hxxps://tinyurl[.]com/56p737hn

Analysis

max time kernel
561s
max time network
566s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11-04-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/56p737hn

Score

7^/10

agilenet

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

XWormLoader 5.2 x32.exeXWorm V5.2.exeXWormLoader 5.2 x64.exeXWorm V5.2.exeXWorm V5.2.exe

pid process

2848 XWormLoader 5.2 x32.exe
1872 XWorm V5.2.exe
1600 XWormLoader 5.2 x64.exe
4204 XWorm V5.2.exe
1268 XWorm V5.2.exe
Loads dropped DLL 3 IoCs

Processes:

XWorm V5.2.exeXWorm V5.2.exeXWorm V5.2.exe

pid process

1872 XWorm V5.2.exe
4204 XWorm V5.2.exe
1268 XWorm V5.2.exe

pid	process
2848	XWormLoader 5.2 x32.exe
1872	XWorm V5.2.exe
1600	XWormLoader 5.2 x64.exe
4204	XWorm V5.2.exe
1268	XWorm V5.2.exe

pid	process
1872	XWorm V5.2.exe
4204	XWorm V5.2.exe
1268	XWorm V5.2.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe	agile_net
behavioral1/memory/1872-582-0x000002DDC6260000-0x000002DDC6E98000-memory.dmp	agile_net

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4728 2848 WerFault.exe XWormLoader 5.2 x32.exe

pid	pid_target	process	target process
4728	2848	WerFault.exe	XWormLoader 5.2 x32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	msedge.exe

NTFS ADS 6 IoCs

Processes:

msedge.exe7zFM.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\XWorm v5.2 {Crack}.zip:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe:Zone.Identifier	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe:Zone.Identifier	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO090833D9\XWormLoader 5.2 x64.exe:Zone.Identifier	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO090D44C9\XWorm V5.2.exe:Zone.Identifier	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO0907657A\XWorm V5.2.exe:Zone.Identifier	7zFM.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exe7zFM.exemsedge.exe

pid	process
2348	msedge.exe
2348	msedge.exe
4488	msedge.exe
4488	msedge.exe
2224	identity_helper.exe
2224	identity_helper.exe
2860	msedge.exe
2860	msedge.exe
3932	msedge.exe
3932	msedge.exe
2540	msedge.exe
2540	msedge.exe
3444	msedge.exe
3444	msedge.exe
924	msedge.exe
924	msedge.exe
1220	identity_helper.exe
1220	identity_helper.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

4240 7zFM.exe

pid	process
4240	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

AUDIODG.EXE7zFM.exe7zFM.exeXWorm V5.2.exeXWorm V5.2.exeXWorm V5.2.exe

description	pid	process
Token: 33	4000	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4000	AUDIODG.EXE
Token: SeRestorePrivilege	1592	7zFM.exe
Token: 35	1592	7zFM.exe
Token: SeRestorePrivilege	4240	7zFM.exe
Token: 35	4240	7zFM.exe
Token: SeSecurityPrivilege	4240	7zFM.exe
Token: SeSecurityPrivilege	4240	7zFM.exe
Token: SeDebugPrivilege	1872	XWorm V5.2.exe
Token: SeSecurityPrivilege	4240	7zFM.exe
Token: SeSecurityPrivilege	4240	7zFM.exe
Token: SeDebugPrivilege	4204	XWorm V5.2.exe
Token: SeSecurityPrivilege	4240	7zFM.exe
Token: SeDebugPrivilege	1268	XWorm V5.2.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe7zFM.exemsedge.exe7zFM.exe

pid	process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
1592	7zFM.exe
4488	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe
4240	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4488 wrote to memory of 3916	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3916	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2012	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2348	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 2348	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3812	4488	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/56p737hn
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ffcac4a3cb8,0x7ffcac4a3cc8,0x7ffcac4a3cd8
2⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
2⤵
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
2⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
2⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3792 /prefetch:8
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
2⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
2⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
2⤵
PID:2748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1312

