Analysis Overview
Threat Level: Shows suspicious behavior
The file https://tinyurl.com/56p737hn was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
Program crash
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-11 14:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-11 14:06
Reported
2024-04-11 14:16
Platform
win11-20240221-en
Max time kernel
561s
Max time network
566s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO090833D9\XWormLoader 5.2 x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO090D44C9\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0907657A\XWorm V5.2.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO090D44C9\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0907657A\XWorm V5.2.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\XWorm v5.2 {Crack}.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO090833D9\XWormLoader 5.2 x64.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO090D44C9\XWorm V5.2.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO0907657A\XWorm V5.2.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/56p737hn
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ffcac4a3cb8,0x7ffcac4a3cc8,0x7ffcac4a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3792 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E4
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm v5.2 {Crack}.zip\XWorm v5.2 {Crack}\XWorm V5.2.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17551827626193072138,1096080860361930037,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcac4a3cb8,0x7ffcac4a3cc8,0x7ffcac4a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm v5.2 {Crack}.zip\XWorm v5.2 {Crack}\XWorm V5.2.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe
"C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2848 -ip 2848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 912
C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe"
C:\Users\Admin\AppData\Local\Temp\7zO090833D9\XWormLoader 5.2 x64.exe
"C:\Users\Admin\AppData\Local\Temp\7zO090833D9\XWormLoader 5.2 x64.exe"
C:\Users\Admin\AppData\Local\Temp\7zO090D44C9\XWorm V5.2.exe
"C:\Users\Admin\AppData\Local\Temp\7zO090D44C9\XWorm V5.2.exe"
C:\Users\Admin\AppData\Local\Temp\7zO0907657A\XWorm V5.2.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0907657A\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,963896291526859717,18074700152522666551,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5144 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 172.67.1.225:443 | tinyurl.com | tcp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| NL | 185.206.24.49:443 | gfs204n209.userstorage.mega.co.nz | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| CA | 185.206.25.23:443 | gfs302n513.userstorage.mega.co.nz | tcp |
| CA | 185.206.25.23:443 | gfs302n513.userstorage.mega.co.nz | tcp |
