Analysis Overview
Threat Level: Known bad
The file https://github.com/Wizard641/XWorm-V5.2-Cracked/releases was found to be: Known bad.
Malicious Activity Summary
AgentTesla
AsyncRat
Async RAT payload
AgentTesla payload
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Loads dropped DLL
Checks computer location settings
Drops file in Windows directory
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: MapViewOfSection
Creates scheduled task(s)
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Delays execution with timeout.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-16 13:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 13:06
Reported
2024-06-16 13:11
Platform
win10-20240404-en
Max time kernel
299s
Max time network
299s
Command Line
Signatures
AgentTesla
AsyncRat
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NEW.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\crack.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\License.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NEW.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\crack.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630168159035538" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\ServiceTabLoadAttempts = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2ace867eeebfda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 64b71164eebfda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\MrtCache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 33abb594eebfda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "425308329" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Wizard641/XWorm-V5.2-Cracked/releases
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8cf299758,0x7ff8cf299768,0x7ff8cf299778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1864 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2824 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2832 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\" -ad -an -ai#7zMap6909:104:7zEvent17042
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4492 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5416 --field-trial-handle=1576,i,4615232182423571191,15836356532096289838,131072 /prefetch:2
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x32.exe
"C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x32.exe"
C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE
"C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE"
C:\Users\Admin\AppData\Local\Temp\NEW.EXE
"C:\Users\Admin\AppData\Local\Temp\NEW.EXE"
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\crack.exe
"C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\crack.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "License" /tr '"C:\Users\Admin\AppData\Roaming\License.exe"' & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp8634.tmp.bat""
C:\Windows\SysWOW64\timeout.exe
timeout 3
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "License" /tr '"C:\Users\Admin\AppData\Roaming\License.exe"'
C:\Users\Admin\AppData\Roaming\License.exe
"C:\Users\Admin\AppData\Roaming\License.exe"
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x64.exe
"C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x64.exe"
C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE
"C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE"
C:\Users\Admin\AppData\Local\Temp\NEW.EXE
"C:\Users\Admin\AppData\Local\Temp\NEW.EXE"
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\crack.exe
"C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\crack.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 172.217.18.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 10.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 172.217.18.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 8.8.8.8:53 | cdn4.cdn-telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| US | 8.8.8.8:53 | 41.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.35.111.34.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | 3.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | cdn4.cdn-telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 215.169.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.73.46.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 23.48.165.19:443 | assets.msn.com | tcp |
| GB | 23.48.165.19:443 | assets.msn.com | tcp |
