Malware Analysis Report

2024-09-23 00:06

Sample ID 240503-ph7m3sgc33
Target XWorm V5.2.rar
SHA256 14a4f6c9137eee4c24fe5c52dae6bc82fecb9b8e832742b5b40f734e6e842a5a
Tags
agenttesla agilenet keylogger spyware stealer trojan pdf link stormkitty
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

14a4f6c9137eee4c24fe5c52dae6bc82fecb9b8e832742b5b40f734e6e842a5a

Threat Level: Known bad

The file XWorm V5.2.rar was found to be: Known bad.

Malicious Activity Summary

agenttesla agilenet keylogger spyware stealer trojan pdf link stormkitty

AgentTesla payload

Contains code to disable Windows Defender

Stormkitty family

StormKitty payload

Agenttesla family

AgentTesla

AgentTesla payload

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Checks computer location settings

Drops file in Windows directory

One or more HTTP URLs in PDF identified

Unsigned PE

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: MapViewOfSection

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-03 12:21

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

One or more HTTP URLs in PDF identified

pdf link

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

150s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Pastime.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Pastime.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

139s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Programs.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Programs.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

130s

Max time network

134s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Ransomware.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Ransomware.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

137s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\RemoteDesktop.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\RemoteDesktop.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.246.116.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

136s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\RVGLib.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\RVGLib.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 225.162.46.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:23

Platform

win10-20240404-en

Max time kernel

10s

Max time network

22s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\HiddenApps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\HiddenApps.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

140s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Microphone.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Microphone.dll",#1

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:25

Platform

win10-20240404-en

Max time kernel

126s

Max time network

136s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Options.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Options.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

137s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\VB.NET Compiler.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\VB.NET Compiler.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

133s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe

"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWorm V5.2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp

Files

memory/688-0-0x00007FFC02D83000-0x00007FFC02D84000-memory.dmp

memory/688-1-0x0000024EF18C0000-0x0000024EF24F8000-memory.dmp

\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll

MD5 2f1a50031dcf5c87d92e8b2491fdcea6
SHA1 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA256 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA512 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

memory/688-8-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp

memory/688-9-0x0000024EF58D0000-0x0000024EF64BC000-memory.dmp

memory/688-10-0x0000024EF67E0000-0x0000024EF69D4000-memory.dmp

memory/688-11-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp

memory/688-12-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp

memory/688-13-0x00007FFC02D83000-0x00007FFC02D84000-memory.dmp

memory/688-14-0x00007FFC02D80000-0x00007FFC0376C000-memory.dmp

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

142s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Recovery.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Recovery.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:25

Platform

win10-20240404-en

Max time kernel

130s

Max time network

139s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\WSound.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\WSound.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:25

Platform

win10-20240404-en

Max time kernel

132s

Max time network

140s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\SimpleObfuscator.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\SimpleObfuscator.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

136s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Ngrok-Disk.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Ngrok-Disk.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:25

Platform

win10-20240404-en

Max time kernel

125s

Max time network

137s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Regedit.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Regedit.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:25

Platform

win10-20240404-en

Max time kernel

132s

Max time network

142s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\ServiceManager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\ServiceManager.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:25

Platform

win10-20240404-en

Max time kernel

126s

Max time network

137s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Stealer.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Stealer.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

131s

Max time network

138s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Maps.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Maps.dll",#1

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

142s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\MessageBox.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\MessageBox.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

133s

Max time network

141s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\StartupManager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\StartupManager.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

146s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Informations.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Informations.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

139s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Keylogger.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Keylogger.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

133s

Max time network

137s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\ProcessManager.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\ProcessManager.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

133s

Max time network

140s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Shell.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Shell.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

141s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\WebCam.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\WebCam.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:25

Platform

win10-20240404-en

Max time kernel

149s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x32.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x32.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "124" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "124" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "421514863" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000e5ef862915a3f92a9f05c7b72e6adec63d9849fe19fa635a7a10b16d5619e5f0cd1a27545ec236b7a1c736addba4d396edf105c39a6c5e01109b C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4d7261aa549dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "421583393" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bb67bf94549dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 4256 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 928 wrote to memory of 2884 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x32.exe

"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x32.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
BE 2.21.17.194:443 www.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 13.107.253.64:443 js.monitor.azure.com tcp
US 13.107.253.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 49.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.73.27:443 browser.events.data.microsoft.com tcp
US 20.42.73.27:443 browser.events.data.microsoft.com tcp
US 20.42.73.27:443 browser.events.data.microsoft.com tcp
US 20.42.73.27:443 browser.events.data.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 145.155.9.20.in-addr.arpa udp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.145:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.42.73.27:443 browser.events.data.microsoft.com tcp
US 20.42.73.27:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.155:443 www.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 225.162.46.104.in-addr.arpa udp

