Malware Analysis Report

2024-08-06 13:09

Sample ID 240616-qjffnaydpq
Target https://github.com/Wizard641/XWorm-V5.2-Cracked/releases
Tags
agenttesla asyncrat rat1 agilenet keylogger persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Wizard641/XWorm-V5.2-Cracked/releases was found to be: Known bad.

Malicious Activity Summary

agenttesla asyncrat rat1 agilenet keylogger persistence rat spyware stealer trojan

AsyncRat

AgentTesla

Async RAT payload

AgentTesla payload

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Drops startup file

Looks up external IP address via web service

Adds Run key to start application

Drops file in Windows directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Delays execution with timeout.exe

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Scheduled Task/Job
T1053
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-16 13:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 13:17

Reported

2024-06-16 13:22

Platform

win10-20240404-en

Max time kernel

299s

Max time network

299s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Wizard641/XWorm-V5.2-Cracked/releases

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AsyncRat

rat asyncrat

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COM Surrogate.lnk C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COM Surrogate.lnk C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\License.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe N/A
N/A N/A C:\Users\Public\COM Surrogate N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Windows\CurrentVersion\Run\COM Surrogate = "C:\\Users\\Public\\COM Surrogate" C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630174489067829" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 276d12b5efbfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = e05f7f77f5bfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4e95fab4efbfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c8ca8ac8efbfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f20f0dbeefbfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\AskToCloseAllTabs = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{C46354B2-93D2-46B1-9A9D-44D4A64BC532} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NEW.EXE N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4932 wrote to memory of 2580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 2580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4932 wrote to memory of 528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Wizard641/XWorm-V5.2-Cracked/releases

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa741c9758,0x7ffa741c9768,0x7ffa741c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm.V5.2\" -ad -an -ai#7zMap24663:82:7zEvent24714

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x64.exe

"C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x64.exe"

C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE

"C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE"

C:\Users\Admin\AppData\Local\Temp\NEW.EXE

"C:\Users\Admin\AppData\Local\Temp\NEW.EXE"

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\crack.exe

"C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\crack.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "License" /tr '"C:\Users\Admin\AppData\Roaming\License.exe"' & exit

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp4B3D.tmp.bat""

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "License" /tr '"C:\Users\Admin\AppData\Roaming\License.exe"'

C:\Windows\SysWOW64\timeout.exe

timeout 3

C:\Users\Admin\AppData\Roaming\License.exe

"C:\Users\Admin\AppData\Roaming\License.exe"

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe

"C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=692 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5384 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2436 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3372 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5484 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3764 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe

"C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "COM Surrogate" /tr "C:\Users\Public\COM Surrogate"

C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe

"C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe"

C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe

"C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe"

C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe

"C:\Users\Admin\Downloads\Xworm-Crack-main\Xworm-Crack-main\XWorm V5.6\Xwrom\XWorm V5.6.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5652 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5700 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5820 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5968 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:8