| GB | 23.48.165.19:443 | assets.msn.com | tcp |
| GB | 23.48.165.19:443 | assets.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | 19.165.48.23.in-addr.arpa | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 20.189.173.13:443 | browser.events.data.msn.com | tcp |
| US | 20.189.173.13:443 | browser.events.data.msn.com | tcp |
| US | 20.189.173.13:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | darkstorm275991.ddns.net | udp |
| FR | 163.5.64.209:8808 | darkstorm275991.ddns.net | tcp |
| US | 8.8.8.8:53 | xfreddy2751.duckdns.org | udp |
| GB | 51.195.251.9:6606 | xfreddy2751.duckdns.org | tcp |
Files
\??\pipe\crashpad_3700_YJMSLMUHFHAYRFFL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dcbdb130d1b76de5a205148a7592a259 |
| SHA1 | 4f06ba6e63498031312612a43414d43831826792 |
| SHA256 | ee60b2827896ded2cf1efdab1710dc5a80c65cc5b65e15b8dc5c368b54834d89 |
| SHA512 | bef487a80548bb683c55639a1e9c1fb1b4a8d43f7855d87b809e93cf3e5578972fecee7d95c9f2e82b627c8279a9d470a3a1adb10450c8c41b61dfd787e6ec39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 858de0674f13a6d6e95f152c335b8c60 |
| SHA1 | 3be63fc458963f152ec2bb839a520f7c6eced891 |
| SHA256 | ba4b9da43997b55027b3a00aed82856a0fd9e437535e084952e5726e86ab92aa |
| SHA512 | 66dad26ac585abd4ea2c13b4ea964604aae3aca4697beda36a0b037dea7c2e3234fd6816e763c0c8544be441d3c9f64bee53771a9c4d9f6743d3b6b1ba17806e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a24c1cba4c56e51cc740b8c99b566e3f |
| SHA1 | e0370770cb5de6350d5b0e0e9a88e6494bd8e127 |
| SHA256 | 0989ebdc6c5c31d3eb8cd10f5f50beb02e7fec77ac592dfc63762d11e5120255 |
| SHA512 | 58fe7b5df23b4b4e05815814ddfe7aa63940ab0130a7c73bc899d1680d0f7fac0098c825fd980b553ae7e46e781f6c0a975961ed5b430502f2c59e33b4c05626 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c5c0a045795eeeb918fc8c3e017bc889 |
| SHA1 | 0e92f80ef8384388b7c59bd74c9be09b44e29feb |
| SHA256 | 2139dc96a405b5cb5bd25ea8d2fbd72d77e3448ef99f67632ac993d27ca12f06 |
| SHA512 | 4a456f5ffd8f838f15982cd2e8ca5995bcf3625ccef0e886450b0168ffc8165934751fe292f403f6fccb79fc9fc4aa7a9b8e74941a7af2b9668d394787dce60a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 500ca509665670fa0a2c15fd3caa549d |
| SHA1 | 43b95cc63f44e23911388ef7406d10ed6871b925 |
| SHA256 | 6b8d20ed8093b44073f1ddfae127b279d8ddac5cefcf886151879b3b08596f0f |
| SHA512 | ff3abfd812e7b454d3b9dde099cc6b1532bdc58c48472a4f4a062c629a591e290b129c1ebec73bf9e6cc61a1b138629a15469d96fde9df0f2024e081bb591f2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e87654a4d3221f750f7bb19ff22f68f0 |
| SHA1 | 45638785533cb9881fba8e759237ab221e131f4a |
| SHA256 | cba589ed904a57d9436712216741be7d8bf7937c9629ae3ad72d2fda5ab77847 |
| SHA512 | 60fc517358b83bce19e16eec90b028a40eca841173c8dc84344504cef597e781334fab0d547734d933512d88326d28f154ff5e703899dd807654d64106507582 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581577.TMP
| MD5 | bf4c2c995d16ce0b7b3647808bac4b95 |
| SHA1 | f6e2e3f679795f59a6235f7346eada1dbd1081b4 |
| SHA256 | 1248247d98fb9764e5f10bbe2329f2c55aa9c19d179c8e735a82c0b07dbbc777 |
| SHA512 | ed40e5defdd1c3f8e86ea15c5dbd9bea33a471306b330a6c1c89d2cdaed5a248fbf589f5af2133585337b333a5d3069c1de448a3e66689a854ae2f85a54c47cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 69c3a7ac059294d30081a6af7cb2e4fe |
| SHA1 | caa8888487440a799aae81db9fcd80801dbbaa8b |
| SHA256 | e9daa3a35b01be55bf4f1123f651525ca315d82827c90e17d82c10a8dc514e42 |
| SHA512 | 764c26aa7d5cb8049ccc0a0727ee94bfb6b2459ce03db894f07e5bf878580d0477dee962e0e413b1f63a8aa27bf1bc39f0bb4ee67584fe44dc45bfe8e725af1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b3c05e750117f35d6ea9d86e72168b01 |
| SHA1 | 136273e8ba9fa0190a4c1d30a4e0d0ab8194f048 |
| SHA256 | 3615d40c091f0bfd6356936450ea2f23b1f02e290951ba2bd5e0a03afcb32698 |
| SHA512 | e406a45a52f78a80760ace06e6bcef53077e859f3ad219427a5b2ba281a03d8936770dfc4ecf14425c6dbf76e91e887167c73b9b52fcee31dab55c3aac9f309f |
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\Icons\icon (15).ico
| MD5 | e3143e8c70427a56dac73a808cba0c79 |
| SHA1 | 63556c7ad9e778d5bd9092f834b5cc751e419d16 |
| SHA256 | b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188 |
| SHA512 | 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b9eff7e7ddf40764db1998ce4ff47ef3 |
| SHA1 | 83f157a66c2234e19235bfecd710e951866650a2 |