Files

memory/4412-16-0x000001C5A6A20000-0x000001C5A6A30000-memory.dmp

memory/4412-0-0x000001C5A6920000-0x000001C5A6930000-memory.dmp

memory/4412-35-0x000001C5A5A80000-0x000001C5A5A82000-memory.dmp

memory/1352-43-0x0000016904880000-0x0000016904980000-memory.dmp

memory/1352-45-0x0000016904880000-0x0000016904980000-memory.dmp

memory/4256-58-0x000001B6EC030000-0x000001B6EC032000-memory.dmp

memory/4256-63-0x000001B6EC080000-0x000001B6EC082000-memory.dmp

memory/4256-61-0x000001B6EC060000-0x000001B6EC062000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\23TXP48C\dotnet.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/4256-170-0x000001AE82800000-0x000001AE82802000-memory.dmp

memory/4256-178-0x000001AE82860000-0x000001AE82862000-memory.dmp

memory/4256-176-0x000001AE82840000-0x000001AE82842000-memory.dmp

memory/4256-174-0x000001AE82830000-0x000001AE82832000-memory.dmp

memory/4256-172-0x000001AE82820000-0x000001AE82822000-memory.dmp

memory/4256-188-0x000001B6FD730000-0x000001B6FD750000-memory.dmp

memory/4256-168-0x000001AE826E0000-0x000001AE826E2000-memory.dmp

memory/4256-166-0x000001AE826C0000-0x000001AE826C2000-memory.dmp

memory/4256-198-0x000001B6FD730000-0x000001B6FD750000-memory.dmp

memory/4256-205-0x000001AE82B00000-0x000001AE82C00000-memory.dmp

memory/4256-230-0x000001AE82D00000-0x000001AE82E00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

MD5 c05cddb574b5877f2dd77e140bc281e6
SHA1 a407d471b205d3acf44fd5dbe96df38609f8e375
SHA256 4b386aa4120330e845ee58f935994bd488094690b70eee72f86289d26ddaef2a
SHA512 60c77357b76ba6b57dba09607d42b80a7efd27f26ec34dab40ee8f7973a9ba89a508fae6366244ad3f283795a8fc5e77ae4affb7810e46461b4b1c46c3666d30

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

MD5 628c18d17f9620cd8a1f40f9800c1b8a
SHA1 6ab2ed359b05beac18952a47856f2fd7732842a0
SHA256 eabac670105ff78fab85ae69ba32b62dea23443ea30078687b3e7fa112f7012b
SHA512 1b3d1013a52e1aa5985952beeeaf605d274157186c4861ac83aea211aa5903d2fe12152da6cc2b6947e3962f78990cd0a2d37a3eefd2e46313e89083135ec3de

memory/4256-237-0x000001AE82E20000-0x000001AE82E22000-memory.dmp

memory/4256-240-0x000001AE82E30000-0x000001AE82E32000-memory.dmp

memory/4256-263-0x000001AE836E0000-0x000001AE83700000-memory.dmp

memory/4256-293-0x000001AE83B00000-0x000001AE83C00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 566393b9875625163c74ebebc75623ab
SHA1 08bdbda734b6b86d4a16bb01f09f9d61334df977
SHA256 b0c40072f1d03d9ba50975686065f5c36c88f160328b982cc38dcd5b30014fc5
SHA512 eb72e33bf3065bf082ac4ba03d953d226ced5d61fd6782fb351f1ebd205786f2d7417ba9d6cb6640d2465a0ce91eb127119621d61c991220cad949ad9a53f692

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 58490d95e346f9c974d60fbb1e34a9bf
SHA1 0c65379a63af6e76f5c6717fcb92d403b280ca5a
SHA256 39fc846dbd28fdf8c96fab4d198ff40f05225968fd337ae476f152615b3bfd1f
SHA512 71f4e54b3eb4e5bd32c361324a0de3d16de56a35a6c5451c62f5cb4d635e3624ddc88226398a3093267a46325d6a655a9f635757dc5a8c55c6580457fb459997

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\23TXP48C\dotnet.microsoft[1].xml

MD5 b2beef5a2acbf5487d22a26f13393d04
SHA1 03145f61d0440a0d17be15105d316539e911ffb5
SHA256 05641591cb2ef808f6db03aeb125e49c17b023f0ba8183a59cca88577ec5ad38
SHA512 801783d53ef1b7c353e5b395801ac918e1084be0ebd1b3567d8f0b196cd28190bc562e7255d022c3877591ac1e41d820e27ab9711e79abb4c95cdd78fb5ee46b

memory/4412-343-0x000001C5AD0F0000-0x000001C5AD0F1000-memory.dmp

memory/4412-342-0x000001C5AD0E0000-0x000001C5AD0E1000-memory.dmp

memory/4256-339-0x000001AE82FA0000-0x000001AE82FC0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\dix8bm4\imagestore.dat

MD5 c2850afdb44e42e1beeda09301022fdb
SHA1 26e6b06a8b4b80c648d6c7f3da0baa26a199b02c
SHA256 974064543ec971f84647ac8f8567f1b3b444a3202c99fc4744cdc6e5c1d81503
SHA512 088516d9373394ec04f644a53bccbcad213639b06616c93a67a3ff62f128e2b646820efbb2c8dd2bf4e9860a4d26c44ff503c8f5afe29ce974743d1617a8ada0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4PVGC4I5\favicon[1].ico

MD5 8565042b6db20c23647202bf4b95f11b
SHA1 9f0829cb3ceef14ac10e0b66338d8b7243a09101
SHA256 dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969
SHA512 dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\7a-c9e644[1].css

MD5 b7af9fb8eb3f12d3baa37641537bedc2
SHA1 a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4
SHA256 928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71
SHA512 1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\cookie-consent.min[1].js

MD5 2ad93f6c4dd71b579f187d1463457ee4
SHA1 55720a32d32781f421f8a2c70c424a69e2fa7c21
SHA256 d2d1b9863e393a6a8ac95617470d67f7d21044004e4f08d7cd65e480a05204a8
SHA512 1cc6445bbd18951ce30ca48fece2560a3d15e8176abf91a54a1819ad28fbb2fbf28d30ef9d08ac83fb1f3bfffe9178c07642bdeee056f202b8dbd6e5b71b4305

