Analysis Overview
SHA256
2bde6abe0353f7dc8fd5ab1e51ced130127a44464ea6ecf700bfb5d7cb24a472
Threat Level: Known bad
The file GetIDs.exe was found to be: Known bad.
Malicious Activity Summary
AgentTesla
AgentTesla payload
.NET Reactor proctector
Executes dropped EXE
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-16 11:01
Signatures
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-16 11:01
Reported
2024-03-16 11:06
Platform
win11-20240221-en
Max time kernel
295s
Max time network
299s
Command Line
Signatures
AgentTesla
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1637591879-962683004-3585269084-1000\{8AB0E188-0285-4738-AC26-2EC1C0109DD6} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\GetIDs.exe
"C:\Users\Admin\AppData\Local\Temp\GetIDs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa220d3cb8,0x7ffa220d3cc8,0x7ffa220d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\" -spe -an -ai#7zMap31880:110:7zEvent29938
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe
"C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa220d3cb8,0x7ffa220d3cc8,0x7ffa220d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa220d3cb8,0x7ffa220d3cc8,0x7ffa220d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3440 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa220d3cb8,0x7ffa220d3cc8,0x7ffa220d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa220d3cb8,0x7ffa220d3cc8,0x7ffa220d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,783565650158511294,12690755333920355455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.177:443 | th.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.177:443 | th.bing.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| LU | 89.44.168.79:443 | gfs270n369.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.79:443 | gfs270n369.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.79:443 | gfs270n369.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.79:443 | gfs270n369.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.79:443 | gfs270n369.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.79:443 | gfs270n369.userstorage.mega.co.nz | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
Files
memory/4880-0-0x00007FFA21BF0000-0x00007FFA220EE000-memory.dmp
memory/4880-1-0x0000000000400000-0x0000000000480000-memory.dmp
memory/4880-3-0x00007FFA21BF0000-0x00007FFA220EE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 656bb397c72d15efa159441f116440a6 |
| SHA1 | 5b57747d6fdd99160af6d3e580114dbbd351921f |
| SHA256 | 770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab |
| SHA512 | 5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c |
\??\pipe\LOCAL\crashpad_4844_FJXUDWAUSRKTORLV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d459a8c16562fb3f4b1d7cadaca620aa |
| SHA1 | 7810bf83e8c362e0c69298e8c16964ed48a90d3a |
| SHA256 | fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a |
| SHA512 | 35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5bab9ad4b8dc55d11a5fd17fb8cb2569 |
| SHA1 | 2068cadd351d109237192e6d05f5b39f0e075daf |
| SHA256 | ab20fdca28d1cd3042ae45d379e6935a40e3fe3ebb10a74811266f5892f261fa |
