB

MD5
6ed77e8843f620ad455509ea7f15e2f1

SHA1
6ca0ef769ba65722f22abb77936e917fe66136f2

SHA256
270e861a9bb0e815d2b57ab3fd881132b05eb9a39d1e9269f12529b03aa168b3

SHA512
e1e33bfc0b7ef7040dac38396663113672f27ae9c49e9517a18238dd67012d693ffc8e1b562487ed87dcc9ac91286cfe9bc2778e2b3eed044cb7dd0c6952622a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-c3e624db1d89[1].js

Filesize
16KB

MD5
e64f83d1a9f51f9c14c9ab8f3a50f8fb

SHA1
16e820a27942595273eded6a23ccfb20e47d5472

SHA256
4fde779475a942b75da84597dcf9650ae9eec74aa4718123b7b1d804267883dd

SHA512
c3e624db1d89f8a4598209f6e86f431371354696485067d4c97978b5d8258342e8d3c4079d89b7d1721e782f6749eadfcf4398d635507c8202f34c8e9540d5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-2e2258-dae7d38e0248[1].js

Filesize
12KB

MD5
2ea4751c021cf86092225f87a5cc7ca2

SHA1
3c3a818ccfb35a1cfa7b8c7793699aa9ab8a9d72

SHA256
9d4c3a8ff89e9acd1218edd29506299cd6522610df7b06442704ccc318b24c2f

SHA512
dae7d38e02483d4244dda02aa05e081ef94d31f30c8bba7f9581d5541abee149b092d5e216009ac4457fc28336a89373bc78e94a6ab513da516b15289c982653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-c97eacdef68a[1].js

Filesize
11KB

MD5
877af1a0f83cc799c024e324dde1c078

SHA1
e07d194bcdf77c01c0bb78903732babf0acc99f7

SHA256
85edcfe9717ca67aba8f94c45da5071c5bcf600b1431e5daec667d9463474877

SHA512
c97eacdef68aba2c690f85c669524ac13ef83c6c54cd3afe654d0c74f400887226a84be09da958c50a0581f9270aa5ed52b476c336c08d392cd67e4a53c513ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\behaviors-d1b433c1b6c2[1].js

Filesize
213KB

MD5
d5a97f9fbcda09e1358bedfc8edd5822

SHA1
318def7e9d0a226267228d6c7217175b68b63a4a

SHA256
33c095d35817ab0d22d02d28a735f032edf796c8f7a5e3c565ee37c797acb334

SHA512
d1b433c1b6c2c6f8aceaf563f755c602e4c10dac2ef773d02b06c7b5906c68ce5dccc142406c39dc72ac34151bed6c6a62191287489bb34c64ab5747f9593720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\favicon[1].png

Filesize
958B

MD5
346e09471362f2907510a31812129cd2

SHA1
323b99430dd424604ae57a19a91f25376e209759

SHA256
74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

SHA512
a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\github-c7a3a0ac71d4[1].css

Filesize
171KB

MD5
2eb35e9de28f967c32f4e8d8d9478db8

SHA1
b8c8ca1d54d2e33b13a2a8055c09d5a679bd4128

SHA256
980bb59f1d582b3955af0a6189ee08c3c345b699f91e6e7f55e92b0a317771e0

SHA512
c7a3a0ac71d460e702edf86b508c4509bb12543d39d19692f21e0c4ad5ad603b4523d2f46edd1c1ea3fc22b0793f78c3db53e770399d953a18f08a6176e089c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_auto-complete-element-5b3870-ff38694180c6[1].js

Filesize
26KB

MD5
aed57c5b19c71c3a620a8aa2abf9a69e

SHA1
e30ccdbeb880c3b8fc82cae3d1293354226f3c59

SHA256
a7c516e60d317d33dfa33e6f1ad396b0bdc096b9e2081572ee35be0fa7fb99bc

SHA512
ff38694180c6b07c0efffc27aae6ef9b02852a15b6ec0f6b92b4bc92ec5db0bb6ef46f8d3ef15910fc9bc64dc96af4415c8d2ed44499d0b39b64cffc9487d559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-623425af41e1[1].js