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\bootstrap-custom.min[1].css

MD5 b35590e4d3bf1b0b2bf9b986c30a7183
SHA1 fde573711c2c27e6c2824e3f3ae1bf6e3d216330
SHA256 1dc203879fb2076f320b714edd1d9d83f605ad9c50d341d4dc695f821586f96b
SHA512 2d2a6bf3828d402c66215977220643c0c6dadd55216c41951e9e71147e87f3df3562576cbc384b5c6bca8aca1f90d49f2cd5ae2a9c10c4dc057847bcf8f743ec

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\ms.analytics-web-4.min[1].js

MD5 980d73a0137e5551defdbd0b2ec375d8
SHA1 2e9e819deca8f7c54da873c36e9bde49a3720b15
SHA256 0d7e2f7aaa0b683cd0e5ae10a5258c8af3c7d1ab7a71b7d7517444972d520c9e
SHA512 a39a91cabc930d0746cc88da89852b9f23aadfcfc63228eb9ec7b9937ef3d22dbb875623f3e343f225a842dad26920167cd81397a9ba57830a750c5b40512ca0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\analytics.min[1].js

MD5 29dd8eed8b9d930080dc0f2970261930
SHA1 d0cbf2f13789c6704caac2e296e9b05c131a5536
SHA256 ebdd29b3d27624771d3f8272f26eabb31c7f15ae175382f21c60d72035b7f36e
SHA512 fb3c68d5713e7653ef4c677dae5c444901fb67d8045f5fb75635d78d8ab9427e9564b66b4dd9fb8131d1e05c7a877343fabcc931a71ba533a3a0f8a82737bf86

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\RE1Mu3b[1].png

MD5 9f14c20150a003d7ce4de57c298f0fba
SHA1 daa53cf17cc45878a1b153f3c3bf47dc9669d78f
SHA256 112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
SHA512 d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\footer.min[1].js

MD5 33eb53d99fb8b6b0fc16b035559b20d5
SHA1 db024d172c6623da9c65ace778c802bd46a4f043
SHA256 0aa837fa8bbdc8d87bda9c64ca64732fdf87d85e2f8768b2220e1e03ab48df42
SHA512 6575c35d99efb1671b1083165e10a04ce93bd715cb1165af5964d9051dff1c5ec0e86b51487ee51eac4e62807182de5677467475f3588dbfefbab42f1e79e51b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\dotnet-framework-runtime[1].svg

MD5 5aaa8c37cd59979b920cd21c4a50a38d
SHA1 0ee61e3b2d58513b92cf4c6b5114c1beb55539e7
SHA256 db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6
SHA512 0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\culture-selector.min[1].js

MD5 65e4fabaf367e6939430be6fe05935af
SHA1 587a6067898e629ea6f1716ff7064c25840062c1
SHA256 b9bc645052f44b7253656603f4cf94685f6b057474be7be907f18ae28a4108b3
SHA512 28b4abd683761569b859826bead14a8997f61ba5621c32d4abd013c10e5112ffff0467648985a7adf5e909beae48d21f4d7b68520195767661e797172bdc191c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\theme-toggle.min[1].js

MD5 6af1846ed39ed810c75045f6eba79a79
SHA1 1581aa2e2be1276f76f6f237fd61c4cd667f8da6
SHA256 3391e6a4a0ebcdd8a28c22555d0c271d325fd0b150ea90612593797028d19f03
SHA512 a3d13e9eac46c0b594013abaaeba4868e944fafc01e9382971867983ed6edf98eded06d54738703635ee9bba21e996c1f53e8552f3ab7bf8df7f9634d67eae1f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\general.min[1].js

MD5 49b237e0e1b4d7f8e79eef67df8fc31b
SHA1 e84b25d606a998921900c18808ac1c1a727a0640
SHA256 c935dcc9f529f434237f4b507263236cd1fe9ee650735946a55a7f0c4f366018
SHA512 0c22d53148b3ca147f69e47ad156e906b7a7d5cbea402b3c77a37f42c5abdc060add4c6b6c56066893aa6b67af461b9aca1d43ed7f1243acf28df225a7d7b343

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\mwfmdl2-v3.54[1].woff

MD5 d0263dc03be4c393a90bda733c57d6db
SHA1 8a032b6deab53a33234c735133b48518f8643b92
SHA256 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA512 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\main.min[1].js

MD5 c4297773569863be0cdafdc4c1086f53
SHA1 756025b6f96d6c6808b2369ea9bacd5ba8ccf694
SHA256 c2b8db1f87d37b321e6918e8b8f9ae40e2fa7c550d34a0e36c9f6ec3d2915af5
SHA512 1a3f9750ba23fa1ece05944cd886eedc631fba538fd9c219c3a4cca217aee2251a88a2fd05e50ea08c0f04460806fcf2b09453c54fca9c57072c0753c0a25661

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\gpc-data-sharing.min[1].js

MD5 cb6d12455dd83cdc7abaee67f9e451a9
SHA1 a1c26b6d709ddc7370740b023c7241a7447c5c4e
SHA256 3eecbd8323ba84954c3115a31a4d6b4d5e97befcc859622812c2f6c706afeae6
SHA512 21399b52a792adae4ee775f8f67beec835f6b1e61245fa812abed0711b8de8c1c665b437e9424ea995055126df48c2a9c3c31c04dbef996ccebf96c964b7ea13