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm v5.2 {Crack}.zip\XWorm v5.2 {Crack}\XWorm V5.2.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcac4a3cb8,0x7ffcac4a3cc8,0x7ffcac4a3cd8
2⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
2⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
2⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
2⤵
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
2⤵
PID:3988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
2⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5144 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm v5.2 {Crack}.zip\XWorm v5.2 {Crack}\XWorm V5.2.rar"
1⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4240

C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe
"C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe"
2⤵
- Executes dropped EXE
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 912
3⤵
- Program crash
PID:4728

C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1872

C:\Users\Admin\AppData\Local\Temp\7zO090833D9\XWormLoader 5.2 x64.exe
"C:\Users\Admin\AppData\Local\Temp\7zO090833D9\XWormLoader 5.2 x64.exe"
2⤵
- Executes dropped EXE
PID:1600

C:\Users\Admin\AppData\Local\Temp\7zO090D44C9\XWorm V5.2.exe
"C:\Users\Admin\AppData\Local\Temp\7zO090D44C9\XWorm V5.2.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4204

C:\Users\Admin\AppData\Local\Temp\7zO0907657A\XWorm V5.2.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0907657A\XWorm V5.2.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2848 -ip 2848
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f7ad5b5c1b0880a280731b9a4502a7a4

SHA1
375bdda7d8d63cfbb5f7c0adf258a9a11e97b3bd

SHA256
f6cd650377a9ce9fcdfc6f3a05d057feb354c454d3adc76d41a4fdf29bb43c29

SHA512
e4a5903f74301442aa7f051204c1e9bcc33623e47a8905e834d9972de6dcc7ace02be4c766303b7eec525415fd9cf438ff61458a8558bfcadf3f435ab5669555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3f41f55f9fc397f4146672aef3661d17

SHA1
3d13e0499f8baa6605ad857b6adb7a24fa4a7064

SHA256
2d526b001f048bd2a253a5f03c5d9850d450ba826b91a1f59fc8425170f805c8

SHA512
b229510307dd418dd08e1547744fe72fea0a98c09664ff204c48a8c55c70d0d905ccbab5d309429b0eeafa7e407d6bbe10d4c5bf70f5a400c4bc7aecf4290cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
36bbebb5e4bfd2afdcb735b06435b000

SHA1
0e6de2af31f2efa9791eb3c4429839f651d9c550

SHA256
e2473de7a8a43adf39c1399015d95b59e5d0ae45a74f239638bb1c9a3a4cbea2

SHA512
3e77ec438be11897137522caabbbac00f6d035b8538819b9575afe6ed5a1a6cb41b21f71325cf08ce029f35036947a4ca6b428b253a267fa23d3174daf599755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
8fca0290d7b4fbf583469492827ea3be

SHA1
818207930f6ec4c2336528d7e357046210deaa4c

SHA256
6a605e7a26e92124e7512200b1c5b793c34d789da1f58119e7c6ca4c7bc74bb2

SHA512
c6361a566399176186c2beb76010837b93e06ebf48c44d34db433c0ccc94780d28fd5e4631af7621792d7477a2af594131431de79d5a32ef2325126e8b3fc588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
7da8a7be2517f75a948a0d8284d2412d

SHA1
72cd21b43f80540bd7b45bb63ce10b55190b3850

SHA256
78c30e88aa84b34d401c392ab8dfd8d8c22f04eab5a27764c2fbc6aa5633fe20

SHA512
31bd4276f54721df57e08b0122d47bdaacbaa5212b1a9df603d99535b1959e941a9711c212345f6c900c43e4afa5ad8ccb310148136c46f7a280d22eeb3cf49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
584d298cbc6ce863c380c3312a7791f2

SHA1
a251be378230765f99fa4d3b35b5c59f551c22db

SHA256
b0f6e8b73850ed05762a8a3e3db9ea8ff817e74ad226f0ef00715d341e75d554

SHA512
b9908fbcc3df8ec71bd374479118fa6ce0013a6c1718dd7f46be2d146a628814d41e17c84cc929de9389fcedc6e1211cb27ac90a621444413e8d42885d093800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
44b33ea2849eb438d723d62fed8f42e5