Filesize
11KB

MD5
342a8882b7df201b3b1612ba41ac63e8

SHA1
f57b133d85bee8d94a041d0f5e0a1fb44e131496

SHA256
779f91df7aedd2267003709efc2dd3fc01abcaf461ac3f8b6ebbaed38fe9cbee

SHA512
623425af41e17a40a879a496612cb521e78721a79a014daa62c637c8c9bf99d52f70b69a5a82b853a6468e9579ab4cd21bc71d4d74a5b1648a6966e570bbb137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\vendors-node_modules_fzy_js_index_js-node_modules_github_markdown-toolbar-element_dist_index_js-e3de700a4c9d[1].js

Filesize
13KB

MD5
186933c0117b94c9b8aade71f6f310c0

SHA1
ae67ade0e920b536137b6e98bb5e9e6c34b96925

SHA256
1465e7c16987bcaf9bb6209172d23d157cba309e9c8b2e4751b77ce4feb1b14f

SHA512
e3de700a4c9d4e1a490d2daa45c518f837ba0f6e065274231627b3911c43faf07e365ba42dc6d110627987662366ea1cdebc9ed4f5a8b88a04b64a7980c7b5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_text-ex-3415a8-7ecc10fb88d0[1].js

Filesize
11KB

MD5
bb1800636a88e2cf90f48ea181a1c3e9

SHA1
486238b0e8fbb84b4f92e462ba7f337f8c6c091d

SHA256
7bfa93a6b92eb9a2f1668a9b16ea5e1f7f2591d3664351788a48107ec879bf84

SHA512
7ecc10fb88d0dc86ce7d35b7a2be7b44f51904fbb1908b53c9afdf0d6d1fe9760753f6cf8f9ca1897bd537552d3f8238c68e9b993a167cc52f43b5f7a58b37e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-8873b7-5771678648e0[1].js

Filesize
11KB

MD5
cc3b9d72861037e13bd0d0be98ef5ace

SHA1
ee4ffb8a335a106b2b784364f017e017f61d7398

SHA256
7b13afa92922980886b59316cbb313d4d4c05037979c1a49fbc99d6c4ff822ab

SHA512
5771678648e04c79885e4671ed343d33268564ca16a73d0a77dcba1dd1aee2b1ea303d6ab1b226e61f4c0bd5df6b33f28d86ba2ff72e959978e03f8f640a095e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\vendors-node_modules_github_relative-time-element_dist_index_js-99e288659d4f[1].js

Filesize
14KB

MD5
f491d4f9b68507dfdf90a5ef6d4f70f8

SHA1
dac15fb588758d0cf24eb922931dc367d9f0458b

SHA256
6f7e23dd694a3e70ef7b0a8dd6b30161168039187a16bb1f8ad56c0e385fc2f2

SHA512
99e288659d4fae2fc48756d2bc57e0bbe2add23ed9ff370f8f9643ee09585f4bcacc6688cfe6380e60dbe883f614bbe2c61cd7d52fd5109f20aa79b70df6f079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\vendors-node_modules_github_selector-observer_dist_index_esm_js-2646a2c533e3[1].js

Filesize
9KB

MD5
e5411d902c14114345232eab0b388a2e

SHA1
a079ffbceba09465e2546881d6b963d05edd3add

SHA256
3dd71977f8bc77d1d340787b166bb300047f951a16e440f75c9fe2599659a70c

SHA512
2646a2c533e30cbd3c0ef653c306fdd6052f00fb9479ea664f791ee17c4a8d8321a0337dc9f79b9a0aa0a1d68a9cc84b46bda6b2285bc16a8434712b54794f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\A1FB.tmp\A1FC.bat