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\open-sans-v34-latin-700[1].woff2

MD5 e45478d4d6f15dafda1f25d9e0fb5fa1
SHA1 52cb490cd0ee4442ede034085cda9652b206f91c
SHA256 d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72
SHA512 2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\open-sans-v34-latin-600[1].woff2

MD5 603c99275486a11982874425a0bc0dd1
SHA1 ffeb62d105d2893d323574407b459fbae8cc90a6
SHA256 4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127
SHA512 662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\open-sans-v34-latin-regular[1].woff2

MD5 e43b535855a4ae53bd5b07a6eeb3bf67
SHA1 6507312d9491156036316484bf8dc41e8b52ddd9
SHA256 b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
SHA512 955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\wcp-consent[1].js

MD5 5f524e20ce61f542125454baf867c47b
SHA1 7e9834fd30dcfd27532ce79165344a438c31d78b
SHA256 c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
SHA512 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\space-grotesk-v12-latin-700[1].woff2

MD5 514360ed1b78e71aabe58ecd08f36706
SHA1 1062c179ea2f74b5db67f9d7822c556ed25637dd
SHA256 751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc
SHA512 1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\6c-7627b9[1].js

MD5 b9c3e4320db870036919f1ee117bda6e
SHA1 29b5a9066b5b1f1fe5afe7ee986e80a49e86606a
SHA256 a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48
SHA512 a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\43WNFCYV\alert-promo[1].svg

MD5 b119b49f7f799d680e0ade981c8c36e1
SHA1 b2134ee3d8a4669c4b93225c0b987be0c78b6e6e
SHA256 2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4
SHA512 c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\alert-info[1].svg

MD5 c7db49644f6bf1f50b3190ffba0516ed
SHA1 5bb312a0b6357ccb7e93158ac0f97b4e249e4696
SHA256 2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281
SHA512 9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\cda-tracker.min[1].js

MD5 4224409739020ba30e3752c0d1f273d0
SHA1 54980ee9df0ef712048572c80dc8d70710178538
SHA256 a840f2b9595bf4deab839d5eb1ce4b8f7c93576db27a62e7428920825b151f5a
SHA512 1cbf209bfbf939713608be74eb2aaa788d250dacc40349ef10ee50074c62c47d1c0b2ad2d4a88d23a9b81e2059843e2add2f867ea98daef3d7f19b7643765c4b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\ai.2.min[1].js

MD5 30f39ae5d1d05a439046a7640510b486
SHA1 716efa29594edae8832bb8b12e7fb19bc06e06fe
SHA256 bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136
SHA512 f67fdafca801746226acb9d2ef6d90070dd1d8a5a08bcb5dd1c94631f1559373c56d9796a5633cac03e1a5a384cf01d60c080a6ef16cea4b52aaa93ed364b55a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 601546482f46c71cdab6b331340e0e55
SHA1 df582e6cb8d3de63ee31212b85bfc14b28bf1998
SHA256 521c23da9919eb446c563f602744242a920b02ffcb3fa2f51b90ff389e565eb4
SHA512 55a268e3aa117270d74f6670ca87abc5c55c72b92913097b60b21509195f5a8fead2789d659bfe1fe336c777aba2cd4758e75860a61c751315143052948ab077

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 45717aecccd10162f60a4622023be5f6
SHA1 1fc08b42c00e2c54eba9c0a1c002506f960c40db
SHA256 f184001310793d73a8c8121605b6be29f642e5dc35f29022b62fe660afac253a
SHA512 0058288bd23237b478242427fa510f9516227de00a2a480a578385c5ca2d399af21a0ab3fec1e83f8d7eea75736f0d9cb5915f330687182661d960daf89d562e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZDIGHWMN\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3DX3L2I7\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

147s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\TCPConnections.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\TCPConnections.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

140s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\UACBypass.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\UACBypass.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:23

Platform

win10-20240404-en

Max time kernel

65s

Max time network

56s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x64.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x64.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 50fb8dfd869dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "10" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. = 01000000d750ce7f3fc8b94011bee3efa8c810e9cfe4381463dca28e9c11ee2be81de1edfff4395cc47b892f7fc3bc69280f1f5f252058d3201ebc67b623 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5e9331b3549dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 25a0ceae549dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1d254598549dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdomai = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "134" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 38bf9f98549dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ea51409e549dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 3284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3700 wrote to memory of 4360 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x64.exe

"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\XWormLoader 5.2 x64.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
BE 2.21.17.194:443 www.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 49.15.97.104.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.65.94:443 browser.events.data.microsoft.com tcp
US 20.42.65.94:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.42.65.94:443 browser.events.data.microsoft.com tcp
US 20.42.65.94:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 148.155.9.20.in-addr.arpa udp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp

Files

memory/2360-0-0x0000024015C20000-0x0000024015C30000-memory.dmp

memory/2360-16-0x0000024015D20000-0x0000024015D30000-memory.dmp

memory/2360-35-0x0000024014DF0000-0x0000024014DF2000-memory.dmp

memory/4256-45-0x000001A5BFB10000-0x000001A5BFC10000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

MD5 c05cddb574b5877f2dd77e140bc281e6
SHA1 a407d471b205d3acf44fd5dbe96df38609f8e375
SHA256 4b386aa4120330e845ee58f935994bd488094690b70eee72f86289d26ddaef2a
SHA512 60c77357b76ba6b57dba09607d42b80a7efd27f26ec34dab40ee8f7973a9ba89a508fae6366244ad3f283795a8fc5e77ae4affb7810e46461b4b1c46c3666d30