| CA | 185.206.25.23:443 | gfs302n513.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.12:443 | gfs302n102.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.12:443 | gfs302n102.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.12:443 | gfs302n102.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.12:443 | gfs302n102.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.12:443 | gfs302n102.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.12:443 | gfs302n102.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.221:443 | gfs270n080.userstorage.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| GB | 2.18.66.73:443 | tcp | |
| BE | 2.17.107.113:443 | r.bing.com | tcp |
| BE | 2.17.107.113:443 | r.bing.com | tcp |
| BE | 2.17.107.113:443 | r.bing.com | tcp |
| BE | 2.17.107.113:443 | r.bing.com | tcp |
| BE | 2.17.107.113:443 | r.bing.com | tcp |
| BE | 2.17.107.113:443 | r.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0e10a8550dceecf34b33a98b85d5fa0b |
| SHA1 | 357ed761cbff74e7f3f75cd15074b4f7f3bcdce0 |
| SHA256 | 5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61 |
| SHA512 | fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a |
\??\pipe\LOCAL\crashpad_4488_FKTGGGLLPUIEDJPW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3b1e59e67b947d63336fe9c8a1a5cebc |
| SHA1 | 5dc7146555c05d8eb1c9680b1b5c98537dd19b91 |
| SHA256 | 7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263 |
| SHA512 | 2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4cbb87b5df5fcad251d6b3b779691d29 |
| SHA1 | e55fa0eb2e782955a5f79d9028942355185c7f15 |
| SHA256 | 801ac70afb89452f44d4a72673f546208a805e1cee99758ee57f0080bf7f8fcb |
| SHA512 | 28df7e48749dfbdf37f909bb3341078cfb72290d0b9c45e616aee8cd9d5cb1091dc57f21621d8c0cf81f28aa6dadd96ec09798fffbddcc067dbc63495098cb7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 86708283bd4ad664beccc2bb7784f1d6 |
| SHA1 | c094dcc4f0afd14f5f1ca71dc9fca4d7dd87c7ce |
| SHA256 | 29b50d76bee1f8a57d771cac940587065095fb25c95f7974bb1436be4aafbbdb |
| SHA512 | df131f95cb3e40dc6e50f0b2d9ff0aaf12370d027803a714233e5fdb7ff54c43c7b9afd228d455c5ae7402409f76c4f1612a5a684781754c1b0a52609b84e191 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7255739dc538019137c3cf566fdb05b |
| SHA1 | 8958405d38259a30c3860427982f7da37ee2dd3d |
| SHA256 | c200f02252806a32ff9696dc9a5ba34aab1a4fe5d0dda1e31f8fa956d979ec1f |
| SHA512 | a0a378771b8500fa2b24840450f91395152ae2a32336853ff69a83be848603707d51475a8a9cb2ca06f9f5deb33d3f4dd071ba61df16c377a6cda50b84878d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\Downloads\XWorm v5.2 {Crack}.zip
| MD5 | 7e9109386c4bf7b02887aa60c1e0ba16 |
| SHA1 | a650a9f77e7c627013c2dcd7ce7f5d7b4098f198 |
| SHA256 | 664ff71e61bca97a94d6d9b8679168e74f0c247573e509f10e87e3a8468ccabb |
| SHA512 | ab65812317f1c433daf159e2044fb556adc957950574dba8c992cb8e2448103f0b19a1855d04d87ee99e9cb7733d6f31f2dde644cf02610fca5262a98f776d95 |
C:\Users\Admin\Downloads\XWorm v5.2 {Crack}.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 44b33ea2849eb438d723d62fed8f42e5 |
| SHA1 | 75108e08fa7fe81ffc1560448bfb23df9a92a65f |
| SHA256 | f9dcd941873b45b122190c3cb03dadc6a2c02444dcd8e2053741518175f422a2 |
| SHA512 | ce23acbf90623fa508e7acadc620c5e32fea1c2ef2ebf38795ee00b9b0d4e463317a13499cb72c562609e15f759c7f1b83e035dc06c22df06105a72b5143e459 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2b80c901daeab09d4fc0ca80c97db829 |