SHA1
75108e08fa7fe81ffc1560448bfb23df9a92a65f

SHA256
f9dcd941873b45b122190c3cb03dadc6a2c02444dcd8e2053741518175f422a2

SHA512
ce23acbf90623fa508e7acadc620c5e32fea1c2ef2ebf38795ee00b9b0d4e463317a13499cb72c562609e15f759c7f1b83e035dc06c22df06105a72b5143e459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
afeb9c51d1f1a31c223fe38f88fac194

SHA1
38e2aaa5b8e142a8cb8c1b330407a5f249cbe892

SHA256
56fb0d4b71032b2165b0291484964721a2c177519ea00166d117990e5eefbddc

SHA512
0f5f3513346f62c2a71e47fdc94607906e252e06f9069736109391639e21a2e8935e954ed0cf3a1fbe609781cf1cdb7c9832e5903e8db6023aa3fee517f6443e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
d5f9b24896b41aa02a0f1a98b81ead81

SHA1
05a30e039a6388d949d0c71586397d5b953dc3c8

SHA256
35b190257ed488b1d8eb4f9725f24e5154f9a6c3a4f7692f98f8698a518c4e30

SHA512
36073e6125a7db705d58d813f4fbaba2ff5c86b0fbf4611f3b9d315f5d7b28b7d4ebe3c214ebf8cd0782c8f620e454dcfe2431106bad7e16e2778ea370b716d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
278f7c5dd6c179e1452aca600a36bcae

SHA1
c3e45b2d308f45c17dff70166965e35a86526028

SHA256
3d3b5e4aab08cda31eee6950793da4279d3ca78f31162632dd89aeb244ed9f9b

SHA512
c4fec63335687599c7d4da9cc4801dc74b3ff2829aa7771b61461517f247b7030cb3f4080808dc60a29b3ce89504189f11979dbfacdceac5ba6b82761705acd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
11e5c889e8f54b8a2e1ab5137862999c

SHA1
e72d1d0bcb16714ca1319ad870f435461fed8949

SHA256
1da495017c02090b651bdb2e737da421cfeaf70c25461bc3d8332d82fd4df742

SHA512
5f85898111551e66f4582fe7dbe1b17e1e96065b14dcb2745d1c9af2ffb686309e007e65e58136ff41f6d3725ff0b890459f2d24c3dff7477022e78ec7e21d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
845B

MD5
eebf7d71d3ca78b787656383b99a791c

SHA1
651d6972f2b43e46487b121017e0b295cdec3fb5

SHA256
67a56e7ce49c7172ec4ff7b0b761df525ed9298cd7bff8f31b0b9b4502406a70

SHA512
fe1c3b444d5e50ca1040533dfe836b5318453b2a52023e7a82b1380001c751fdd44e37fa41d206cf76c95d18909789976d8d38a69754d8a984a01607075762eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
457B

MD5
e306a05e7b84793dda02c737d62ab0c6

SHA1
388c1d89c7b0128fb7ec81b53bc3e2b6e9408572

SHA256
e19d2d2638e0a09667473ef545e93b68d4d52f9b6e9d5e3be9820abfde99cbf1

SHA512
cde3d222a6b80931bb52bb43dc1d0dfc1d77692dccccda39acbbd8872605f08a5903f72cefd822cf57eb3579f34937e44df57c97a9ee846d96c3abdb1b2613d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
afbef9e43bf90595419bb7d019888c82

SHA1
3dd267e4283b863e5220b1df5feff3fdeaecc109

SHA256
aec7b21797685e32db856fbea11a64a25fdc8cba669f6e45dd6b96f157214145

SHA512
474ef99189c07f92e17306da5ae3f84470373e0c9dcb3437b3bff895fb0678bcdc8cfb28ccff604321c9892944b2fa0e7ef8b6257581bb0401a183d20470e962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
257B