Filesize
359B

MD5
a6ec538b8c3076094e1b881ba0a4b10c

SHA1
35177e63996a1125b6b95e784186e022032984fc

SHA256
0150ef454f31bc5a82d190c911adbc2d285ceb23f223f0bb6f5233430af493df

SHA512
fa549a07584806868f9d4515e889f0e41a4870a400d3035d010e3084c8db901fc2921585df5551aa399439583d9bce4065c4c283ed8fb9e0c2b36499b2ee4302

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab46A4.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4762.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\FireWallOpen.exe

Filesize
180KB

MD5
9d2e1a7c7ffe298bd5d8ad7dbde23479

SHA1
07f9f56646da1d7a1ef9c89c05732a8efa13d216

SHA256
d15393560f3366bf8e1cc8d9eca6e5bfb5a35e26d7217e4470fd121bb12d6ab7

SHA512
06fb4ace9eee44426a473a80f60e3fd0b9cd6ca1f696f39ef8486da21613bfdd5e722e8e3b03bf3c5fd726ae7009000692e4cab37c8cd71dfcf5070628a8a578

Download Submit
C:\Users\Admin\AppData\Local\Temp\FireWallOpen.exe

Filesize
180KB

MD5
9d2e1a7c7ffe298bd5d8ad7dbde23479

SHA1
07f9f56646da1d7a1ef9c89c05732a8efa13d216

SHA256
d15393560f3366bf8e1cc8d9eca6e5bfb5a35e26d7217e4470fd121bb12d6ab7

SHA512
06fb4ace9eee44426a473a80f60e3fd0b9cd6ca1f696f39ef8486da21613bfdd5e722e8e3b03bf3c5fd726ae7009000692e4cab37c8cd71dfcf5070628a8a578

Download Submit
C:\Users\Admin\AppData\Local\Temp\FireWallOpen.exe

Filesize
180KB

MD5
9d2e1a7c7ffe298bd5d8ad7dbde23479

SHA1
07f9f56646da1d7a1ef9c89c05732a8efa13d216

SHA256
d15393560f3366bf8e1cc8d9eca6e5bfb5a35e26d7217e4470fd121bb12d6ab7

SHA512
06fb4ace9eee44426a473a80f60e3fd0b9cd6ca1f696f39ef8486da21613bfdd5e722e8e3b03bf3c5fd726ae7009000692e4cab37c8cd71dfcf5070628a8a578

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar46A5.tmp

Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar47D7.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
7.0MB

MD5
76e3196ac333652949245575450ee30b

SHA1
16325f4b6ceb5b8378b91ce97611505260ce94dd

SHA256
3b1b48fad0c2c13a7253e0fad3764a2567bacc36078bbd1e6f297ff0fdf49ac2

SHA512
5e3415f224199a61ae3dd26b579ef986e7747b3b72041356ad649f60e03202c8131299aa0dd47a77899e315c8c0ddb76922c9a7c69270aa621abca6ac6205ff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
7.0MB

MD5
76e3196ac333652949245575450ee30b

SHA1
16325f4b6ceb5b8378b91ce97611505260ce94dd

SHA256
3b1b48fad0c2c13a7253e0fad3764a2567bacc36078bbd1e6f297ff0fdf49ac2

SHA512
5e3415f224199a61ae3dd26b579ef986e7747b3b72041356ad649f60e03202c8131299aa0dd47a77899e315c8c0ddb76922c9a7c69270aa621abca6ac6205ff7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk.exe

Filesize
86KB

MD5
e3060db3e3a72d93d9cd196ddc4f703c

SHA1
f5563118fd305b41c266ad518224b1714545fe34

SHA256
bb2a5b18849310f831e8db3e36e8b28759a39919a6e185b10230c85c04993c26

SHA512
8a3044da356186dd91dec4853e07da2af039ac83a0818c4584b9362cd63e00c4e6e8477d3d989d52bdcede1b533733a339289b3fe2dcb57da845dbbc21478653