| SHA1 | be4ce39121711fbd91b18a86c859b987faf5048d |
| SHA256 | b833e0520ff79ae4d37f70bad88e3ee07859ebc20f2096ffeffa4baa59c562d4 |
| SHA512 | 52488c54bf2a22f6501a5f2e78d0ec7bd3337e376cccdd504fdb7c4d0188ee80fa43ed97f1f614aad3d07a4d45dd0e22fd20e4b43d4997b2dcca979d10a5c186 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ce5c.TMP
| MD5 | 65da583e8e09d04473fa4ffd3d61c887 |
| SHA1 | a0defc6929c896e3fb3014d63e5cd97f54a4f2d0 |
| SHA256 | c26564767b97b1e05628f46ce09a33f501946d05005d8fa766e4a9ea2a3f0dd0 |
| SHA512 | 1091cbe480a10ff2a72b63071533cca6a875fb78c5c8f742de10c4fbfe7b76e2e884f0f735b4968a23cfbb9d46dc7344ae0be23a695afc6cedc86fb8afd228a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b66a876e45f978d2d1b3492c84aa23cb |
| SHA1 | 0dc1fccd857946d82c5b5fcaf0bdaf6067aa1b1a |
| SHA256 | 7d73de504fde11df8b6e4188a3e28d6b84710a032525a0249c2284686d384e44 |
| SHA512 | dffadc19092e1ac52ad1d36bbe01d6d9d71b9f161448a09e7d8c1f7d0f56daa0aba069c13e3c11f6e17e36eb115f4a4669a15f3c1727032c250ac2dcb31f2f42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e21b7fe0e5adc1589b35fb1f4c3f068 |
| SHA1 | f23005a4ef83ee53abe720a45fd75725cb8e113b |
| SHA256 | 7e217364963b7ceb5ecc2d97c19b1151955b457e1663e8f5b5c5f175becf748c |
| SHA512 | 121aed30322d4e6b666f5a6a71df593eed0a1478b55f2ec2bf505005d6050ee9ec041064a69b4a7b33af14d769005f7e4813c4272cfb946ab213bf40132f408a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | df92ed5b822510ae010cbbd71b7701b5 |
| SHA1 | ba1e79d3a9e07991887545219008eafb7b04e8f8 |
| SHA256 | 5b219a28404c123258e1fa73b8cbf8dce666c87ccff1ea5e4e4d5d29a6eaedca |
| SHA512 | 06a63adb5a10b5dfa36beab095060b9a37e6c9bf1d389dc2cb453b740854fe6c4a390496773cd89eaea86afe05710105e6c9d5276dad7ebf2ff61c34984ca80a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 46562d309f091e4da033af83ee480b20 |
| SHA1 | 963cd8558c98a16562b32943a3af36d8d75510e8 |
| SHA256 | f346a65c3223516de83766296f11926ce171ad7bfcf3d70ff52d20e01333fbaa |
| SHA512 | dd78b7fa5501fbf47f2fd2f51983173435b3446718a6dd2875a15dd6be4cc06aa16c49f01183058559e8d7cf5197f0a41e2dc89e582d7756a798f7b9df247925 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\dc0e5de1-69b8-49ff-990b-0bf94eb1342d.tmp
| MD5 | 13bf81ebec4a4dfd1cce3a105b990c34 |
| SHA1 | 1cc88077f79ce24658e6443ed1193ccc57ab5cf0 |
| SHA256 | 89abf893390d5087902139089c3d4f361d443e55fab1554da58146f1f720e0f3 |
| SHA512 | 33efc4afa0338822fd58291543a45c735729017307abb56509c1e6513a0cd30819af9da0a088c7be58bffca20b2d7d1ab859e14e9c64dc1cceb4a14972f6ac0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3842b39dfd9c594179bff5cc01c282a8 |
| SHA1 | a6b1391fe067b1926cf81eb43c93a2a44f8cf3df |
| SHA256 | 2ae59fc3ecf8aca282a53a1212e95aeef3828eb7a471e543df73ce17bbf6c8a1 |
| SHA512 | c714360ebe31a9def378688d4bda22f4ee253571e8dc80da94ad8c197ff9de7537eb960d23480c214075ae7fa717662e56b8cc065b67a06f2ab44ca1d2f7649b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f7ad5b5c1b0880a280731b9a4502a7a4 |
| SHA1 | 375bdda7d8d63cfbb5f7c0adf258a9a11e97b3bd |
| SHA256 | f6cd650377a9ce9fcdfc6f3a05d057feb354c454d3adc76d41a4fdf29bb43c29 |