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

MD5 49104075409dbc0e2572c587d7e18c92
SHA1 fd58b0668507f4214885e2639042b6025ab27c6d
SHA256 3ad4dc700b7efe1816b24299c9caa41441f1541eb28a676cd02a359cec4b3096
SHA512 96f16e105f524676d5f7a335a0b883335a96895605c741879482b1129d38998ce99fcd1f095940ef0f52ee15faa94c3daaa404061c60ea046f43fec2fc2fb39b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 c125c2c9080a670d7452859606c11743
SHA1 6eb0ce217a7fe31ce4674d602d938fdeb7b3bc07
SHA256 ce60007cab332642386773c800167db1ec0d621124eb1c1c7ebcf05e065f2f7b
SHA512 ad121df35e410bd4caf3da94e533a25f25c27d66fa930bdf0b22620cbae21421e8a9380ffbbf0d8cfa2c9cf9a806ac27df2e2cfa5d8799427c7c66a80cbc29e0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 566393b9875625163c74ebebc75623ab
SHA1 08bdbda734b6b86d4a16bb01f09f9d61334df977
SHA256 b0c40072f1d03d9ba50975686065f5c36c88f160328b982cc38dcd5b30014fc5
SHA512 eb72e33bf3065bf082ac4ba03d953d226ced5d61fd6782fb351f1ebd205786f2d7417ba9d6cb6640d2465a0ce91eb127119621d61c991220cad949ad9a53f692

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0NNQS8AP.cookie

MD5 69a476d43a81cf134dba10436441b2c0
SHA1 225a7b363970336afd4e0c2b95e9e78614e94dd2
SHA256 2e19ee95750c9b853e18c37e34262ec9037df3127df8e80201a2659611274752
SHA512 f9e117318d02be438aaae927800db1606111e54555f553bc4b28141efa068403274b1b387d44e09bef4d295d57d7183e971995da7827da8e642c95a5b8be7b01

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\77VQ35IZ\dotnet.microsoft[1].xml

MD5 8273ab585dbc2be171d477a0f6978e16
SHA1 bc34402954d2040b58026005ddbe5b1941c7db0d
SHA256 d4dd97d4a630aa7df1f76915f17deaadd3eb7ae939b3936fff351c587e73a417
SHA512 f3ba93cb9f431636aef2c892709123f639da50dd8ebf7477044187c582a9c54881b8322dcabe5459e4981ca55e2a96678e6034cfed753f69c558253b6a4ec35f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\77VQ35IZ\dotnet.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/3284-178-0x000001B165B30000-0x000001B165C30000-memory.dmp

memory/4360-202-0x000002788E0A0000-0x000002788E0A2000-memory.dmp

memory/4360-199-0x000002788E070000-0x000002788E072000-memory.dmp

memory/4360-204-0x000002788E0C0000-0x000002788E0C2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\7a-c9e644[1].css

MD5 b7af9fb8eb3f12d3baa37641537bedc2
SHA1 a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4
SHA256 928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71
SHA512 1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\bootstrap-custom.min[1].css

MD5 b35590e4d3bf1b0b2bf9b986c30a7183
SHA1 fde573711c2c27e6c2824e3f3ae1bf6e3d216330
SHA256 1dc203879fb2076f320b714edd1d9d83f605ad9c50d341d4dc695f821586f96b
SHA512 2d2a6bf3828d402c66215977220643c0c6dadd55216c41951e9e71147e87f3df3562576cbc384b5c6bca8aca1f90d49f2cd5ae2a9c10c4dc057847bcf8f743ec

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\cookie-consent.min[1].js

MD5 2ad93f6c4dd71b579f187d1463457ee4
SHA1 55720a32d32781f421f8a2c70c424a69e2fa7c21
SHA256 d2d1b9863e393a6a8ac95617470d67f7d21044004e4f08d7cd65e480a05204a8
SHA512 1cc6445bbd18951ce30ca48fece2560a3d15e8176abf91a54a1819ad28fbb2fbf28d30ef9d08ac83fb1f3bfffe9178c07642bdeee056f202b8dbd6e5b71b4305

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\ms.analytics-web-4.min[1].js

MD5 980d73a0137e5551defdbd0b2ec375d8
SHA1 2e9e819deca8f7c54da873c36e9bde49a3720b15
SHA256 0d7e2f7aaa0b683cd0e5ae10a5258c8af3c7d1ab7a71b7d7517444972d520c9e
SHA512 a39a91cabc930d0746cc88da89852b9f23aadfcfc63228eb9ec7b9937ef3d22dbb875623f3e343f225a842dad26920167cd81397a9ba57830a750c5b40512ca0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\analytics.min[1].js

MD5 29dd8eed8b9d930080dc0f2970261930
SHA1 d0cbf2f13789c6704caac2e296e9b05c131a5536
SHA256 ebdd29b3d27624771d3f8272f26eabb31c7f15ae175382f21c60d72035b7f36e
SHA512 fb3c68d5713e7653ef4c677dae5c444901fb67d8045f5fb75635d78d8ab9427e9564b66b4dd9fb8131d1e05c7a877343fabcc931a71ba533a3a0f8a82737bf86

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\RE1Mu3b[1].png

MD5 9f14c20150a003d7ce4de57c298f0fba
SHA1 daa53cf17cc45878a1b153f3c3bf47dc9669d78f
SHA256 112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
SHA512 d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\dotnet-framework-runtime[1].svg