| SHA256 | 006474a0606d64e306000ce71d0592dc882ababa076c042b3112635831599451 |
| SHA512 | a1ed6e5c2c859ff862ebbbe3f96eea82b61c8811e7b9bb9c359ec6206b0bd0de0b86716922ea12a649e57bdb1e6d09f9ab4c60006d82dd522629a50f4ed4b6b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 2cbef893b0917c8d7ba3cdb97036ea70 |
| SHA1 | 77442e1b3ac7f312a00bd8abe835ce207d7d89d3 |
| SHA256 | 57c6fc54b3a0d5404f3e1f76208cbc84952762614eeff73715fc891db4446471 |
| SHA512 | 9da275b5be0b9bd15b55562a17916c67e6ecfbc95488765663e679e8a8e5ab4442c7f22e0b21681ecb90f35af2c3f354be1202a6ae0a4962415102dfdd939277 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 34a2886c2a86a2f99ff093a080851bc7 |
| SHA1 | 0f323d0e4d48ccae2c58bea263e82037854cad7d |
| SHA256 | f867e7196f658983215f15b89bfd72bbe6be7456d46d1f2ccd0fe996bb9bec32 |
| SHA512 | edbe5284ea1cfd031a5ec3149850126c5cbab5a27966875d65658206bd466e12c4df1737fe260cacf1318bdf9b22260b65dfcfc18f3207978968939daa1bb662 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e3062eb5a60ac9c713af0fe6aabc10d |
| SHA1 | 17c630c09a00c482a54a5a8c5f6cab7acad7b5f0 |
| SHA256 | 6272a643c570e265d4b59af5d7ecc230317c7dc31bfa7267df219ead6e40dd17 |
| SHA512 | cde93af4469a2d7f7f9c4fcd095a7748d80f823b07e12eb0c184235fe935b6adbeaf5c9ac8407e1280abc805d39119310f49691527d6b24b870302a3f7de1ac4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ad907bdb2b4f20d9430ca9cef3cbf0d4 |
| SHA1 | 02cbfdcb693f2f53599fdcaf9bd81841897c78d6 |
| SHA256 | 5bd72044154b23fe58ca0446610b7f42460a5ceaec40d426082c12a89bdd94d3 |
| SHA512 | 529394791e960e1795c157d800bf30f1898b05625ddfd47052931cb85e823eccb61bddeafbfe7a8f3f05d87e6f9e32d0d65b32b41ecf7ac6faee73b516c87865 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 43660bb7d4804bd3a40df81a9960838e |
| SHA1 | a8963eee56e1844b5a66b66b92ed0bb13ae9ced8 |
| SHA256 | 891329e11a6264751124199d5c3f66b13e6ddd7994aa3bd9d461858abae593db |
| SHA512 | 66aa39c6436ad38e537a17cef93e948327a5f7fbc6e7152a6097e1e9c7bb2c5e75331af97d8307061cccb351c36fbb69b84a2d728e398d9e220bb9acf671c32e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3cfade30eaa7c20365590cad6bdca296 |
| SHA1 | 739b048ec39074332c9f3aa520d8659930b2d902 |
| SHA256 | c0b789a71d36f48ffa2bb45577a4c4c80c0d4bd3836aa0dc55ec550e876db2fe |
| SHA512 | be9c16e42b6dce03f49f8f9187509e92c6f68ca88aa71404481a870ada1218dd00746abc78f0f447c0135a087aa829dc25848585a78f2a0c11e3d5ad2d04349d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3338935016ee934952dd99ad6af64144 |
| SHA1 | f81ad39dd0cdf22b3528045ec9515aa2d8f0732e |
| SHA256 | e2cd94e2d676100105b260fa2b623cb370386e0509c6a39777b850a1f4646572 |
| SHA512 | f1dbdb3d588f8d40e0721cd2703396943836abba8b29382146cb266df56125f4f402da3d932676946510541288f80f718122453ed6baf38c5a2885a47a3aac89 |
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe
| MD5 | 8b7b015c1ea809f5c6ade7269bdc5610 |
| SHA1 | c67d5d83ca18731d17f79529cfdb3d3dcad36b96 |
| SHA256 | 7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e |
| SHA512 | e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180 |
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe.config
| MD5 | 66f09a3993dcae94acfe39d45b553f58 |
| SHA1 | 9d09f8e22d464f7021d7f713269b8169aed98682 |
| SHA256 | 7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7 |
| SHA512 | c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed |
memory/4324-454-0x0000025F30BD0000-0x0000025F31808000-memory.dmp
\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/4324-461-0x0000025F4CD60000-0x0000025F4D94C000-memory.dmp
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\Guna.UI2.dll
| MD5 | bcc0fe2b28edd2da651388f84599059b |
| SHA1 | 44d7756708aafa08730ca9dbdc01091790940a4f |
| SHA256 | c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef |
| SHA512 | 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8 |
memory/4324-463-0x0000025F4DC80000-0x0000025F4DE74000-memory.dmp
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\GeoIP.dat
| MD5 | 8ef41798df108ce9bd41382c9721b1c9 |
| SHA1 | 1e6227635a12039f4d380531b032bf773f0e6de0 |
| SHA256 | bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740 |
| SHA512 | 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b |
memory/3436-481-0x000001443A320000-0x000001443A330000-memory.dmp
memory/3436-465-0x000001443A220000-0x000001443A230000-memory.dmp
memory/3436-500-0x00000144374B0000-0x00000144374B2000-memory.dmp