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk.exe

Filesize
86KB

MD5
e3060db3e3a72d93d9cd196ddc4f703c

SHA1
f5563118fd305b41c266ad518224b1714545fe34

SHA256
bb2a5b18849310f831e8db3e36e8b28759a39919a6e185b10230c85c04993c26

SHA512
8a3044da356186dd91dec4853e07da2af039ac83a0818c4584b9362cd63e00c4e6e8477d3d989d52bdcede1b533733a339289b3fe2dcb57da845dbbc21478653

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\914D0TRX.txt

Filesize
604B

MD5
5f3e81af2e890bd3abc29ff23c047925

SHA1
05255f1dcc9d88489f7585e3dee38008fc121cee

SHA256
0cb62cd556e39229a6d9c5677b2d58522934875cd3a50ca24dc9bbd0efaa264d

SHA512
5f5605dd26d5937d6f2ea4e4c88927766315e60bb34f46607396d4025434dfe7e2a68e196e45bd8dea26624ed534e03766be7be8eb75830c895d2cd69c803f6c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
e14de850c5b292a40ea2655f53a9ebb1

SHA1
7877aade90c64852c87896eaf2f8bfa36f080cb7

SHA256
9b5b3717bd13067184168a76fd2a81c21519c4866beaa69a1e06705a1aca9ef8

SHA512
5b81acc9aca5578c148df9ea523f36e4c7183d8509dbb164604c2f3fd4d0df652dbd5cbce1104e3ab4e96df18e3e5a33dc085b6abf75237ebbff648e7366de89

Download Submit
C:\Users\Admin\Downloads\XWorm 3.0 (1).zip.djx19hp.partial

Filesize
18.4MB

MD5
88df1115e8e5088b2e9666fb539d30ca

SHA1
5aa5f563d0adfabda7a3592950c82511303d6d22

SHA256
8d69ac940c725db29fe8caac00efeab4acc1187aa666dc7ea0bf292ea4099fcb

SHA512
021e6002916fc527251f824ccd2e93fe6f6a4c926a936abf55280ae87911a6bda03fbfb03840f2e25f4899700362ebe30094c8580b68372ed93c1111fd3d43fb

Download Submit
C:\Users\Admin\Downloads\XWorm 3.0 (1)\XWorm V3.0.exe

Filesize
7.0MB

MD5
76e3196ac333652949245575450ee30b

SHA1
16325f4b6ceb5b8378b91ce97611505260ce94dd

SHA256
3b1b48fad0c2c13a7253e0fad3764a2567bacc36078bbd1e6f297ff0fdf49ac2

SHA512
5e3415f224199a61ae3dd26b579ef986e7747b3b72041356ad649f60e03202c8131299aa0dd47a77899e315c8c0ddb76922c9a7c69270aa621abca6ac6205ff7

Download Submit
C:\Users\Admin\Downloads\XWorm 3.0.zip.j7cjgb3.partial

Filesize
18.4MB

MD5
88df1115e8e5088b2e9666fb539d30ca

SHA1
5aa5f563d0adfabda7a3592950c82511303d6d22

SHA256
8d69ac940c725db29fe8caac00efeab4acc1187aa666dc7ea0bf292ea4099fcb

SHA512
021e6002916fc527251f824ccd2e93fe6f6a4c926a936abf55280ae87911a6bda03fbfb03840f2e25f4899700362ebe30094c8580b68372ed93c1111fd3d43fb

Download Submit
\Users\Admin\AppData\Local\Temp\FireWallOpen.exe

Filesize
180KB

MD5
9d2e1a7c7ffe298bd5d8ad7dbde23479

SHA1
07f9f56646da1d7a1ef9c89c05732a8efa13d216

SHA256
d15393560f3366bf8e1cc8d9eca6e5bfb5a35e26d7217e4470fd121bb12d6ab7

SHA512
06fb4ace9eee44426a473a80f60e3fd0b9cd6ca1f696f39ef8486da21613bfdd5e722e8e3b03bf3c5fd726ae7009000692e4cab37c8cd71dfcf5070628a8a578