MD5
3842b39dfd9c594179bff5cc01c282a8

SHA1
a6b1391fe067b1926cf81eb43c93a2a44f8cf3df

SHA256
2ae59fc3ecf8aca282a53a1212e95aeef3828eb7a471e543df73ce17bbf6c8a1

SHA512
c714360ebe31a9def378688d4bda22f4ee253571e8dc80da94ad8c197ff9de7537eb960d23480c214075ae7fa717662e56b8cc065b67a06f2ab44ca1d2f7649b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4cbb87b5df5fcad251d6b3b779691d29

SHA1
e55fa0eb2e782955a5f79d9028942355185c7f15

SHA256
801ac70afb89452f44d4a72673f546208a805e1cee99758ee57f0080bf7f8fcb

SHA512
28df7e48749dfbdf37f909bb3341078cfb72290d0b9c45e616aee8cd9d5cb1091dc57f21621d8c0cf81f28aa6dadd96ec09798fffbddcc067dbc63495098cb7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4e21b7fe0e5adc1589b35fb1f4c3f068

SHA1
f23005a4ef83ee53abe720a45fd75725cb8e113b

SHA256
7e217364963b7ceb5ecc2d97c19b1151955b457e1663e8f5b5c5f175becf748c

SHA512
121aed30322d4e6b666f5a6a71df593eed0a1478b55f2ec2bf505005d6050ee9ec041064a69b4a7b33af14d769005f7e4813c4272cfb946ab213bf40132f408a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
46562d309f091e4da033af83ee480b20

SHA1
963cd8558c98a16562b32943a3af36d8d75510e8

SHA256
f346a65c3223516de83766296f11926ce171ad7bfcf3d70ff52d20e01333fbaa

SHA512
dd78b7fa5501fbf47f2fd2f51983173435b3446718a6dd2875a15dd6be4cc06aa16c49f01183058559e8d7cf5197f0a41e2dc89e582d7756a798f7b9df247925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5cbb82e21ee073e839764525f6dc7786

SHA1
aaff5f0ed99bf5f1b21698e8dace9a7a9fb3e335

SHA256
d45662d81b3cb100ce62037ec0bea013fafda948e5ca5017a2d80ac273883a1f

SHA512
ab9a7e0cbb20a04af85d3698a514af6cd98279ff31add9c9ab8ac1d4159ba1b94c80b48d59969819e12bc0d11aabf7afa7faae1db1c8005dbbc2c8eb2289d996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f61d42f8b249e09e309c15743636a6c5

SHA1
4b37fae67012eabeb95adf94c5e722cc9c2bef3c

SHA256
a70bb8193f2aea111f6150849a798691730f444450377187d0a650e8e40b79d1

SHA512
e28c766dd32e0bc6727e9697b566e267c9ea9b5942f2e9b085d7e575da46a6568d93c9d202afce682f466a9a99ad1b5284fc46e7b02de3a66bd3ef37eb30e8b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e7255739dc538019137c3cf566fdb05b

SHA1
8958405d38259a30c3860427982f7da37ee2dd3d

SHA256
c200f02252806a32ff9696dc9a5ba34aab1a4fe5d0dda1e31f8fa956d979ec1f

SHA512
a0a378771b8500fa2b24840450f91395152ae2a32336853ff69a83be848603707d51475a8a9cb2ca06f9f5deb33d3f4dd071ba61df16c377a6cda50b84878d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
41ecdbc5eeadfd41fedaf3bf1f94b9bb

SHA1
8dec9f57e5ce0c3a78228d39bec60b6a275ad728

SHA256
4821a6f1d422d310da8e6ff754547143019160a221c36b90fa37703c3afebcda

SHA512
31c34a8b1588321ff455e622e6e8ecf5f099339b5402db0e6e820ee0717f20d2030b5b9fe7b076f1cb2c38aec5ecb83a4c84c9f0fc51b699ddc8d56ac07e091d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
Filesize
602B

MD5
aef395e8a6d24b02d602fa294ec1d123

SHA1
1ad55c4d2055c661a5e6dc6f7ebeeb80db88ceff

SHA256
34f541911a10a4a4b2762a1caf8442799e348b7e259c6b02658d529f18cfb1de

SHA512
12c8220c393e9d4bc369ecfcb92799ef26297688506a0c89dea86fb1122886134ef6f0dc70102d16c0a44370b5ab7162ae358bfc7baebf2b99b25565d3fffa15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
Filesize
297B