memory/1312-510-0x000002746B700000-0x000002746B800000-memory.dmp
memory/400-524-0x00000286DFB00000-0x00000286DFC00000-memory.dmp
memory/400-558-0x00000286F02C0000-0x00000286F02C2000-memory.dmp
memory/400-560-0x00000286F02E0000-0x00000286F02E2000-memory.dmp
memory/400-562-0x00000286F02F0000-0x00000286F02F2000-memory.dmp
memory/400-564-0x00000286F0EC0000-0x00000286F0EC2000-memory.dmp
memory/400-575-0x00000286F1150000-0x00000286F1152000-memory.dmp
memory/400-577-0x00000286F1170000-0x00000286F1172000-memory.dmp
memory/400-573-0x00000286F1130000-0x00000286F1132000-memory.dmp
memory/400-571-0x00000286F1110000-0x00000286F1112000-memory.dmp
memory/400-569-0x00000286F0FF0000-0x00000286F0FF2000-memory.dmp
memory/400-597-0x00000286F0F40000-0x00000286F0F42000-memory.dmp
memory/400-595-0x00000286F0F20000-0x00000286F0F22000-memory.dmp
memory/400-592-0x00000286F0F00000-0x00000286F0F02000-memory.dmp
memory/400-588-0x00000286F0EE0000-0x00000286F0EE2000-memory.dmp
memory/400-625-0x00000286F1400000-0x00000286F1500000-memory.dmp
memory/400-626-0x00000286F19B0000-0x00000286F1AB0000-memory.dmp
memory/400-644-0x00000286F0C20000-0x00000286F0C22000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2X206TA8\website_icon[1].svg
| MD5 | 02f7553e1ac3129cd1c4d0442b5a0f81 |
| SHA1 | 0dd8634450681fe1a2d0c1e5b02d6d0954e2772d |
| SHA256 | 0019255c610cb0843c524d7995905fa5201651fcc393846bee8414f0610097f5 |
| SHA512 | ac141a5648a3a22ceb295de8ecc6823f53d2a453316cd591dde888715344a60694316e1b85a5ceec72af62e34cc3d01768b020e5dfd5e0cb9916ec975ba4318e |
memory/3436-648-0x0000014440EF0000-0x0000014440EF1000-memory.dmp
memory/3436-647-0x0000014440EE0000-0x0000014440EE1000-memory.dmp
memory/400-654-0x00000286F0C30000-0x00000286F0C32000-memory.dmp
memory/400-656-0x00000286F0F60000-0x00000286F0F62000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WX2JLRZY\favicon-32x32[1].png
| MD5 | 16a75c7824b5223b8e22864354e9e33f |
| SHA1 | 2c35e76ebe2d8002369d582b32bd70374552c574 |
| SHA256 | 7f3e38478d53875c1f35d67fc035067274bacf9df8285889ad04fb143dfdddd8 |
| SHA512 | bd09744894646081e02b9e730c68c82354e3907c419578bdcb45d52c99d909d78ee084c8948b99d14ac6c8dfb343c9eb9197af039c5ac99d356440efd10a4ee8 |
memory/400-665-0x00000286F1290000-0x00000286F1292000-memory.dmp
memory/400-669-0x00000286F0910000-0x00000286F0912000-memory.dmp
memory/400-667-0x00000286F0230000-0x00000286F0232000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
memory/400-693-0x00000286DF450000-0x00000286DF452000-memory.dmp
memory/400-697-0x00000286EFD30000-0x00000286EFD32000-memory.dmp
memory/400-695-0x00000286EFD20000-0x00000286EFD22000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE
| MD5 | 11a75467ec272ba648282244fa53eaa6 |
| SHA1 | 92208ebf225cfdfe9d3b82c15853b14c7184c85b |
| SHA256 | 685df6b6035dc51df5731e789239b19c526c749bb849da9ced8f1e7da9664990 |
| SHA512 | 3e522d01f38844521674141810543de388e78b4648e886e33e610569d67a84230a0bb89163c720ed36217e0dcdb40781cf4e55bbeaf81814c5e28e1948981d7e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE
| MD5 | 34c4b5610feb808a4969189e4c57a0da |
| SHA1 | aa04f9689f191b400741a7410793f88a55c79a06 |
| SHA256 | 6b9d006de421dd5e9a9c47b67f37c47dd73a06ccc9932324e6c4862b27aabdf0 |
| SHA512 | 2a02ea8be1cdafc3d8a531576fb1289e60445003eccc2447da16939adffc0c7ff99ac9b2c3f1e02a1cda1b7c28638b83fd32e8ee98cc4a7fb37d7e4de6c47f55 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\4DD5A6DC9C8906CD00BFF6178D65A5BF_D52454228D844AE7BD69E170667AA13D
| MD5 | db0432106804255a1d00590d66d9f099 |
| SHA1 | 29593d73e7f6c2396fdd0fd4d2f053417fcf0804 |
| SHA256 | c2eca910026900417fd4d65742fa8315d9fa080c4500a6c934b6446b898cda2a |
| SHA512 | 78985e3da09a4f7c80089f0067cf770f7f6bc57b3ea0e94a1475bccfdec2d14bac92e1a158cdcd65b4488dbce3115aaa3b66baf9cd27d7d2f1a842c1a708470c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\4DD5A6DC9C8906CD00BFF6178D65A5BF_D52454228D844AE7BD69E170667AA13D
| MD5 | f37b8fbb27c2da790811645c154d3230 |
| SHA1 | bf9c5d9af5c4817aad9b63148dd916684a94653c |
| SHA256 | b73667d27e490b2302cf3e6d7033aa8f5fe706b8b16f8e7aed5bbbbc0ace2970 |
| SHA512 | 4fbd04ef27e25544df70ed84715fd5acc195ae379346836e84652cd6b493b40e3e04479a130473a7e40abf64fb905caa5e840b639ea3ec611a49fc43c83ec22e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F4539C26D015555233531C28F147FE2B_998D6E07322272D6C0055D96C3E9C97D
| MD5 | 404c460759aab869d97f129b475079f7 |