Download Submit
\Users\Admin\AppData\Local\Temp\FireWallOpen.exe

Filesize
180KB

MD5
9d2e1a7c7ffe298bd5d8ad7dbde23479

SHA1
07f9f56646da1d7a1ef9c89c05732a8efa13d216

SHA256
d15393560f3366bf8e1cc8d9eca6e5bfb5a35e26d7217e4470fd121bb12d6ab7

SHA512
06fb4ace9eee44426a473a80f60e3fd0b9cd6ca1f696f39ef8486da21613bfdd5e722e8e3b03bf3c5fd726ae7009000692e4cab37c8cd71dfcf5070628a8a578

Download Submit
\Users\Admin\AppData\Local\Temp\XWorm.exe

Filesize
7.0MB

MD5
76e3196ac333652949245575450ee30b

SHA1
16325f4b6ceb5b8378b91ce97611505260ce94dd

SHA256
3b1b48fad0c2c13a7253e0fad3764a2567bacc36078bbd1e6f297ff0fdf49ac2

SHA512
5e3415f224199a61ae3dd26b579ef986e7747b3b72041356ad649f60e03202c8131299aa0dd47a77899e315c8c0ddb76922c9a7c69270aa621abca6ac6205ff7

Download Submit
memory/292-1028-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download
memory/292-1080-0x00000000029FB000-0x0000000002A32000-memory.dmp

Filesize
220KB

Download
memory/292-1029-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download
memory/292-1066-0x00000000029F0000-0x0000000002A70000-memory.dmp