| SHA512 | e4a5903f74301442aa7f051204c1e9bcc33623e47a8905e834d9972de6dcc7ace02be4c766303b7eec525415fd9cf438ff61458a8558bfcadf3f435ab5669555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | be370a7d2ee150a9ba269fda1430b70d |
| SHA1 | f02bc22372972a8f0eed8e7733f1e64d7cbe2176 |
| SHA256 | 6325f3177d03e6db0c5a5e27143681b9203ba0e9c6267dcdc76d6b039ef0d9c8 |
| SHA512 | affdd5f9f68c515750bbce6eeb707a4ed8685d5243711ce4c08c65f59786f7469dcf48534512bf5dcbf2230e36874f8cdd9ff2412473ce14e19865c22f306852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | c82fd5ec3aecd56ce6131126dc3c90ac |
| SHA1 | 00c7eff0232892536d9c3b120cab4409ff55aaf9 |
| SHA256 | 8d33f92c353cc22944f4b381bccf62d91a90d75932caf233866bef8e0e9ee8b2 |
| SHA512 | c32ff8aad23eece820d63575a15766db3de5dfc9463ca4911b430e122b2c6369c0c7e3e88d9b1a554a2f581f8387f3b483b1130863709e20854a7351b6f8d6ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | a4d0d93e44bcfe185d94106826072e99 |
| SHA1 | ed1569c12ed4f819a467337289818ba81c803270 |
| SHA256 | 63ac818000f079978b0566fd82cb02f40758283b4f3b871342e3f80e85fe7487 |
| SHA512 | b53bbe10464ecf9ce12887c843c3875dc59860b73ce2f71d86aef0f935590eb8cd8c3d1ee121254a96d6ff73becc11f42ca6dbe461e528c80a9d671e88ca444c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 833caa8e91db842761c8f092e1c54d6e |
| SHA1 | e314e72eede23ab91c334427f21ed6386602526a |
| SHA256 | 4c1d0baaf59ab7cc254d9e79d5acb0a1db155194ff2a5c921f19aab729c1ca06 |
| SHA512 | 559a497c8085981088f568be7549a25b33d27ee471524a991cbfbc1b92c941c3fc3fa206158ab9d89072531f7117311e2f2bdec0fb72bf73aa6d197a0e207587 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 278f7c5dd6c179e1452aca600a36bcae |
| SHA1 | c3e45b2d308f45c17dff70166965e35a86526028 |
| SHA256 | 3d3b5e4aab08cda31eee6950793da4279d3ca78f31162632dd89aeb244ed9f9b |
| SHA512 | c4fec63335687599c7d4da9cc4801dc74b3ff2829aa7771b61461517f247b7030cb3f4080808dc60a29b3ce89504189f11979dbfacdceac5ba6b82761705acd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3f41f55f9fc397f4146672aef3661d17 |
| SHA1 | 3d13e0499f8baa6605ad857b6adb7a24fa4a7064 |
| SHA256 | 2d526b001f048bd2a253a5f03c5d9850d450ba826b91a1f59fc8425170f805c8 |
| SHA512 | b229510307dd418dd08e1547744fe72fea0a98c09664ff204c48a8c55c70d0d905ccbab5d309429b0eeafa7e407d6bbe10d4c5bf70f5a400c4bc7aecf4290cd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | eebf7d71d3ca78b787656383b99a791c |
| SHA1 | 651d6972f2b43e46487b121017e0b295cdec3fb5 |
| SHA256 | 67a56e7ce49c7172ec4ff7b0b761df525ed9298cd7bff8f31b0b9b4502406a70 |
| SHA512 | fe1c3b444d5e50ca1040533dfe836b5318453b2a52023e7a82b1380001c751fdd44e37fa41d206cf76c95d18909789976d8d38a69754d8a984a01607075762eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357318021318156
| MD5 | 466069488bf338b18b71d0d03880483a |
| SHA1 | 15673a543ec263033565cbe63a5fe4b3f2a4af70 |
| SHA256 | 3ccde947bec2a91673e6d4510e04b1c5ae856f2a3116cea337092c78411d0cc0 |
| SHA512 | 46315f7ed9737a475a4886f50b2752d0a59ac7bf3adf442ff0f11c4a1befc43e3aabe52f9a00466879b53858e61dd36d763d1f25e561dd31b014ad9867a685d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | d371481917f6838ea5699d6b8ea75766 |