| SHA1 | cd43551469a1888d178c304555698d26553ca6b9 |
| SHA256 | ee314874a632bb0e0bd7c69c09253aa5df9f128125db252743bde14b1036edf3 |
| SHA512 | 59905edfe5a02773c1084a5db4171b113b4343851435556d26cb98261ce58179fe7f90e6e3ae9882e056d6cd750c39fa001bfea08fc20f17c3009bbdb7fab7a2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F4539C26D015555233531C28F147FE2B_998D6E07322272D6C0055D96C3E9C97D
| MD5 | 8290db2a4b2eb9ca9aae3048cadcdd2d |
| SHA1 | 812288a2737a1cd3b08a78ba25e50585aa995e51 |
| SHA256 | 6339af8a930dedf42d855beb20d11f8ee14f9b490cb640c3cc8cf31e592f4916 |
| SHA512 | 5f6de5efcdd20ac34a3c319314f4646ee8150245f53f49a7f6376e45136a1286fb47bb94c930d28b9df6521fbb777be5d273b3e1c4a660d063a36e321068e6f7 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
| MD5 | ae924bb9716bf31b2c23a8f9caede365 |
| SHA1 | 85232f0e76c84c779fcabce44cf161609d774f8c |
| SHA256 | 2173a97bba75f0c6d43173f10d978fd0e33256151882a115669f83f5c00ab16f |
| SHA512 | 5771e7c1c8e7ec8ff6f67e20db1328659b8cf5b7a36a8bbb0df2d28430520b16ac013e0af363c5002302154eadcfc21a2fcc59c374d59e33649085d51bbb326f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b185295a7f3e132e0832f426799ec993 |
| SHA1 | e3027c6e02fb9ccdb936d91e88b4e4462267c683 |
| SHA256 | 74134d86f333c3e3ea89c8aa7e5133e217e76cb619f36169a3cc76b132ecf05f |
| SHA512 | f015bd58426862ba817d16090e49168aa834f0351414e120a298e8a527f7144cdd74cff0d804c5e4c171e996cb0d434c4734b08eaf8a18d65d1f8eac6c8965c9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
| MD5 | 037ae8164352ca91e80ad33054d1906d |
| SHA1 | 1d6520e9f51637e61ee4554393f5ac5eddb18ebd |
| SHA256 | 07c018eb07002663d5248daa8a65eaf587955e3db45735e7e3ac9cb13d7d664e |
| SHA512 | a092a9e43bb47bdb0e081bd4f2c0ef7c6f0ab9fbe3babd624d577186ba52e52e86209a527ced887275b74aa127b03e83c476a2a39a1d6dcf0ba1d024e7bd7730 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
| MD5 | e51acfb1ed04ccc6f38230578f97409a |
| SHA1 | 19c468a4392ec27f700db193f26425f9b2007ae8 |
| SHA256 | c29077eedd60b2e397df217b7ebd0e9596e1b8e2d8bfca52eb63f9a74d7f789f |
| SHA512 | f1c1daf6fb8503857c8d5c4675897aa2ca05130e338ab644e96207e297e4406c01750fa5b2bbf103cf45b9c6ca965c9e0e3e86cb9dba9326eb83c338c6050b0b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
| MD5 | bde33ee4a8b0b74288c747f0dd343eab |
| SHA1 | 662122cb3efc3873fdd64a97625358c051ca89e7 |
| SHA256 | f208f319912c653c37863cd657927782bbd04f67eb77e7086e82c77e5166428b |
| SHA512 | 8cc1e5820de10c5bf4ee6711e6ebbbccd0afb1623df3d28378e2805e678056b75e68d17afb3a33bbc9605f42fa760461807a53c14046119b9f19e1f9644bcde3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
| MD5 | aa6be550d2c2b221746aa9fc2b87429c |
| SHA1 | c2fe7ca0d00893a0e47ecd440933f63d0429c5c5 |
| SHA256 | 49daf8decc574deb6681d6013c590f2a508593781146fe0bc11c089aa121936f |
| SHA512 | 630b0ef3f3508780437cd3065503da3a75868d6efab842bd98ae24e2be6e9aa3ffb0eb3698079fea6ffa1abaeecc5f694bab722998b33d4e5ee1b1ed33194d8e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
| MD5 | 992d5d32825c24b66778425f8b89eff4 |
| SHA1 | eb43b3819e889bbb21aa0a91e9a5c06659de348b |
| SHA256 | 6f0603b3c8d303cb8738ad87d2df0f5f78ca511fd2e63ddac6322c37bf9c9c5a |
| SHA512 | b59e6eb57a1c645a87459c4851eb7329c1b0978b3306d3e17365ffd800ecf878300cc06d34cf428549dc92ef7aca515c2fc15ebf33ceabb7362e75d41c1e4dde |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c450bcc92705c42710bf76dd0e5cdea5 |
| SHA1 | ba084bc9b5b4f10a53a1d02f35c842c8c6700936 |
| SHA256 | 77e3d011a232324a9445e8aef94b3bdd272e02291d25bfd5e3acab0d2da41bd7 |
| SHA512 | c074a8648d87ba60886761a924bb21257434eeecdaad72c5d4a64f887bad14b42d21a33af6278fcdef34bcf4958014059248fdf8c3631825131e2c0cd12b0bb5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\font-roboto[1].css
| MD5 | c706681409217a14a24c7e2deb8cf423 |
| SHA1 | 08b443fe5bc6a223a9de08fb56282365b1d13857 |
| SHA256 | 84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974 |
| SHA512 | 2520a5417426cea58972529b3776713958ff259cc8467ebafbe291bd040e27195054c4133f4a9518d78da38ddf4f7cdac64da0813da33bbe707ad13af5baa7c1 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\bootstrap.min[1].css
| MD5 | c2656e265ef58a9cc9f4b70b15da5fb9 |
| SHA1 | 85c5ebdb89d4574d72688c2650d4b84b9b09770a |
| SHA256 | f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3 |