MD5 5aaa8c37cd59979b920cd21c4a50a38d
SHA1 0ee61e3b2d58513b92cf4c6b5114c1beb55539e7
SHA256 db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6
SHA512 0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\footer.min[1].js

MD5 33eb53d99fb8b6b0fc16b035559b20d5
SHA1 db024d172c6623da9c65ace778c802bd46a4f043
SHA256 0aa837fa8bbdc8d87bda9c64ca64732fdf87d85e2f8768b2220e1e03ab48df42
SHA512 6575c35d99efb1671b1083165e10a04ce93bd715cb1165af5964d9051dff1c5ec0e86b51487ee51eac4e62807182de5677467475f3588dbfefbab42f1e79e51b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\culture-selector.min[1].js

MD5 65e4fabaf367e6939430be6fe05935af
SHA1 587a6067898e629ea6f1716ff7064c25840062c1
SHA256 b9bc645052f44b7253656603f4cf94685f6b057474be7be907f18ae28a4108b3
SHA512 28b4abd683761569b859826bead14a8997f61ba5621c32d4abd013c10e5112ffff0467648985a7adf5e909beae48d21f4d7b68520195767661e797172bdc191c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\theme-toggle.min[1].js

MD5 6af1846ed39ed810c75045f6eba79a79
SHA1 1581aa2e2be1276f76f6f237fd61c4cd667f8da6
SHA256 3391e6a4a0ebcdd8a28c22555d0c271d325fd0b150ea90612593797028d19f03
SHA512 a3d13e9eac46c0b594013abaaeba4868e944fafc01e9382971867983ed6edf98eded06d54738703635ee9bba21e996c1f53e8552f3ab7bf8df7f9634d67eae1f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\general.min[1].js

MD5 49b237e0e1b4d7f8e79eef67df8fc31b
SHA1 e84b25d606a998921900c18808ac1c1a727a0640
SHA256 c935dcc9f529f434237f4b507263236cd1fe9ee650735946a55a7f0c4f366018
SHA512 0c22d53148b3ca147f69e47ad156e906b7a7d5cbea402b3c77a37f42c5abdc060add4c6b6c56066893aa6b67af461b9aca1d43ed7f1243acf28df225a7d7b343

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\T5EWFM30.cookie

MD5 f50fdd176cd861ce22495aea61d0bc29
SHA1 f00d3a86c129a12b193289f70d512b21751cad58
SHA256 2b842634001474e4e9c449e17cbb8fc7ef89a096d53addcf445c40903305a93b
SHA512 6d8b6d9c8a49cb1a454ecb3f8f5b2bc43e698fff6fa101d9413c82287a9495d210901e209f251a15bfde0561fa3bcdc5b1ee37505c6ee9bca15e6d8b5e4cc548

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\main.min[1].js

MD5 c4297773569863be0cdafdc4c1086f53
SHA1 756025b6f96d6c6808b2369ea9bacd5ba8ccf694
SHA256 c2b8db1f87d37b321e6918e8b8f9ae40e2fa7c550d34a0e36c9f6ec3d2915af5
SHA512 1a3f9750ba23fa1ece05944cd886eedc631fba538fd9c219c3a4cca217aee2251a88a2fd05e50ea08c0f04460806fcf2b09453c54fca9c57072c0753c0a25661

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\77VQ35IZ\dotnet.microsoft[1].xml

MD5 d8d5137a97d5d5962cd283cebf4f7096
SHA1 ff657d8e708b291161653fc25f07d84d4f5a71a1
SHA256 079a5fb114f24d3f5fdc7605d2a199bac8eb9b0fcf78bdb3cbfc4459acf39b30
SHA512 6717003e73b6597dd4987e8f2302f6bb88a1fc8131d3ac316959cbac8e4cde927ade2413d8bf784e2c8ec956597b038ef1ad46d817237012caa779453f18911e

memory/3284-313-0x000001B1653E0000-0x000001B1653E2000-memory.dmp

memory/3284-311-0x000001B1653A0000-0x000001B1653A2000-memory.dmp

memory/3284-309-0x000001B165380000-0x000001B165382000-memory.dmp

memory/3284-307-0x000001B165320000-0x000001B165322000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\gpc-data-sharing.min[1].js

MD5 cb6d12455dd83cdc7abaee67f9e451a9
SHA1 a1c26b6d709ddc7370740b023c7241a7447c5c4e
SHA256 3eecbd8323ba84954c3115a31a4d6b4d5e97befcc859622812c2f6c706afeae6
SHA512 21399b52a792adae4ee775f8f67beec835f6b1e61245fa812abed0711b8de8c1c665b437e9424ea995055126df48c2a9c3c31c04dbef996ccebf96c964b7ea13

memory/3284-324-0x000001B166190000-0x000001B166192000-memory.dmp

memory/3284-322-0x000001B166180000-0x000001B166182000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\mwfmdl2-v3.54[1].woff

MD5 d0263dc03be4c393a90bda733c57d6db
SHA1 8a032b6deab53a33234c735133b48518f8643b92
SHA256 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA512 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

memory/3284-319-0x000001B1660A0000-0x000001B1660A2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0SOU24XJ\open-sans-v34-latin-regular[1].woff2

MD5 e43b535855a4ae53bd5b07a6eeb3bf67
SHA1 6507312d9491156036316484bf8dc41e8b52ddd9
SHA256 b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
SHA512 955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\wcp-consent[1].js