| SHA1 | 715d1118143af3f103575607709ef31cc6f45a30 |
| SHA256 | 6beec3f864716d0fcf28ce278bc472c8013d497a22621d7dbbc3b54573b9fc82 |
| SHA512 | 33c32a22ed739da8e3b758a47e4e3d2411f2da76ccf3aeb7b5bd4234566db78579823a0173ba1a981c2d380f04f68e5576a8d207c889e82672ef0473758bb4e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 3a659835a79d10b5ca4bf678af5492aa |
| SHA1 | 653e922be2106d9eb46874409b0375ec742ffc7a |
| SHA256 | d7cd4d8f9ba5b94e134d07224134c9c919c063ae60eaa470d4140210887941ec |
| SHA512 | 6dea270d171bc8a48881940f09102b74a5e8949356d1cd3a333369cd218f40d02e975549398677f6f28ceef7e1d8c468d5a920d148093a9769ea90659d550e56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
| MD5 | aef395e8a6d24b02d602fa294ec1d123 |
| SHA1 | 1ad55c4d2055c661a5e6dc6f7ebeeb80db88ceff |
| SHA256 | 34f541911a10a4a4b2762a1caf8442799e348b7e259c6b02658d529f18cfb1de |
| SHA512 | 12c8220c393e9d4bc369ecfcb92799ef26297688506a0c89dea86fb1122886134ef6f0dc70102d16c0a44370b5ab7162ae358bfc7baebf2b99b25565d3fffa15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5cbb82e21ee073e839764525f6dc7786 |
| SHA1 | aaff5f0ed99bf5f1b21698e8dace9a7a9fb3e335 |
| SHA256 | d45662d81b3cb100ce62037ec0bea013fafda948e5ca5017a2d80ac273883a1f |
| SHA512 | ab9a7e0cbb20a04af85d3698a514af6cd98279ff31add9c9ab8ac1d4159ba1b94c80b48d59969819e12bc0d11aabf7afa7faae1db1c8005dbbc2c8eb2289d996 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | e306a05e7b84793dda02c737d62ab0c6 |
| SHA1 | 388c1d89c7b0128fb7ec81b53bc3e2b6e9408572 |
| SHA256 | e19d2d2638e0a09667473ef545e93b68d4d52f9b6e9d5e3be9820abfde99cbf1 |
| SHA512 | cde3d222a6b80931bb52bb43dc1d0dfc1d77692dccccda39acbbd8872605f08a5903f72cefd822cf57eb3579f34937e44df57c97a9ee846d96c3abdb1b2613d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 3c08f970ccce5da05e000b4ce52ea23b |
| SHA1 | 1961cb426b864ff02717b9951abf5a13a70b9764 |
| SHA256 | d9d349961386ce92dc23ae10ff566be0c70e3e1524cdae9206fee2f8eaed826e |
| SHA512 | a40b1810b5a797d68ff58fb9271efe5d2de1150ed4864055d7350dc5ffd26012a5b8c05b92924264de11a64e7559506c408775acca36a3f13d45aab095d16424 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | afbef9e43bf90595419bb7d019888c82 |
| SHA1 | 3dd267e4283b863e5220b1df5feff3fdeaecc109 |
| SHA256 | aec7b21797685e32db856fbea11a64a25fdc8cba669f6e45dd6b96f157214145 |
| SHA512 | 474ef99189c07f92e17306da5ae3f84470373e0c9dcb3437b3bff895fb0678bcdc8cfb28ccff604321c9892944b2fa0e7ef8b6257581bb0401a183d20470e962 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 702ea4f7c38e03dbba27026b0f41aed0 |
| SHA1 | b274d83d9de722f897189feef93d5262f7cf7dfe |
| SHA256 | e79c03feb7106f0e9aa2c723ed8e3c5dd981f047e6d96893ee91a8bf9a31746a |
| SHA512 | b0ddd4055767ae60b539d5ab5dcc6574104c6b687d97da6d4668e5009ff9db5c7f70026226feb787fbcac1f355b895809624b03ee7318f061f03a6e25d2c93a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | e3c6c44925d6dfb19910a0a403f5dde8 |
| SHA1 | e55a5e26ce8fd016027dbc25a01e24760c100dfe |
| SHA256 | 83a350bb6e5ca62ec999cb15415b0ea3f543b1373accf9f07ed1c69dfc81c27e |