| SHA512 | 6417aadebeef4ee35381bfc7034148d57fd061d84de9974d798468c6426c24a6bd1c9913cf517accf3e349fa06cbdd546d2883ea8391c595285fe0c6127e26e8 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\telegram[1].css
| MD5 | 8507165c54755807224a197057729d87 |
| SHA1 | ace8a26f8402baee786617e4820a0860822921f2 |
| SHA256 | 2df92c7108cf6788ce6ffe7d3170480c6b6ca0367ae57911849b3760f3753994 |
| SHA512 | 4c198202400d755d7b9e32b92e267ab7d3c07d0b90ed351b796cfd791e74f014f59604c52b00ce4f54525b1db9d7ef27412ca483e1517b2c4e289f207a3be3bf |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\tgwallpaper.min[1].js
| MD5 | 2b89d34702716a8ad2cc3977718f53a3 |
| SHA1 | 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a |
| SHA256 | 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 |
| SHA512 | e6fbda1e7d1e24c0db5a724e4cd30c883ceb5d35de1cc6ab8851c9b19e202024752e7e42aecc21002f9f9684ea98775f1ebe0ee8da9bd7562dac2fe171464242 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\CGYQ8OTK.jpg
| MD5 | eaeb176e976aa2c088a87f5d34504d51 |
| SHA1 | a7f698bac3ef77eaecb6c1699e2b4b2148100038 |
| SHA256 | b971ac7e004e28088a7bb0d1be668886d5fcbe4a2fb244a9c96cb9f1eb5521aa |
| SHA512 | d510e95de4ef6f730ce7ec4074855fcbfbc6c76fa7a71b66d248ed0f13288e78a7af3c3a4dac61b13abb5c637e4d90a98eb35af46be257b3cfa2f24eee8f6ae9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz[1].woff2
| MD5 | 491a7a9678c3cfd4f86c092c68480f23 |
| SHA1 | 32e18ae407d782adfd54c78c6259c7be52db6bf3 |
| SHA256 | 41b5c3b25f4258190937deb900fa57a6db6d450ce7dd2af2259af760119a1c41 |
| SHA512 | bf89c2cecb09f56b6ec271aede7dd0bae6c0b9c88aba6a59e0e0c3f50c5f22e25178e766754d1c495866e76c00c8b413612b3516c75ad731ecb4f38b79d15e01 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\KFOmCnqEu92Fr1Mu7mxKKTU1Kvnz[1].woff2
| MD5 | c2b2c28b98016afb2cb7e029c23f1f9f |
| SHA1 | dbf6b0f2e2bade5c8f4f66e4eaab64134efe5ab8 |
| SHA256 | 1df1ae79b14180fb1e9284310583ca4c17a861328a726b82068e0ab3ba586458 |
| SHA512 | 2b0552b757b1ce2e3ebae1dcfc9a55e3373dd1956c0a50e104fde759600efa5e40de96d68e2fc2cfad9b56ccafe07999df308bc26b1393cf6698f84edbb9a553 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\KFOlCnqEu92Fr1MmEU9fCRc4AMP6lbBP[1].woff2
| MD5 | 7a500aa24dccfcf0cc60f781072614f5 |
| SHA1 | a86ec3b3428e1bc7779122645125eda91cf7e18c |
| SHA256 | 514a8093c90624700cea152953305ca826b5dc9f0410945658082d1758aa9dfc |
| SHA512 | 8f787f9fccad04848e083a8f579ec7b8b2f817399699036d05e61c3b7ec581de16c2697c1fa0cae84e36cd188b3f174939e5ba292a2d1df159b6cdbf19793eaa |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\KFOmCnqEu92Fr1Mu4mxKKTU1Kg[1].woff2
| MD5 | 1f6d3cf6d38f25d83d95f5a800b8cac3 |
| SHA1 | 279f300ca2cbbdf9f5036ef2f438607fbf377daa |
| SHA256 | 796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f |
| SHA512 | 716305f4d2582683b64c61b5e2390983579ea0fb33c936dd3ea8362872176625fbcb6f5ad18d2abf85da82d14c33a9640dfc5749922cb2fc079ddf37864f361f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz[1].woff2
| MD5 | 93dcb0c222437699e9dd591d8b5a6b85 |
| SHA1 | fad0a82ab491e6ee403e116475dd6ea9a4cd8733 |
| SHA256 | 582ca1c5738fa2697949cc4a495418e42df462e2bc3fc62bdae126bf159b6af5 |
| SHA512 | be07b461317bc3843a5728cfd892ce32cacdea2b14a10d014987ef7e4dedb148a88df07a5dc6f02f39d6c86517c6025ea8ec75be97c7d151fa198181670da1b8 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\KFOlCnqEu92Fr1MmEU9fCBc4AMP6lbBP[1].woff2
| MD5 | f7ec4e2d6c9f82076c56a871d1d23a2d |
| SHA1 | d897d15fb006f3c4ca1d12c348a96f44a8125531 |
| SHA256 | a269d3d076c42e10f61629e0bd7048d770cbbafcf04b3ead84c39a5ba3bd2b60 |
| SHA512 | dbb6749fef3bfc5ca736415640cb4020309f4a1ca7874066f43f8f3b6d1bfc9cb88915af90b418a5eb4224dedbdd8b08d382fc9778ee542f119dc268f15b2538 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\KFOlCnqEu92Fr1MmEU9fABc4AMP6lbBP[1].woff2
| MD5 | b44d0dd122f9146504d444f290252d88 |
| SHA1 | 41f0f056110dd4213c98e7dd529cd726754408fe |
| SHA256 | 3e70e149a35f394bb78ef7842de11a06359fed7828f30331594a28d196c54012 |
| SHA512 | 3fcdc52b3069e1037d4b12fbd752eafa9401f0331aa55ebc7c4c7477af4576228356eda226b7c28df7e13b1ea30553e3e339aad0febc183d43f0ac3d29bff511 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz[1].woff2
| MD5 | e64969a373d0acf2586d1fd4224abb90 |
| SHA1 | c654a76bf4dd81fb918d3e08461c7123e5be1993 |
| SHA256 | 4f393c516f720fc9745e48f9e2662ba069eb70e43bc95fe327225d47d5c89fef |