MD5
12afaec3943337077bfbbce6a2ec40ee

SHA1
37cfa145058d174b674584b2bc9e87932b259ff5

SHA256
2fd3e34930083894221b10c9c41f4f4735958ef71f7758a3897bae5908870079

SHA512
e9bf2db081aa8e0c1cc413b3216e4bbc9cfb886f832d782523946e8be9d86bc4eece06771fb303e18c63385e8dc9299f006d3b73631e9c499ebb58d1424f7e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
2b80c901daeab09d4fc0ca80c97db829

SHA1
be4ce39121711fbd91b18a86c859b987faf5048d

SHA256
b833e0520ff79ae4d37f70bad88e3ee07859ebc20f2096ffeffa4baa59c562d4

SHA512
52488c54bf2a22f6501a5f2e78d0ec7bd3337e376cccdd504fdb7c4d0188ee80fa43ed97f1f614aad3d07a4d45dd0e22fd20e4b43d4997b2dcca979d10a5c186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ce5c.TMP
Filesize
48B

MD5
65da583e8e09d04473fa4ffd3d61c887

SHA1
a0defc6929c896e3fb3014d63e5cd97f54a4f2d0

SHA256
c26564767b97b1e05628f46ce09a33f501946d05005d8fa766e4a9ea2a3f0dd0

SHA512
1091cbe480a10ff2a72b63071533cca6a875fb78c5c8f742de10c4fbfe7b76e2e884f0f735b4968a23cfbb9d46dc7344ae0be23a695afc6cedc86fb8afd228a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
545B

MD5
3c08f970ccce5da05e000b4ce52ea23b

SHA1
1961cb426b864ff02717b9951abf5a13a70b9764

SHA256
d9d349961386ce92dc23ae10ff566be0c70e3e1524cdae9206fee2f8eaed826e

SHA512
a40b1810b5a797d68ff58fb9271efe5d2de1150ed4864055d7350dc5ffd26012a5b8c05b92924264de11a64e7559506c408775acca36a3f13d45aab095d16424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
702ea4f7c38e03dbba27026b0f41aed0

SHA1
b274d83d9de722f897189feef93d5262f7cf7dfe

SHA256
e79c03feb7106f0e9aa2c723ed8e3c5dd981f047e6d96893ee91a8bf9a31746a

SHA512
b0ddd4055767ae60b539d5ab5dcc6574104c6b687d97da6d4668e5009ff9db5c7f70026226feb787fbcac1f355b895809624b03ee7318f061f03a6e25d2c93a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357318021318156
Filesize
32KB

MD5
466069488bf338b18b71d0d03880483a

SHA1
15673a543ec263033565cbe63a5fe4b3f2a4af70

SHA256
3ccde947bec2a91673e6d4510e04b1c5ae856f2a3116cea337092c78411d0cc0

SHA512
46315f7ed9737a475a4886f50b2752d0a59ac7bf3adf442ff0f11c4a1befc43e3aabe52f9a00466879b53858e61dd36d763d1f25e561dd31b014ad9867a685d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
d371481917f6838ea5699d6b8ea75766

SHA1
715d1118143af3f103575607709ef31cc6f45a30

SHA256
6beec3f864716d0fcf28ce278bc472c8013d497a22621d7dbbc3b54573b9fc82

SHA512
33c32a22ed739da8e3b758a47e4e3d2411f2da76ccf3aeb7b5bd4234566db78579823a0173ba1a981c2d380f04f68e5576a8d207c889e82672ef0473758bb4e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
3a659835a79d10b5ca4bf678af5492aa

SHA1
653e922be2106d9eb46874409b0375ec742ffc7a

SHA256
d7cd4d8f9ba5b94e134d07224134c9c919c063ae60eaa470d4140210887941ec

SHA512
6dea270d171bc8a48881940f09102b74a5e8949356d1cd3a333369cd218f40d02e975549398677f6f28ceef7e1d8c468d5a920d148093a9769ea90659d550e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
e3c6c44925d6dfb19910a0a403f5dde8