MD5 5f524e20ce61f542125454baf867c47b
SHA1 7e9834fd30dcfd27532ce79165344a438c31d78b
SHA256 c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
SHA512 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\6c-7627b9[1].js

MD5 b9c3e4320db870036919f1ee117bda6e
SHA1 29b5a9066b5b1f1fe5afe7ee986e80a49e86606a
SHA256 a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48
SHA512 a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\open-sans-v34-latin-600[1].woff2

MD5 603c99275486a11982874425a0bc0dd1
SHA1 ffeb62d105d2893d323574407b459fbae8cc90a6
SHA256 4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127
SHA512 662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\cda-tracker.min[1].js

MD5 4224409739020ba30e3752c0d1f273d0
SHA1 54980ee9df0ef712048572c80dc8d70710178538
SHA256 a840f2b9595bf4deab839d5eb1ce4b8f7c93576db27a62e7428920825b151f5a
SHA512 1cbf209bfbf939713608be74eb2aaa788d250dacc40349ef10ee50074c62c47d1c0b2ad2d4a88d23a9b81e2059843e2add2f867ea98daef3d7f19b7643765c4b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\open-sans-v34-latin-700[1].woff2

MD5 e45478d4d6f15dafda1f25d9e0fb5fa1
SHA1 52cb490cd0ee4442ede034085cda9652b206f91c
SHA256 d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72
SHA512 2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\alert-info[1].svg

MD5 c7db49644f6bf1f50b3190ffba0516ed
SHA1 5bb312a0b6357ccb7e93158ac0f97b4e249e4696
SHA256 2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281
SHA512 9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\alert-promo[1].svg

MD5 b119b49f7f799d680e0ade981c8c36e1
SHA1 b2134ee3d8a4669c4b93225c0b987be0c78b6e6e
SHA256 2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4
SHA512 c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86

memory/3284-340-0x000001B165E50000-0x000001B165F50000-memory.dmp

memory/3284-339-0x000001B1664E0000-0x000001B166500000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\F971OY3C.cookie

MD5 bca64ae8ddc9dd4a505b1fbf337d929f
SHA1 70d60218640438f07b9259e5fb11257125fad373
SHA256 d1cf327ebf2cdfe67a2c93de2ef11952528a257585eef8ddbed4ca5982e7dd5a
SHA512 f88226248acad6a11d0864d6f407a104676a934586aac235513fb66356b8520f57fb3eb041dfc9392d2172db9f07226266bb57efa65383e8c3009415549b2178

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XKOJ4XA\space-grotesk-v12-latin-700[1].woff2

MD5 514360ed1b78e71aabe58ecd08f36706
SHA1 1062c179ea2f74b5db67f9d7822c556ed25637dd
SHA256 751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc
SHA512 1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

memory/3284-364-0x000001B166E00000-0x000001B166F00000-memory.dmp

memory/4360-361-0x00000278A4590000-0x00000278A4592000-memory.dmp

memory/4360-359-0x00000278A4570000-0x00000278A4572000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IATQ7BXD\ai.2.min[1].js

MD5 30f39ae5d1d05a439046a7640510b486
SHA1 716efa29594edae8832bb8b12e7fb19bc06e06fe
SHA256 bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136
SHA512 f67fdafca801746226acb9d2ef6d90070dd1d8a5a08bcb5dd1c94631f1559373c56d9796a5633cac03e1a5a384cf01d60c080a6ef16cea4b52aaa93ed364b55a

memory/4360-378-0x00000278A18C0000-0x00000278A19C0000-memory.dmp

memory/3284-383-0x000001B16AAB0000-0x000001B16ABB0000-memory.dmp

memory/4360-385-0x00000278A18C0000-0x00000278A19C0000-memory.dmp

memory/4360-390-0x00000278A4B40000-0x00000278A4B60000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XDCVSPPB.cookie

MD5 9be181c101ea5cb9e5bd55ea548ea683
SHA1 e95fbb35cfbaa01dc347d7ac3788bb0fde4e0045
SHA256 6d222faa8dad2c515a45e0eb0a292d0a8eaec6b94373c8f15f34405d982355ad
SHA512 8253846b142fa2c144c52afd5f7fb32332478a609727ff6fa3d3e485ee3f18d12e18111a119ab68d95a727bbbe92d6a6fd07130a64e2d29c27f1524fcbe6c2af

memory/3284-414-0x000001B166A40000-0x000001B166A60000-memory.dmp

memory/2360-456-0x000002401C3B0000-0x000002401C3B1000-memory.dmp

memory/2360-455-0x000002401C3A0000-0x000002401C3A1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Q1R3QIZW.cookie

MD5 94dbfcc82e3cd97f730d436e7477a8da
SHA1 35ffa40d18d6491aab33532a02f2e137815dd484
SHA256 83c1acd307ffac57d3dd70fda338b246912a5532c682604a55c334312d2bbf2e
SHA512 8941006c88ea3bfea22354c555b58d229223d3811cbd3b0fcd96a443639b34761c118727381b1380271ef2293cfab0635e74114e2a8e7188439e73e4e4538400

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\9r16vxv\imagestore.dat

MD5 9c3954688c474613635adf198fc49c6f
SHA1 09a7b270dab8aa6260b1142371aa0165a8ea2d74
SHA256 b0d47f4f89591af60b858f489bb8f3d1b033744acbf2ea99f844733b5c105e8e
SHA512 598e83d093d82fb24f5ba005f29d3f70267f44f21f6df9b490fd602c7226c28512464ddc63f9d20c29cab2ac85d413601f85ac39313f3a80e201792ea9ea7e30