| SHA512 | 628bfe0f8aeed0ec330bdb76ac0090281ff3a5cdf1f86425c9e4f9e2462add6297c7cf396b2dc2aeaa7bdcb3728586ceb71db50ebb7d7efe49beaaf685eed340 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | d5f9b24896b41aa02a0f1a98b81ead81 |
| SHA1 | 05a30e039a6388d949d0c71586397d5b953dc3c8 |
| SHA256 | 35b190257ed488b1d8eb4f9725f24e5154f9a6c3a4f7692f98f8698a518c4e30 |
| SHA512 | 36073e6125a7db705d58d813f4fbaba2ff5c86b0fbf4611f3b9d315f5d7b28b7d4ebe3c214ebf8cd0782c8f620e454dcfe2431106bad7e16e2778ea370b716d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 73f730f64b1c322919ac57c0cd6385e2 |
| SHA1 | 50b31a58e6fbf3a098c6c65b63678c673042696e |
| SHA256 | e8a343a68033ff54aa0184c798982209bf7e9f083db0216410a2a99b7cee2c65 |
| SHA512 | 2ec55d56e1d220d231e7479d0394f409bde2156a3da8149f96921e494cc2c11e10fac9abd61313c447af7af38fac6898ccb7a439ee51d0b3971268f0b722d63c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
| MD5 | 12afaec3943337077bfbbce6a2ec40ee |
| SHA1 | 37cfa145058d174b674584b2bc9e87932b259ff5 |
| SHA256 | 2fd3e34930083894221b10c9c41f4f4735958ef71f7758a3897bae5908870079 |
| SHA512 | e9bf2db081aa8e0c1cc413b3216e4bbc9cfb886f832d782523946e8be9d86bc4eece06771fb303e18c63385e8dc9299f006d3b73631e9c499ebb58d1424f7e3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 11e5c889e8f54b8a2e1ab5137862999c |
| SHA1 | e72d1d0bcb16714ca1319ad870f435461fed8949 |
| SHA256 | 1da495017c02090b651bdb2e737da421cfeaf70c25461bc3d8332d82fd4df742 |
| SHA512 | 5f85898111551e66f4582fe7dbe1b17e1e96065b14dcb2745d1c9af2ffb686309e007e65e58136ff41f6d3725ff0b890459f2d24c3dff7477022e78ec7e21d0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 655571a59d804e74253915079a875573 |
| SHA1 | 59212b90c344d495bb10d8c01536c492bcca45ab |
| SHA256 | 9fdeee0f6998d7390ddba9a499d39510fee0ba1a6305b9b5ca13e6c10124863c |
| SHA512 | 2495bdcec1a58338591aba756bbd38ffa277deac4bc97c7bb68b03f8821d4429d67befd19c4a408f729fe227b9f062b3b7e9ed80da33683f11e42fc14f8d32b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | afeb9c51d1f1a31c223fe38f88fac194 |
| SHA1 | 38e2aaa5b8e142a8cb8c1b330407a5f249cbe892 |
| SHA256 | 56fb0d4b71032b2165b0291484964721a2c177519ea00166d117990e5eefbddc |
| SHA512 | 0f5f3513346f62c2a71e47fdc94607906e252e06f9069736109391639e21a2e8935e954ed0cf3a1fbe609781cf1cdb7c9832e5903e8db6023aa3fee517f6443e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 584d298cbc6ce863c380c3312a7791f2 |
| SHA1 | a251be378230765f99fa4d3b35b5c59f551c22db |
| SHA256 | b0f6e8b73850ed05762a8a3e3db9ea8ff817e74ad226f0ef00715d341e75d554 |
| SHA512 | b9908fbcc3df8ec71bd374479118fa6ce0013a6c1718dd7f46be2d146a628814d41e17c84cc929de9389fcedc6e1211cb27ac90a621444413e8d42885d093800 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 7da8a7be2517f75a948a0d8284d2412d |
| SHA1 | 72cd21b43f80540bd7b45bb63ce10b55190b3850 |
| SHA256 | 78c30e88aa84b34d401c392ab8dfd8d8c22f04eab5a27764c2fbc6aa5633fe20 |
| SHA512 | 31bd4276f54721df57e08b0122d47bdaacbaa5212b1a9df603d99535b1959e941a9711c212345f6c900c43e4afa5ad8ccb310148136c46f7a280d22eeb3cf49d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | 1bfd0342dd27be81537d0c8ad0ba8861 |
| SHA1 | 9db609ada7180b563f3a75bf13973f9da0483335 |