| SHA512 | ad82aa8e71be8def0629793ec22494c8588c8b1bbec0d7bfca3960196ccadf0dfc4d488095d7b2cc99b343a13286b344baf48dca8e41c409b440bf66537b1db4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | efae5828e4a716592c441fcdb9054bbf |
| SHA1 | b979fe5cf267bb98b9c70421845190b2b0a3f118 |
| SHA256 | 8dc2dd1b002944855518302585a6d8a6ed9e3f0c4caea5efd37ee6aeb5135da0 |
| SHA512 | 2cc7c0ca229836eebe8cb29bb3602e2828c7c4cd4ff2d81dcad78196633c1e6c800724dc03764de2d791b307d9486e143b45d648b8a8ac7632fd8e9c6c123953 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 662913014683a491831978474f362300 |
| SHA1 | 2bfdc485fa46a23c46454d265c34a73d2b6895c2 |
| SHA256 | 4b3c619165e4e4d76cc658463579da960638050c68535211eae5af3e2f865ec8 |
| SHA512 | ff393d288284739ab6b36356cf370bd4ae99e0feb26227fccf185a634130c153c60dcc21f02972290d47f16d07d058c2e5d97a18946be321684b7f18a4c8344a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3fa2b4294fd37d5609d5988cce22f593 |
| SHA1 | aa1f5a2450cd2b348d86df15ed6395c2a9f933c5 |
| SHA256 | 61e9500fec80d6619ef4d89295f08ff02148701820d4884056ebda8040448642 |
| SHA512 | 111a133f4fb0d997f533c976339a1d76d8116874c276e27ddd273f052c8119558f7b27201a090c39a5f1eb709c40c10d825d5a0824c198d24e9d0cfe5512412d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7a749647df6f7087c16dc9e7b24c8acb |
| SHA1 | 4dbd692f722f3ca5a4918ca7363b0a2e693afed7 |
| SHA256 | e595fc7e9ac94b1136208a4afb91d1c954675f30e376f0a1b02d1f2a4a06fb3b |
| SHA512 | 075e267f5bff1afa6c0dc0ed731084afbab3c0a78591805e59d8cc754f870e1f9df71b0496579c15ce79609d799886f0afba77df1e05f22aa0e984e79abb26db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5834b7.TMP
| MD5 | 459c71175f93a09e978f9dcc82d1d00b |
| SHA1 | 959ebeffbb218db4033e78d8ac4abb6516ee2101 |
| SHA256 | 6f8f79ae85a1b28bda247c54a6c1ec19289ee5ab003e5e4f838faed216594c19 |
| SHA512 | 990921224cc9a284b4c5ea424f620be3118e45244c9a693a38f8df6ada58cb95a2b09d58ca3507d8f8d3c862f11f08dc9c25f39f6bc45f4b66ec00d544d94969 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 816186c83477f7cf1c8737abf7ff2edd |
| SHA1 | b5b440056b7625c525bf469719ad667bda34e484 |
| SHA256 | 19c98c423a6ee6ef3ac0ef0b4690276896666615c97de1ca3b7cddfca97f5fca |
| SHA512 | 445628cd20b2717a4879c55ee04083df268b2c389a9697f3903ec5cf5c7ab8a22a813f30730254ca83aa659006b31460ad4ae924c6827293c0375bc7a5548e93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 12a67c64f0c6cf710398b3a803be294c |
| SHA1 | ed647adf1ec0cb3cd66657154653a8b88f4cc419 |
| SHA256 | 189ec3f709f25383afdcba96e5a4ad9976ecb98daba71399c57cdc2c97597293 |
| SHA512 | dd22264c9bb5d92b84a146b4d5102436da721379dc548dcc54461d5eef87f5569f068cbb6f09a3aba57fafbde376c71c07a02b61e23ae4071983b46186863f91 |
C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin.zip
| MD5 | 517dfcff6fa34b4fd216437754eb643a |
| SHA1 | f3c26b91d49e0add067216f8d08402a1c9ca84d6 |
| SHA256 | 290813813940e67fe1c8a3dd0a4726cf721e90cf72ea288a13740a11362a3ab9 |
| SHA512 | 2e87d6e7ebbb6506b6a86c7bf49d17d0d34c48beddc3389dcce022ac2ffc102112405c1054e1c2300caa81ea79819c467ea7ddea51bb4bf0982c8b7749bedf5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e5a9d3894688a960490ee0391018a63 |
| SHA1 | c7433036c44dd5c032a3acc6bad2059d25de8019 |
| SHA256 | 59bcbd9cd23e80477468d6183b53813aabe52ab98e67a23aef4e3f4599ee42a3 |