| SHA512 | 7e2929d0e7c8b5e2262d7c37ef8f2bb4b95903c2eb2eb79e4c84402e87b7b1bd4964d8d0f8d178127ccb6f5ac1bdf651d4226c013fff195925038128fb4072ed |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\KFOlCnqEu92Fr1MmEU9fBxc4AMP6lbBP[1].woff2
| MD5 | 96e992d510ed36aa573ab75df8698b42 |
| SHA1 | 7e02b3f9fafee2812cb08cc3ac9292c6b27b324f |
| SHA256 | edad7f7e15729b7deddee25e34499c91a320ab4fbd1e60dd0420693c0d333947 |
| SHA512 | 71cdc5e2539a915d482294f3f9e448b68b7f85fda7056f96e5a96da82bcfa97e1a0eea3b1c343781a40f208a0b375ab19bd768b19bbcb64b70d0564a2a382433 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\KFOmCnqEu92Fr1Mu4WxKKTU1Kvnz[1].woff2
| MD5 | 3ba6fb27a0ea92c2f1513add6dbddf37 |
| SHA1 | a03060228b60f28bc380a128188c8f4ffda4f02f |
| SHA256 | 3c8b5949070cb8420d2deefabd38557414d4112d3dc1bda58c3fd738efe984f2 |
| SHA512 | e8636f10ebf12ba6c7c32a0be3a36e2fcdd9e3397cbf148d069882cc8f1fecedbaabcbc65a93a9773697c9c1dfd9211b82144501b4c6c56bc0a3aa87a1120792 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\KFOmCnqEu92Fr1Mu72xKKTU1Kvnz[1].woff2
| MD5 | fd4ff709e3581e3f62e40e90260a1ad7 |
| SHA1 | 143c08c992c30851ff0de4140e64b50f22d264fe |
| SHA256 | 83572c3ab2cc39e33fb02c9050652e82eb00351564f8fa1581b586372934a754 |
| SHA512 | 11477c7f087162d231929cb291243a233f9f920e71f5b636aeb356dfae9840fb6b060ee3c08ab2c896bcc95ad5fba85df8403589917b1bab5f5e8c55b3430922 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\KFOlCnqEu92Fr1MmEU9fCxc4AMP6lbBP[1].woff2
| MD5 | 4d1e5298f2c7e19ba39a6ac8d88e91bd |
| SHA1 | b2b509897d53c2bc727b1d669cd8bcc9386f56b3 |
| SHA256 | dab91182a5ab309ff749748ef255493eb4336822c3dc2d72ae47db6ed6764e1c |
| SHA512 | a977a49641dd900906c7a5dc2c39d7d8428818873f783747465bdd00f27f55bbf62415b952e66b181fdf7247107f4dc494847adf5949e3f78a1c5fb34d509e84 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\KFOlCnqEu92Fr1MmWUlfCRc4AMP6lbBP[1].woff2
| MD5 | 9a74bbc5f0d651f8f5b6df4fb3c5c755 |
| SHA1 | aada694b2e629076e3dc399a212efa237bbed6b9 |
| SHA256 | a05e513790b1979b52b2e4f8d6bbb9df34d3bcb935c15d6e0c12f8814fecad4a |
| SHA512 | 888a878d15365b405711c3908974f804f6b84030cf8c05e5676e4b95bd50c258e1678614dece6f0fdf851454307b8373b67ffee8b64d1c102a39add050386f5a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ[1].woff2
| MD5 | e7df3d0942815909add8f9d0c40d00d9 |
| SHA1 | cf5032eea3399a58870e8a05e629b006a8c7c3c7 |
| SHA256 | bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875 |
| SHA512 | 3632a44ee28aec0cf67ef7d3780a18db1aa84837817a3ea69a5f892d656a94b9faefc0314e2c38599410802f875df73581558ee9511ced7f717feda29336cfa0 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP[1].woff2
| MD5 | 376ffe2ca0b038d08d5e582ec13a310f |
| SHA1 | ec85284f360bada79122b5dca3088103c769ca8a |
| SHA256 | 2f662599cf4323a18b4f7da381a998a8873c0277fff2d866336f7ee943a102d6 |
| SHA512 | 1ac85cefc94039e2d11e25a2e289369e475558d93d1a9dce8f9ab11e33de5f37ffaa590b1e24f412d341d3d17501ae77c016a1ec4451ee42eb91d570862a25ad |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP[1].woff2
| MD5 | 90687dc5a4b6b6271c9f1c1d4986ca10 |
| SHA1 | d21bd154ee1c06a125f08c306c24978db497ca1e |
| SHA256 | 9cfe0546be6c8e0e13beeae9b8814f1e7bf0ff31fe4d286bf9ea12239a0abbd9 |
| SHA512 | 583ec0e0d94d96c5456d8ac8587eb1c4d75119f25ed2c2010fbe7c1db31387a37ccf5c39b0072ece458784ee9835c4cb5cb070877c4c328ec1712b6ca8f99247 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ[1].woff2
| MD5 | 5e22a46c04d947a36ea0cad07afcc9e1 |
| SHA1 | 6091d981c2a4ee975c7f6b56186ee698040bb804 |
| SHA256 | 0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44 |
| SHA512 | 3e2dcb20c7416160573ea7c7a17bf7250132c5203161b03aeaa3cf065e3ce609da6d1b317d3739aad7fc0c092c44cd0c4ea5657a63bfa530c66f9b0ecb9daf15 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\KFOlCnqEu92Fr1MmWUlfChc4AMP6lbBP[1].woff2
| MD5 | 7a2e2eae214e49b4333030f789100720 |
| SHA1 | 9d614f3701f4e26f09e31f22b23a1d16fb552f8f |
| SHA256 | 248ec746242539f7467873663d3a50ffe3c47324d07c1d5dea43bfc60ca14b22 |
| SHA512 | 6906d2d60c5a3d39da5144d47071d189beff180d37619d384e3e9bf744e6b7b8684aa01554169e910c11e8f54138fb86fe6edf27e220f34752e9f3f19ccb6a00 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\KFOlCnqEu92Fr1MmWUlfCxc4AMP6lbBP[1].woff2
| MD5 | 2855f7c90916c37fe4e6bd36205a26a8 |
| SHA1 | 579afdd351c4796fac0aece78195052d076cf9a0 |
| SHA256 | 47fc12e7b150cb636b83cabc6695e8e55ffb911346613ef75d8014a974582712 |