SHA1
e55a5e26ce8fd016027dbc25a01e24760c100dfe

SHA256
83a350bb6e5ca62ec999cb15415b0ea3f543b1373accf9f07ed1c69dfc81c27e

SHA512
628bfe0f8aeed0ec330bdb76ac0090281ff3a5cdf1f86425c9e4f9e2462add6297c7cf396b2dc2aeaa7bdcb3728586ceb71db50ebb7d7efe49beaaf685eed340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
b1b482245a72739aeb576501b7737374

SHA1
619c54b546b6093a99d8965a4d6aa33c852532a7

SHA256
9d04843d8ef9a3f0d8228ae23a75f1c0936973e2887fdf4f568e12434ab6bfed

SHA512
108a50029eea546bd798d1c7b2b9758e6eb8c0c4d8866bf39c0611464559ee54812d67aa4b37e638e9175b304b3e8e9c38acdd4a31cbb4343070f4ef9a335fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
73f730f64b1c322919ac57c0cd6385e2

SHA1
50b31a58e6fbf3a098c6c65b63678c673042696e

SHA256
e8a343a68033ff54aa0184c798982209bf7e9f083db0216410a2a99b7cee2c65

SHA512
2ec55d56e1d220d231e7479d0394f409bde2156a3da8149f96921e494cc2c11e10fac9abd61313c447af7af38fac6898ccb7a439ee51d0b3971268f0b722d63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
1.4MB

MD5
833caa8e91db842761c8f092e1c54d6e

SHA1
e314e72eede23ab91c334427f21ed6386602526a

SHA256
4c1d0baaf59ab7cc254d9e79d5acb0a1db155194ff2a5c921f19aab729c1ca06

SHA512
559a497c8085981088f568be7549a25b33d27ee471524a991cbfbc1b92c941c3fc3fa206158ab9d89072531f7117311e2f2bdec0fb72bf73aa6d197a0e207587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
2KB

MD5
c82fd5ec3aecd56ce6131126dc3c90ac

SHA1
00c7eff0232892536d9c3b120cab4409ff55aaf9

SHA256
8d33f92c353cc22944f4b381bccf62d91a90d75932caf233866bef8e0e9ee8b2

SHA512
c32ff8aad23eece820d63575a15766db3de5dfc9463ca4911b430e122b2c6369c0c7e3e88d9b1a554a2f581f8387f3b483b1130863709e20854a7351b6f8d6ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
322B

MD5
a4d0d93e44bcfe185d94106826072e99

SHA1
ed1569c12ed4f819a467337289818ba81c803270

SHA256
63ac818000f079978b0566fd82cb02f40758283b4f3b871342e3f80e85fe7487

SHA512
b53bbe10464ecf9ce12887c843c3875dc59860b73ce2f71d86aef0f935590eb8cd8c3d1ee121254a96d6ff73becc11f42ca6dbe461e528c80a9d671e88ca444c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
340B

MD5
be370a7d2ee150a9ba269fda1430b70d

SHA1
f02bc22372972a8f0eed8e7733f1e64d7cbe2176

SHA256
6325f3177d03e6db0c5a5e27143681b9203ba0e9c6267dcdc76d6b039ef0d9c8

SHA512
affdd5f9f68c515750bbce6eeb707a4ed8685d5243711ce4c08c65f59786f7469dcf48534512bf5dcbf2230e36874f8cdd9ff2412473ce14e19865c22f306852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
5731d23b152f007f95a7961404cf6ed9

SHA1
942ab0d8f0b785308acfabd9b548b5b4afaa6be3

SHA256
75a3b44ebdcf8bd0222381bd16497335dd5e80783d948553521646fd4149f45c

SHA512
6cbc855a17b30acfdfff26b90a78111c107590e9b6cb8bfdec74e1042dc8ae6bf5d6c87106fa3656311119a5969d0c9caed38874f7ec4f73293983def854b026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
4b8785deeec6c0c2d3ba683a8c2e5757