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 601546482f46c71cdab6b331340e0e55
SHA1 df582e6cb8d3de63ee31212b85bfc14b28bf1998
SHA256 521c23da9919eb446c563f602744242a920b02ffcb3fa2f51b90ff389e565eb4
SHA512 55a268e3aa117270d74f6670ca87abc5c55c72b92913097b60b21509195f5a8fead2789d659bfe1fe336c777aba2cd4758e75860a61c751315143052948ab077

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 c57e2cff2236abf614a2664ecc6bfc2d
SHA1 71175425ba031c25debaaaab40e40a78f0561bc2
SHA256 10f3472756bef6a8dab7e48d87a792e97d93559079a2c3f5cbebc86aa0be32cd
SHA512 8c873a0e1e677bd56a2dcd625a6b1e756ec2b8bee5f0203912e2401da42d053ed60690252d4f78c9bd8fbc9edc0c75b68f670b810627fa5a46e9ba00e38b1097

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\E81C7T4Q\favicon[1].ico

MD5 8565042b6db20c23647202bf4b95f11b
SHA1 9f0829cb3ceef14ac10e0b66338d8b7243a09101
SHA256 dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969
SHA512 dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 acc95b229fc384f403aadbfd1d24cfd2
SHA1 d51c152540c19bd93a556da004f21b0b0f6a1105
SHA256 f2ab39f17941be0aec1671bf5b46a5d8e52243e2241dff095ad6db2175d748ce
SHA512 00b20382de4b7fd7894709a5fa322cd981e794a30d6aaff71077ffaf3614abdd7a801977d0e06377d30ba5d77d124979c2848be943736e239109a177a70be646

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 c88304ffc25fca0d8ddaec9d6c5e75cf
SHA1 a873ffd2dfd9479c19eec85a1cb6d2f63239a4e1
SHA256 694963fba21a4ad08ce3fe8e5db2501361408d3b9fa626dd2dc5e1d94c2a3e91
SHA512 8b5a2e7c0acffa9d189f856102ce45727277c9521b4548f3434d44e425dcfe5cb0926374a1846b637cdf8b468ebb6a579b5df62efc61cbfe37fd6fd73433e4bf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IDYA5VKH.cookie

MD5 14e5c09a065ab3c31e65ae72d821349c
SHA1 a0e7f6a2b5fdb98c7eabb2e549e3dd6bc111ee8e
SHA256 ff03890f12de03495df224b7268fb221b0bbd11d7125fa5064db1d2b300646a0
SHA512 c50caee2f3d9424dc69143ec133f367d77d6fcb0fe4626aa57539f47ad87ed0a88aded768eb9227dd0198ee42f5fcad10e5aa61242804fa5fd4e7024f208db7d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KI7JD52J.cookie

MD5 15a67ba9596592ce9df7e17bedfb66e7
SHA1 b214b69919231d9d3de96d8e62604a18ebe0396c
SHA256 a9e4bdb519015f5ff4c144a4bdca0f2c59cf2e717c45ec47ee219a9f657b80e2
SHA512 5de004d841f8b05255ec6af3de663f5b3c771ef747d5feea108e511d526eb0b9abb73b2caa3dda9fb4ca08fc14ecd93b25390a50343990d711ae469c761eafed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WF44NWEL.cookie

MD5 ae539524a0aff57e9e3e4739c601f355
SHA1 ccc06a6e1a9fe8849d1380c1b29d60ccd1cdd5f3
SHA256 3621033dfe2d2cbd784d2746c477c59954f88a4f12a98a4b495a3adc1c48d96b
SHA512 613102b8be64781510b15c4802f66cbb7488c230c72c28486ee2aa8e5092012dbe8eb5ca39f9ea98f67c72e21553641fed8932ceccc7ff06015ac0b23147f869

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\98H7U9P4.cookie

MD5 8e39dedc1e8226e588072f40c01f82d0
SHA1 67994379fc79bbf4e1dc9d0167ed5cfa45d91f60
SHA256 097981ad459ac8aafbee1c4116e597c39ce63229db75ac5bdf09f71554773c82
SHA512 0a16db2ff536461d3d89bb605bfb3f153506783a99b44f52aa64ac552cab34fd463a02828544e401fec568638abf18e4bd86f5f369c55d96d9877a0ab0ddec00

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PLMGVTX4.cookie

MD5 0a84b2a0178bc0efeca3f94ea4539964
SHA1 3cc5b21f1b119eee5dcfb52eaf676d9e8c0dd4a0
SHA256 b4021529e35cb86b8e105ca20f10324ebc52891e6e4c4a31864181cdfbc641a0
SHA512 ff808ff673a41de2212062498f84c408d9133e491fe3da1f104f0ef5390404946b7ac5f5bc7483614f3d3abc15720087192ce8a23fae25132fbb7ee8569689d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2TT8RSZ7\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:22

Platform

win10-20240404-en

Max time kernel

14s

Max time network

17s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Performance.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\Performance.dll",#1

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:25

Platform

win10-20240404-en

Max time kernel

130s

Max time network

139s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\ReverseProxy.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\ReverseProxy.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-03 12:20

Reported

2024-05-03 12:24

Platform

win10-20240404-en

Max time kernel

132s

Max time network

137s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\RunPE.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\Plugins\RunPE.dll",#1

Network

Country Destination Domain Proto
US 52.111.227.11:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

N/A