| SHA512 | 6351bf984a99a83f4e9697c71d9e7fca10656d14ebab1d13115e436dfb7cf583442a71c0c8e69598286a53c23e6236f1fd0a18f0fcfb2bf7e6c2a667552346e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 994528d58185440fa1fc087e20f5d37e |
| SHA1 | ebd85122feea06a8a2eb707f34ff1b01a5601252 |
| SHA256 | 52749b2ab076fe177e0567033f41eb66cb0f7d88d0662b00230b74a1fbc82556 |
| SHA512 | a0d939e1b716d41f99d8ef9a91287e9446d9c93bc4ef5fff96b0fd3108242914cf94531a88c47e2259b100191d696b720cbe53501ddbec7a17a61bb353f0a8a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589ebc.TMP
| MD5 | d25226ead3be01c84d7c06164261bb25 |
| SHA1 | 4b4fb9dcd7aa1a7b8109472a5edc83b7faef33f9 |
| SHA256 | 6d74610fef2d9b92132bb92408a00db55712417fcb16075a41783228be2c125c |
| SHA512 | 31419cb084f3c8738784f23798ddf96e97f14f091e41bf695ac05f761646b6851b199c5e384d83523fa25ddbcb68b78fe2835ff8849ea012bee4091e08f297a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 960bc33d7dd57bc4d1ddc6f3a694f0a5 |
| SHA1 | b093721b9e86647a51c6128198e298fe19cc4e71 |
| SHA256 | 641c19f9dc7a3509297f08a29531de0e551628d626123e412374d20594502ba5 |
| SHA512 | 882d159c5b5a189854ea641a099ae60163b455012d5da510acaa5becb0dd896bb2fc24126adcd8090029b7eb5cd66dc2b3f186457cc9e89ca956acb78581b575 |
C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\Icons\icon (15).ico
| MD5 | e3143e8c70427a56dac73a808cba0c79 |
| SHA1 | 63556c7ad9e778d5bd9092f834b5cc751e419d16 |
| SHA256 | b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188 |
| SHA512 | 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 26a90a81b727b3bd1e3d5db06e73b4a0 |
| SHA1 | 19d14a737f4ef8ba497a9cd75c1dfa04e0432b48 |
| SHA256 | f0b5304dc5bc73a1ea2888ef051c04262be52c0ef044e6b178be216761ad3f61 |
| SHA512 | 036cdadecbcd52ead0bd5b05781cf7b4074da79497e4169b6aa2905b182d7b4a0dceb5da3a0f885ea7d84d64a2f8096fad903fe6e2202d2647e6fe93e1ea18cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d942b26e338b019da426daeaaf718bc |
| SHA1 | 02f73592a85b43c15f3fa8f86852b62c0d778dc2 |
| SHA256 | 846a27c95bb3b1228dd99a412b5bfd08701c3cca72f228737bf44cb49d91d308 |
| SHA512 | 31b496ae89cb3cd8a5f2ace4a861efc18196aa8eb5aaf4ccb5feb7bede7b9df51c21ad81119858776352233fe984e6bb4622af2fffab639b992f817f11ea257c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4d9f2b86d6d06dabf9b9bdcc15c1d43 |
| SHA1 | f281236832457d80157f453bbcae56d40606c52c |
| SHA256 | 5b0533c8eb4ba4bb2dd2141486bd6b0c26327520e23e2f704273d5e911c68da2 |
| SHA512 | 737824f26800b5a89ed5508263049b8f8121ca1f34484f1ca7bab3a3922eef8a9e0aab69ccfa48eee0169778b42102671384d52a69902f61e4cf35cde0802e7a |
C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe
| MD5 | 897201dc6254281404ab74aa27790a71 |
| SHA1 | 9409ddf7e72b7869f4d689c88f9bbc1bc241a56e |
| SHA256 | f41828bd13a3a85fdf7a1d688b21ce33d2015c3c5f46b4d92ab6ea8ea019e03a |
| SHA512 | 2673cd7b927ffc22f3a4b4fbfcb1b4f576c416d67168e486e6d79fdd132129c9e244e36d7b7883a4a1ed51e993cc4384bf24f2fa3129584f2bd43fd16042de20 |
C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\XWorm V5.3.exe.config
| MD5 | 66f09a3993dcae94acfe39d45b553f58 |
| SHA1 | 9d09f8e22d464f7021d7f713269b8169aed98682 |
| SHA256 | 7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7 |