Filesize
512KB

Download
memory/320-1065-0x00000000028E0000-0x0000000002960000-memory.dmp

Filesize
512KB

Download
memory/320-1050-0x00000000028E0000-0x0000000002960000-memory.dmp

Filesize
512KB

Download
memory/320-1087-0x00000000028EB000-0x0000000002922000-memory.dmp

Filesize
220KB

Download
memory/320-1045-0x00000000028E0000-0x0000000002960000-memory.dmp

Filesize
512KB

Download
memory/1504-971-0x00000000003E0000-0x0000000000460000-memory.dmp

Filesize
512KB

Download
memory/1504-972-0x00000000000D0000-0x0000000000100000-memory.dmp

Filesize
192KB

Download
memory/1544-1096-0x000000001B250000-0x000000001B2D0000-memory.dmp

Filesize
512KB

Download
memory/1544-1091-0x000000001B250000-0x000000001B2D0000-memory.dmp

Filesize
512KB

Download
memory/1544-990-0x0000000000130000-0x000000000014C000-memory.dmp

Filesize
112KB

Download
memory/1624-980-0x000000001B780000-0x000000001B800000-memory.dmp

Filesize
512KB

Download
memory/1624-973-0x0000000000EC0000-0x00000000015CE000-memory.dmp

Filesize
7.1MB

Download
memory/1624-974-0x000000001B780000-0x000000001B800000-memory.dmp

Filesize
512KB

Download
memory/1624-975-0x000000001ED50000-0x000000001F866000-memory.dmp

Filesize
11.1MB

Download
memory/1624-1095-0x000000001B780000-0x000000001B800000-memory.dmp

Filesize
512KB

Download
memory/1624-1094-0x000000001B780000-0x000000001B800000-memory.dmp

Filesize
512KB

Download
memory/1624-981-0x000000001B780000-0x000000001B800000-memory.dmp

Filesize
512KB

Download
memory/1624-1093-0x000000001B780000-0x000000001B800000-memory.dmp

Filesize
512KB

Download
memory/2064-1062-0x00000000023A0000-0x0000000002420000-memory.dmp

Filesize
512KB

Download
memory/2064-1078-0x00000000023AB000-0x00000000023E2000-memory.dmp

Filesize
220KB

Download
memory/2064-1022-0x0000000001D70000-0x0000000001D78000-memory.dmp

Filesize
32KB

Download
memory/2064-1051-0x00000000023A0000-0x0000000002420000-memory.dmp

Filesize
512KB

Download
memory/2064-1057-0x00000000023A0000-0x0000000002420000-memory.dmp

Filesize
512KB

Download
memory/2104-1067-0x0000000002370000-0x00000000023F0000-memory.dmp

Filesize
512KB

Download
memory/2104-1082-0x000000000237B000-0x00000000023B2000-memory.dmp

Filesize
220KB

Download
memory/2104-1060-0x0000000002370000-0x00000000023F0000-memory.dmp

Filesize
512KB

Download
memory/2104-1061-0x0000000002370000-0x00000000023F0000-memory.dmp

Filesize
512KB

Download
memory/2120-1059-0x00000000027C0000-0x0000000002840000-memory.dmp

Filesize
512KB

Download
memory/2120-1064-0x00000000027C0000-0x0000000002840000-memory.dmp

Filesize
512KB

Download
memory/2120-1058-0x00000000027C0000-0x0000000002840000-memory.dmp

Filesize
512KB

Download
memory/2120-1020-0x000000001B0A0000-0x000000001B382000-memory.dmp

Filesize
2.9MB

Download
memory/2120-1081-0x00000000027CB000-0x0000000002802000-memory.dmp

Filesize
220KB

Download
memory/2196-1063-0x0000000002490000-0x0000000002510000-memory.dmp

Filesize
512KB

Download
memory/2196-1069-0x0000000002490000-0x0000000002510000-memory.dmp

Filesize
512KB

Download
memory/2196-1086-0x000000000249B000-0x00000000024D2000-memory.dmp

Filesize
220KB

Download
memory/2232-1068-0x00000000023D0000-0x0000000002450000-memory.dmp

Filesize
512KB

Download
memory/2232-1089-0x00000000023D4000-0x00000000023D7000-memory.dmp

Filesize
12KB

Download
memory/2232-1090-0x00000000023DB000-0x0000000002412000-memory.dmp

Filesize
220KB

Download
memory/2340-1073-0x00000000024E0000-0x0000000002560000-memory.dmp

Filesize
512KB

Download
memory/2340-1074-0x00000000024E0000-0x0000000002560000-memory.dmp

Filesize
512KB

Download
memory/2340-1083-0x00000000024EB000-0x0000000002522000-memory.dmp

Filesize
220KB

Download
memory/2340-1072-0x00000000024E0000-0x0000000002560000-memory.dmp

Filesize
512KB

Download
memory/2412-1079-0x000000000266B000-0x00000000026A2000-memory.dmp

Filesize
220KB

Download
memory/2412-1071-0x0000000002660000-0x00000000026E0000-memory.dmp

Filesize
512KB

Download
memory/2412-1070-0x0000000002660000-0x00000000026E0000-memory.dmp

Filesize
512KB

Download
memory/2480-1092-0x000000000279B000-0x00000000027D2000-memory.dmp

Filesize
220KB

Download
memory/2480-1088-0x0000000002794000-0x0000000002797000-memory.dmp

Filesize
12KB

Download
memory/2492-1085-0x000000000270B000-0x0000000002742000-memory.dmp

Filesize
220KB

Download
memory/2492-1075-0x0000000002700000-0x0000000002780000-memory.dmp

Filesize
512KB

Download
memory/2492-1076-0x0000000002700000-0x0000000002780000-memory.dmp

Filesize
512KB

Download
memory/2492-1077-0x0000000002700000-0x0000000002780000-memory.dmp

Filesize
512KB

Download