| SHA256 | c36859cbb59309b5ef399918aee56c1e5c4852314b222b3c2f3b3b57284d2cea |
| SHA512 | 0ffda68d400da4c3848b53bd9f1aef32d0f6fc5e75240848bd03eac95cf4a35014c5ad6e3ec711a276b85415fbe3a7cb358a8575ec0d107bb1ab1f80ea800fa3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | 7e86d5c1bf2ff36b15bfbd8fcf748b16 |
| SHA1 | 59a1515ddff8caec85c4f27ffb17b69a42ec6226 |
| SHA256 | 82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856 |
| SHA512 | 943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
| MD5 | 2a029687e73114ebcb4fad10c0114e8a |
| SHA1 | f09cbbed46b9f8c731568bdcee13024e89bda397 |
| SHA256 | fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b |
| SHA512 | 211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 2a2ace04c17b9993e0be3818eab47bed |
| SHA1 | 2eb69d93037ef194863b373d7bb241d1b69a5840 |
| SHA256 | bc43a8bae24923c17c5d223fd09364fb25914cbc23cde8f9a5cf0c0c37b9b26a |
| SHA512 | 0de61f2dd32c8340b2f77c510b82fd2382de7c96b887d5178589db04a3c6762fef039513dd92a60fc6b48063b509a58ec30ac5a3ed4486420e9cb929912f7bc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 4b8785deeec6c0c2d3ba683a8c2e5757 |
| SHA1 | 6bacfbeb83b530760db504478526ae5a9285be92 |
| SHA256 | a94740585b49b57478ff9d09836ad2f58006c20b80b16068fd8cf533b612284e |
| SHA512 | c2059edc402da8f8f7acd1d09c9f9e7e4d8e41504f8c5465acc0dd8b55c1bd5dfd8322b7c7f5537e3706933eed6dd600b00a27c2f203d86512ab90909ae99d91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 5731d23b152f007f95a7961404cf6ed9 |
| SHA1 | 942ab0d8f0b785308acfabd9b548b5b4afaa6be3 |
| SHA256 | 75a3b44ebdcf8bd0222381bd16497335dd5e80783d948553521646fd4149f45c |
| SHA512 | 6cbc855a17b30acfdfff26b90a78111c107590e9b6cb8bfdec74e1042dc8ae6bf5d6c87106fa3656311119a5969d0c9caed38874f7ec4f73293983def854b026 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 8fca0290d7b4fbf583469492827ea3be |
| SHA1 | 818207930f6ec4c2336528d7e357046210deaa4c |
| SHA256 | 6a605e7a26e92124e7512200b1c5b793c34d789da1f58119e7c6ca4c7bc74bb2 |
| SHA512 | c6361a566399176186c2beb76010837b93e06ebf48c44d34db433c0ccc94780d28fd5e4631af7621792d7477a2af594131431de79d5a32ef2325126e8b3fc588 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b1b482245a72739aeb576501b7737374 |
| SHA1 | 619c54b546b6093a99d8965a4d6aa33c852532a7 |
| SHA256 | 9d04843d8ef9a3f0d8228ae23a75f1c0936973e2887fdf4f568e12434ab6bfed |
| SHA512 | 108a50029eea546bd798d1c7b2b9758e6eb8c0c4d8866bf39c0611464559ee54812d67aa4b37e638e9175b304b3e8e9c38acdd4a31cbb4343070f4ef9a335fa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 36bbebb5e4bfd2afdcb735b06435b000 |
| SHA1 | 0e6de2af31f2efa9791eb3c4429839f651d9c550 |
| SHA256 | e2473de7a8a43adf39c1399015d95b59e5d0ae45a74f239638bb1c9a3a4cbea2 |
| SHA512 | 3e77ec438be11897137522caabbbac00f6d035b8538819b9575afe6ed5a1a6cb41b21f71325cf08ce029f35036947a4ca6b428b253a267fa23d3174daf599755 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f61d42f8b249e09e309c15743636a6c5 |
| SHA1 | 4b37fae67012eabeb95adf94c5e722cc9c2bef3c |
| SHA256 | a70bb8193f2aea111f6150849a798691730f444450377187d0a650e8e40b79d1 |