| SHA512 | 97084ffd8fab9d0c9ad4610b6c342cf79d169e5d9311e3587060de303e4e2671b0e30cc059014c3516015ccfa136220f2039e9297c3d81fdc3ff7a1e9d69988c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\KFOlCnqEu92Fr1MmWUlfBxc4AMP6lbBP[1].woff2
| MD5 | 5756151c819325914806c6be65088b13 |
| SHA1 | 8ed6bbd5e59b3535703801881daf4cccc84a5c63 |
| SHA256 | 05347b4e55e70240e1136cf632220ec6662c94f12757835bdcf8d578fae77e88 |
| SHA512 | 657d233989fc635b2c67685bec1658cc93986eaf1c010a135f79a727f153299824a11b7df3bcf26991d968817acba248094a317568fe595b80ce224a6b7001e5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\KFOlCnqEu92Fr1MmWUlfCBc4AMP6lbBP[1].woff2
| MD5 | 8096f9b1a15c26638179b6c9499ff260 |
| SHA1 | 3de8506ea9662c22ece06f78481d105bf6f3340e |
| SHA256 | c5214e0140eedfa85f9d274d1a1fbef05fb6ad22eee49dd40876fedce3e70e59 |
| SHA512 | 8d746755e3f668ab38dc939c48f41c5e81c714b3cd81894bc59a1fa7e0dc049c4109fe2a519f3b2d3a1d39ac09b3d6b55d52627651361d45d595b29cd3ce6396 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\pattern[1].svg
| MD5 | d0c22c6a97023d85ba6e644a41c44a5d |
| SHA1 | 4284efb616c182da4450c123174ce0e81a322845 |
| SHA256 | 118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4 |
| SHA512 | da96462f4f999bb65509d32e4d5d2e1fd74555ce78d43e5f80fc350155bce59250337cd1796b17d2132f39429b5e3fd95d05101ee9f9b29bce2bb7b44b6e4eb8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QE6ZHUW3\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2X206TA8\favicon[1].ico
| MD5 | 84cc977d0eb148166481b01d8418e375 |
| SHA1 | 00e2461bcd67d7ba511db230415000aefbd30d2d |
| SHA256 | bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c |
| SHA512 | f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFC4FBD06C4976E4ED.TMP
| MD5 | 22b5ef3a1be556680bb1aaeffd536444 |
| SHA1 | e81aa4d56d005aa8dc2969d56f967fa03dd93a94 |
| SHA256 | 8661219f6f32256f806af0eac6fd94aaf5580490946eaf63966e0b56fcfeeb47 |
| SHA512 | 5d0bcd3788de45f282354c5fcc67d06e3f3d5e59aac0e8843b761b709d8d8dda26abdc79dcc18b471bf7ef4ade06ffa98f7fd8ec13f1d7f02c7744951aee5b1f |
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x32.exe
| MD5 | dfad6480336587ed4ca5f713db8e5bc5 |
| SHA1 | 61e57a8e6ccb6e46623f51726c1f5851724c4a58 |
| SHA256 | 02f4c1fef324c120432c4d54cd97d4aef3eddc2c426b03f9990cdeef37bdf6c9 |
| SHA512 | 6f19ea16ec970529a4b38edbac13e5229580fe29303a8b3e3b7646637f44d73434fdfb029eee33e26fbbfb91489cf7156cc1ec12c3658ddeacad340235121a85 |
C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE
| MD5 | 3facc93eb70a073f208f90955fb055cb |
| SHA1 | 8f04cf5b9c9164f82b7e77034eee62396f6c5bf0 |
| SHA256 | 608c73065d03ab7da0a0b8c8c3db3e073b2403a8d0249b9d684286f58e52dead |
| SHA512 | 269fb263dd7a2f383c2442a43e98435c4ee0767eab55c77ce5ff2e169089739e746f70208baaac2e4459076596a6afbf3fc8960d1ce9b8f46e91f7e462bd649c |
C:\Users\Admin\AppData\Local\Temp\NEW.EXE
| MD5 | e2b473487e4b8429711aef51a68f56a4 |
| SHA1 | 7d3119b07b951c68d17ae12e0764072a8c3d961b |
| SHA256 | c2ced27749e5bf8d9d01de0feb58ab40818c3f4339dd9c5898b2b6168be2ce44 |
| SHA512 | ead5c2977428cd44eb98f48511dbce8e64f5544fc3f8cc3e706f24f5903eeca92207a07c18f089e4451f8ed5264c28b6e1e088437100cc6c7274432275d18dd1 |
memory/6136-1058-0x0000000000750000-0x0000000000758000-memory.dmp
memory/5176-1057-0x0000000000850000-0x0000000000866000-memory.dmp
C:\Users\Admin\Downloads\XWorm.V5.2\XWorm.V5.2\XWorm V5.2\crack.exe
| MD5 | e6a20535b636d6402164a8e2d871ef6d |
| SHA1 | 981cb1fd9361ca58f8985104e00132d1836a8736 |
| SHA256 | b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2 |
| SHA512 | 35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30 |
memory/5288-1061-0x0000000000820000-0x0000000000840000-memory.dmp
memory/5288-1062-0x0000020C2DEF0000-0x0000020C2DF32000-memory.dmp
memory/5288-1064-0x0000020C2F880000-0x0000020C2F886000-memory.dmp
memory/5288-1063-0x0000020C2F850000-0x0000020C2F878000-memory.dmp
memory/5288-1066-0x0000020C48090000-0x0000020C480E6000-memory.dmp
memory/5288-1065-0x0000020C48000000-0x0000020C4805E000-memory.dmp
memory/5288-1067-0x0000020C2DEC0000-0x0000020C2DEC6000-memory.dmp
memory/5288-1068-0x0000020C2DED0000-0x0000020C2DED6000-memory.dmp
memory/5288-1069-0x0000020C480F0000-0x0000020C4812C000-memory.dmp
memory/5288-1070-0x0000020C2F8B0000-0x0000020C2F8CA000-memory.dmp
memory/5176-1072-0x0000000005150000-0x00000000051EC000-memory.dmp
memory/5780-1084-0x000001AA684E0000-0x000001AA684E6000-memory.dmp
memory/5780-1085-0x000001AA684F0000-0x000001AA684F6000-memory.dmp