| SHA512 | c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed |
memory/232-810-0x00007FFA1E1B0000-0x00007FFA1EC72000-memory.dmp
memory/232-809-0x000001B3C4070000-0x000001B3C4E4E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/232-818-0x000001B3DF3F0000-0x000001B3DF400000-memory.dmp
memory/232-819-0x000001B3E0250000-0x000001B3E0E3C000-memory.dmp
C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\Guna.UI2.dll
| MD5 | bcc0fe2b28edd2da651388f84599059b |
| SHA1 | 44d7756708aafa08730ca9dbdc01091790940a4f |
| SHA256 | c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef |
| SHA512 | 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8 |
memory/232-821-0x000001B3E11D0000-0x000001B3E13C4000-memory.dmp
memory/232-822-0x000001B3DF3F0000-0x000001B3DF400000-memory.dmp
memory/232-823-0x000001B3DF3F0000-0x000001B3DF400000-memory.dmp
C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin\GeoIP.dat
| MD5 | 8ef41798df108ce9bd41382c9721b1c9 |
| SHA1 | 1e6227635a12039f4d380531b032bf773f0e6de0 |
| SHA256 | bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740 |
| SHA512 | 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b |
memory/232-832-0x000001B3DF3F0000-0x000001B3DF400000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | eece89bfe03f5c899fe2b386c2f1cd39 |
| SHA1 | bce574a377d920e75f014f0b892a7dffa5af7e57 |
| SHA256 | 86da7b8faf88ce1b36df41f0a4a302ad1180d959bae634e24c40379ebd0015c1 |
| SHA512 | 368ad907182951d936a52ed81e7407b834dc7ad8d9ccb13928441dbeeae19536238b4de1117d48b05c3137f120e6fef13b8863eba8ae7f790c424a8e2c879d0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 702c4166a254c1a638a74dec534fb372 |
| SHA1 | b6160145a1bfa9eae53a5bb3df38b26a2c9764a3 |
| SHA256 | 795997d86f69d2732d8e2208f6cce7eb4b1d5ff4e5d2e43be84a932dccd5b791 |
| SHA512 | fc7cde6e5e9958e3a82e8e6547570e978a8205cd9527b359c91d0a5a8dc796984ce6a09c23bc6063c471e939cb5f281893a76052dda0d011bd5563e8cec9baa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 76b92c8c0099f37ccd8588b2bbdb6e72 |
| SHA1 | c80d460c012c8bf1868a375faf0123e84f07e683 |
| SHA256 | ba9b7347c10a52522e51c1355c2daaf06d9bc1fb984b4dcbae17a8c6ece030e6 |
| SHA512 | 0287bfe266df9c486cd2fca35c08728e047c18331c8e86e295c8658f08f9bf6de1eeed83b74bc9668df9d253565456085eb08032cbe5c2e629cc8cbac8a93b83 |
memory/232-877-0x00007FFA1E1B0000-0x00007FFA1EC72000-memory.dmp
memory/232-892-0x000001B3DF3F0000-0x000001B3DF400000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 8ee75b2fe8400bfe779e7e134169560f |
| SHA1 | 3d24a5ecd11abc18bf881dbbb60ffc340e5831d4 |
| SHA256 | 32ec47cc156152c72ac5bcc137e185912dedc6b83acdaf88be7fc6a11772a411 |
| SHA512 | a2eb4d7e766fe5ec39f2017d4766797af003a3591b9eec0d891c2ccb8d77fb825c8d44e7270e79cb44f7abde3bfadc207ce52961ef8a46348339c8c66b259dcf |
memory/232-904-0x000001B3DF3F0000-0x000001B3DF400000-memory.dmp
memory/232-905-0x000001B3DF3F0000-0x000001B3DF400000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 03c22f9697a85f9cb9c1aea7c1f550bb |
| SHA1 | 2f61306845e44eff786d1a41d7647e0946709b88 |
| SHA256 | ef36cac26f20364a2f9f0a0e069152c5d4aaef75f00089a6402e6d0148eb49a6 |