SHA1
6bacfbeb83b530760db504478526ae5a9285be92

SHA256
a94740585b49b57478ff9d09836ad2f58006c20b80b16068fd8cf533b612284e

SHA512
c2059edc402da8f8f7acd1d09c9f9e7e4d8e41504f8c5465acc0dd8b55c1bd5dfd8322b7c7f5537e3706933eed6dd600b00a27c2f203d86512ab90909ae99d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
2a2ace04c17b9993e0be3818eab47bed

SHA1
2eb69d93037ef194863b373d7bb241d1b69a5840

SHA256
bc43a8bae24923c17c5d223fd09364fb25914cbc23cde8f9a5cf0c0c37b9b26a

SHA512
0de61f2dd32c8340b2f77c510b82fd2382de7c96b887d5178589db04a3c6762fef039513dd92a60fc6b48063b509a58ec30ac5a3ed4486420e9cb929912f7bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
16KB

MD5
1bfd0342dd27be81537d0c8ad0ba8861

SHA1
9db609ada7180b563f3a75bf13973f9da0483335

SHA256
c36859cbb59309b5ef399918aee56c1e5c4852314b222b3c2f3b3b57284d2cea

SHA512
0ffda68d400da4c3848b53bd9f1aef32d0f6fc5e75240848bd03eac95cf4a35014c5ad6e3ec711a276b85415fbe3a7cb358a8575ec0d107bb1ab1f80ea800fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
86708283bd4ad664beccc2bb7784f1d6

SHA1
c094dcc4f0afd14f5f1ca71dc9fca4d7dd87c7ce

SHA256
29b50d76bee1f8a57d771cac940587065095fb25c95f7974bb1436be4aafbbdb

SHA512
df131f95cb3e40dc6e50f0b2d9ff0aaf12370d027803a714233e5fdb7ff54c43c7b9afd228d455c5ae7402409f76c4f1612a5a684781754c1b0a52609b84e191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
df92ed5b822510ae010cbbd71b7701b5

SHA1
ba1e79d3a9e07991887545219008eafb7b04e8f8

SHA256
5b219a28404c123258e1fa73b8cbf8dce666c87ccff1ea5e4e4d5d29a6eaedca

SHA512
06a63adb5a10b5dfa36beab095060b9a37e6c9bf1d389dc2cb453b740854fe6c4a390496773cd89eaea86afe05710105e6c9d5276dad7ebf2ff61c34984ca80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
82642bd975b0463aacc2ab5d7181eb62

SHA1
f656bc97467cd261f10dddffab89d2792dd2ade7

SHA256
e59bd0cfdf6447ab6804ff900beb555048b0aeb334055b3cb0c0dfd9a837cc8f

SHA512
08de1d6f829772f470624414a34ef4775bfd02788381c6bb8204eb8c4f2321c01a43f17101861d98147495c087bc03697fc9d1b4b03936c6101ee649be34ae07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b66a876e45f978d2d1b3492c84aa23cb

SHA1
0dc1fccd857946d82c5b5fcaf0bdaf6067aa1b1a

SHA256
7d73de504fde11df8b6e4188a3e28d6b84710a032525a0249c2284686d384e44

SHA512
dffadc19092e1ac52ad1d36bbe01d6d9d71b9f161448a09e7d8c1f7d0f56daa0aba069c13e3c11f6e17e36eb115f4a4669a15f3c1727032c250ac2dcb31f2f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
655571a59d804e74253915079a875573

SHA1
59212b90c344d495bb10d8c01536c492bcca45ab

SHA256
9fdeee0f6998d7390ddba9a499d39510fee0ba1a6305b9b5ca13e6c10124863c

SHA512
2495bdcec1a58338591aba756bbd38ffa277deac4bc97c7bb68b03f8821d4429d67befd19c4a408f729fe227b9f062b3b7e9ed80da33683f11e42fc14f8d32b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\dc0e5de1-69b8-49ff-990b-0bf94eb1342d.tmp
Filesize
11KB