| SHA512 | e28c766dd32e0bc6727e9697b566e267c9ea9b5942f2e9b085d7e575da46a6568d93c9d202afce682f466a9a99ad1b5284fc46e7b02de3a66bd3ef37eb30e8b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41ecdbc5eeadfd41fedaf3bf1f94b9bb |
| SHA1 | 8dec9f57e5ce0c3a78228d39bec60b6a275ad728 |
| SHA256 | 4821a6f1d422d310da8e6ff754547143019160a221c36b90fa37703c3afebcda |
| SHA512 | 31c34a8b1588321ff455e622e6e8ecf5f099339b5402db0e6e820ee0717f20d2030b5b9fe7b076f1cb2c38aec5ecb83a4c84c9f0fc51b699ddc8d56ac07e091d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 82642bd975b0463aacc2ab5d7181eb62 |
| SHA1 | f656bc97467cd261f10dddffab89d2792dd2ade7 |
| SHA256 | e59bd0cfdf6447ab6804ff900beb555048b0aeb334055b3cb0c0dfd9a837cc8f |
| SHA512 | 08de1d6f829772f470624414a34ef4775bfd02788381c6bb8204eb8c4f2321c01a43f17101861d98147495c087bc03697fc9d1b4b03936c6101ee649be34ae07 |
C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe:Zone.Identifier
| MD5 | 0c603d5b0d59544d94b7d8120125a221 |
| SHA1 | 9198c13aeca060ffa20ad5597fc093ce4d691f70 |
| SHA256 | 72b784412519491e5ebf19b9fd1d17faaa6dcf5cbc3490f4bb348fdeb0dcf373 |
| SHA512 | 9dae09d66148a9f71fbaa4896c779137fcc5c3861ad2994b569b569d978b98f5bc07fafe5718ce420b0c4a0705c618a6c86fcc7910becc9d404ea5e2677fb3e2 |
C:\Users\Admin\AppData\Local\Temp\7zO090AA789\XWormLoader 5.2 x32.exe
| MD5 | f3b2ec58b71ba6793adcc2729e2140b1 |
| SHA1 | d9e93a33ac617afe326421df4f05882a61e0a4f2 |
| SHA256 | 2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae |
| SHA512 | 473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495 |
memory/2848-551-0x0000000000E30000-0x0000000000E50000-memory.dmp
memory/2848-550-0x0000000074E30000-0x00000000755E1000-memory.dmp
memory/2848-552-0x0000000074E30000-0x00000000755E1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zO0909C7F9\XWorm V5.2.exe
| MD5 | 8b7b015c1ea809f5c6ade7269bdc5610 |
| SHA1 | c67d5d83ca18731d17f79529cfdb3d3dcad36b96 |
| SHA256 | 7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e |
| SHA512 | e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180 |
memory/1872-582-0x000002DDC6260000-0x000002DDC6E98000-memory.dmp
memory/1872-581-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/1872-588-0x000002DDE23B0000-0x000002DDE23C0000-memory.dmp
memory/1872-589-0x000002DDE23C0000-0x000002DDE2FAC000-memory.dmp
memory/1872-590-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zO090833D9\XWormLoader 5.2 x64.exe
| MD5 | e6a20535b636d6402164a8e2d871ef6d |
| SHA1 | 981cb1fd9361ca58f8985104e00132d1836a8736 |
| SHA256 | b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2 |
| SHA512 | 35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30 |
memory/1600-610-0x0000000000FE0000-0x0000000001000000-memory.dmp
memory/1600-611-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp
memory/1600-612-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp
memory/4204-632-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp
memory/4204-633-0x000001ACF3E70000-0x000001ACF3E80000-memory.dmp
memory/4204-634-0x00007FFC969F0000-0x00007FFC974B2000-memory.dmp
memory/1268-654-0x00007FFC96AA0000-0x00007FFC97562000-memory.dmp
memory/1268-655-0x00007FFC96AA0000-0x00007FFC97562000-memory.dmp