| SHA512 | 5e2762f40529ac790db3ec312e8d4a3fa61bbedb6f0e4c04630f23084407b13b965bc0bd394133c4d37467420d1359852bc174a052aac285446688447e4297b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a53e6135185476bf009e55bc73800ad |
| SHA1 | 478b32cae43c7484a9a3c498ec6ce73249d9ebca |
| SHA256 | 068d23331dcedfa8d8794fc9f554dec55f7bb52add8dcb25f076e2e2a9c8fb8d |
| SHA512 | 82b12f053c6acd087c3ac7a2cf41e3043c9621aff73de38bc713e3b36813286ffd26b85dbfb8785c27c21033e93dd74573da603f76defe512d1c9f2423c9b4a6 |
memory/232-935-0x000001B3DF3F0000-0x000001B3DF400000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfcf8e7585044b5e9d8dd7b1d7a8cf95 |
| SHA1 | f0c883f0b6b3146db5e58c896515f6416bc2156c |
| SHA256 | b90f64acb554c875f6f62d570de9c2baaa0fabc78dbdc08421a681df53884046 |
| SHA512 | 9f167f8fd7fbc9b9c8c94be5daa01406791e42b92046f1b50c074ae92df4573691118c7fb164b17d0c7c67d205fdf11293600a3d694ba02a9fbb33522496d2e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | ec07ec9529f1e042a96e04f891d81a3d |
| SHA1 | f987ee512dc69721a8f2994df82b6362f0dc5786 |
| SHA256 | d98f9835f3e5f050b96608928fd8fb2bad0c2085342c7ea246277bda6bfff371 |
| SHA512 | d79d501e4ceaa15e0c02951453ca657cca0cb5b11372ee2602105ba6dde0032611643b014f919d0fc09dadedc60c4e761eec76e4bacdbf9709e586d3df1f0675 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | 14e39be019da848a73da7658165674cb |
| SHA1 | e016473c4189a8cc3dbff754a48b3e42d68af25a |
| SHA256 | 39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd |
| SHA512 | 828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | ff4c5330d098853cf56a3303c005a68a |
| SHA1 | 54f6c1ff3095bc1a9f40b732c44fedd2e17eceaf |
| SHA256 | 4b0ec9f8d7418214b8c779fa1c563d9a9c26b0b5d26156378a5d97ca9c76f66b |
| SHA512 | f33f179c091b4ffd35c8b9265dacdd2d776942c83b116a44be715541b29331297eb33c722e8e2817c2f85f3baa2fb32b73ade3f4b5fdf0ad5fc448a9ded09914 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e5ce72d07f690b06ca87af6e42d5bbca |
| SHA1 | 1070133e71feac718c5131c721603b18b333c10d |
| SHA256 | d668844bd0968968d7847b9b76ea03d082f1038e256f755fb4399585821a1cce |
| SHA512 | a1917ca26966cda20a7fd338628f283cd5e35cdb2167850ee630df35ec8109cee9182e9bfc2f20f9e2c879fea50885395b77aa73457e752e77f12bc43f9f1778 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b69e6fad5bf38253075b92344a2afb23 |
| SHA1 | 5d2e405765ca15c45e567cc3a16c9f419ea99f50 |
| SHA256 | 4c773bfbffc674f4d338f36f3237b1c7504a6cf3eaf1885c47b7c55437032f78 |
| SHA512 | 10184f4aff1d6287945bf1b483223e3872b5b86d203ff4ad3b7d5eb874bba93966a1366fccf51146c7eda9c8f4e9a7636483d45822ece2b9ec223d4ed30dc59a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 6c024997b2ebca57b74f661705bc1d8d |
| SHA1 | 15bd8c3726c682b06f43b96256d3dfd203b7556b |
| SHA256 | 3037bb4b67db16151146a45c1f8ba48e66ade3567c546070a20119b8d1f404bb |
| SHA512 | 08d0ae6f1a803c4c7dc0f35753078e0276368501f21dd5de99ea5f00182e1d8b82e1e9f2eccc692dd7e88989f240e14a8791e59f388f26a9bfeb0a161db70c0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6a3a0238b30ac080b0d63ff4d39d821a |
| SHA1 | 9300f56d3d221e975e0de8e404872129970e8b4b |
| SHA256 | 5ac6f3f0b6e3cb29ef2e759397b6e2be238b9c3df9940277cfbcba4390919e16 |
| SHA512 | bc21331c1ad695badbc11251e19dbc2fe115dc67fbc48b021cb5a55343598d42c00464bb52c60cd949a079c8ae0f7a6d1730c1107e406bf188a45e7d5633ef5b |