MD5
13bf81ebec4a4dfd1cce3a105b990c34

SHA1
1cc88077f79ce24658e6443ed1193ccc57ab5cf0

SHA256
89abf893390d5087902139089c3d4f361d443e55fab1554da58146f1f720e0f3

SHA512
33efc4afa0338822fd58291543a45c735729017307abb56509c1e6513a0cd30819af9da0a088c7be58bffca20b2d7d1ab859e14e9c64dc1cceb4a14972f6ac0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO090833D9\XWormLoader 5.2 x64.exe
Filesize
109KB

MD5
e6a20535b636d6402164a8e2d871ef6d

SHA1
981cb1fd9361ca58f8985104e00132d1836a8736

SHA256
b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2

SHA512
35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe
Filesize
12.2MB

MD5
8b7b015c1ea809f5c6ade7269bdc5610

SHA1
c67d5d83ca18731d17f79529cfdb3d3dcad36b96

SHA256
7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e

SHA512
e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe
Filesize
109KB

MD5
f3b2ec58b71ba6793adcc2729e2140b1

SHA1
d9e93a33ac617afe326421df4f05882a61e0a4f2

SHA256
2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae

SHA512
473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe:Zone.Identifier
Filesize
87B

MD5
0c603d5b0d59544d94b7d8120125a221

SHA1
9198c13aeca060ffa20ad5597fc093ce4d691f70

SHA256
72b784412519491e5ebf19b9fd1d17faaa6dcf5cbc3490f4bb348fdeb0dcf373

SHA512
9dae09d66148a9f71fbaa4896c779137fcc5c3861ad2994b569b569d978b98f5bc07fafe5718ce420b0c4a0705c618a6c86fcc7910becc9d404ea5e2677fb3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
C:\Users\Admin\Downloads\XWorm v5.2 {Crack}.zip
Filesize
30.7MB

MD5
7e9109386c4bf7b02887aa60c1e0ba16

SHA1
a650a9f77e7c627013c2dcd7ce7f5d7b4098f198

SHA256
664ff71e61bca97a94d6d9b8679168e74f0c247573e509f10e87e3a8468ccabb

SHA512
ab65812317f1c433daf159e2044fb556adc957950574dba8c992cb8e2448103f0b19a1855d04d87ee99e9cb7733d6f31f2dde644cf02610fca5262a98f776d95

Download Submit
C:\Users\Admin\Downloads\XWorm v5.2 {Crack}.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_4488_FKTGGGLLPUIEDJPW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1268-655-0x00007FFC96AA0000-0x00007FFC97562000-memory.dmp

Filesize
10.8MB

Download
memory/1268-654-0x00007FFC96AA0000-0x00007FFC97562000-memory.dmp

Filesize
10.8MB

Download
memory/1600-610-0x0000000000FE0000-0x0000000001000000-memory.dmp

Filesize
128KB

Download
memory/1600-611-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp

Filesize
10.8MB

Download
memory/1600-612-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp

Filesize
10.8MB

Download
memory/1872-590-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp

Filesize
10.8MB

Download
memory/1872-581-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp

Filesize
10.8MB

Download
memory/1872-582-0x000002DDC6260000-0x000002DDC6E98000-memory.dmp

Filesize
12.2MB

Download
memory/1872-589-0x000002DDE23C0000-0x000002DDE2FAC000-memory.dmp

Filesize
11.9MB

Download
memory/1872-588-0x000002DDE23B0000-0x000002DDE23C0000-memory.dmp

Filesize
64KB

Download
memory/2848-552-0x0000000074E30000-0x00000000755E1000-memory.dmp

Filesize
7.7MB

Download
memory/2848-550-0x0000000074E30000-0x00000000755E1000-memory.dmp

Filesize
7.7MB

Download
memory/2848-551-0x0000000000E30000-0x0000000000E50000-memory.dmp

Filesize
128KB

Download
memory/4204-632-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp

Filesize
10.8MB

Download
memory/4204-633-0x000001ACF3E70000-0x000001ACF3E80000-memory.dmp

Filesize
64KB

Download
memory/4204-634-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp

Filesize
10.8MB

Download