C:\Users\Public\COM Surrogate

"C:\Users\Public\COM Surrogate"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4424 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4808 --field-trial-handle=1844,i,1813489337196298840,15860746922311334307,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 216.58.206.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 74.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 28.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 xfreddy2751.duckdns.org udp
GB 51.195.251.9:6606 xfreddy2751.duckdns.org tcp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 41.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 telegram.org udp
US 8.8.8.8:53 cdn4.cdn-telegram.org udp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 34.111.35.152:443 cdn4.cdn-telegram.org tcp
US 34.111.35.152:443 cdn4.cdn-telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 152.35.111.34.in-addr.arpa udp
US 8.8.8.8:53 3.18.217.172.in-addr.arpa udp
GB 51.195.251.9:7707 xfreddy2751.duckdns.org tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 51.195.251.9:6606 xfreddy2751.duckdns.org tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 www.google.com udp
DE 142.250.184.228:443 www.google.com tcp
US 8.8.8.8:53 228.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
DE 142.250.186.110:443 play.google.com tcp
US 8.8.8.8:53 110.186.250.142.in-addr.arpa udp
DE 142.250.184.228:443 www.google.com udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 227.181.250.142.in-addr.arpa udp
US 8.8.8.8:53 craxpro-com.webpkgcache.com udp
DE 142.250.74.193:443 craxpro-com.webpkgcache.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.74.250.142.in-addr.arpa udp
DE 142.250.186.110:443 play.google.com udp
US 8.8.8.8:53 xfreddy2751.duckdns.org udp
GB 51.195.251.9:7707 xfreddy2751.duckdns.org tcp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
NL 216.58.206.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 darkstorm275991.ddns.net udp
FR 163.5.64.209:8808 darkstorm275991.ddns.net tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
GB 51.195.251.9:7707 xfreddy2751.duckdns.org tcp
FR 163.5.64.209:8808 darkstorm275991.ddns.net tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
FR 163.5.64.209:8808 darkstorm275991.ddns.net tcp
FR 163.5.64.209:7707 darkstorm275991.ddns.net tcp
FR 163.5.64.209:7707 darkstorm275991.ddns.net tcp
US 8.8.8.8:53 xfreddy2751.duckdns.org udp
GB 51.195.251.9:6606 xfreddy2751.duckdns.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 auto-london.gl.at.ply.gg udp
US 147.185.221.19:51655 auto-london.gl.at.ply.gg tcp
US 8.8.8.8:53 darkstorm275991.ddns.net udp
FR 163.5.64.209:8808 darkstorm275991.ddns.net tcp
FR 163.5.64.209:8808 darkstorm275991.ddns.net tcp
US 147.185.221.19:51655 auto-london.gl.at.ply.gg tcp
GB 51.195.251.9:6606 xfreddy2751.duckdns.org tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
DE 172.217.16.131:443 beacons3.gvt2.com tcp
US 8.8.8.8:53 94.122.177.108.in-addr.arpa udp
DE 172.217.16.131:443 beacons3.gvt2.com udp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
DE 142.250.184.228:443 www.google.com udp
DE 142.250.186.110:443 play.google.com udp
DE 142.250.74.193:443 craxpro-com.webpkgcache.com udp
US 147.185.221.19:51655 auto-london.gl.at.ply.gg tcp
FR 163.5.64.209:7707 darkstorm275991.ddns.net tcp
US 8.8.8.8:53 sinister.ly udp
DE 198.251.84.73:443 sinister.ly tcp
DE 198.251.84.73:443 sinister.ly tcp
US 8.8.8.8:53 crt.sectigo.com udp
US 172.64.149.23:80 crt.sectigo.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.235:80 apps.identrust.com tcp
US 8.8.8.8:53 73.84.251.198.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 74.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 235.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 i.ibb.co udp
NL 216.58.206.74:443 content-autofill.googleapis.com udp
FR 162.19.58.158:443 i.ibb.co tcp
US 8.8.8.8:53 158.58.19.162.in-addr.arpa udp
FR 163.5.64.209:7707 darkstorm275991.ddns.net tcp
FR 163.5.64.209:7707 darkstorm275991.ddns.net tcp

Files

\??\pipe\crashpad_4932_BZLQGBZSIFFBGJJB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 433c978ac9d00c45adacf6803bc7645f
SHA1 35c1da0a79d8de75fd6e5186864f09157aa44548
SHA256 32ed560f0406bf61d6fac5116f4e24052660e26a9516874c9444e18ecc402e88
SHA512 e82110e0b1f8997d2e97cf65e4996ecc16859d7b7ce9c41c8eef882dc91d6b08f9e4d15a5f655e0837681cfbfc7120869fbbd527899950d51c25d7b458d39aa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59033502b351213502ab60ef16e993e5
SHA1 5d96ad89aa97c707a43a01255712ca195f9eaa53
SHA256 3cb55b13a1c79360b8c0b42970d047521204aed5ca859137ef7d60705cb7fe15
SHA512 dfcd854210a24a882f83faa3dd8f07e35b17ab5ff21523c0e2ae89e88d5b71e7c19c1c075d1f1181e72c9a3bb5ee9588d251c4a0c53362abff1a957140e44f1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cdf05a8241a0bc1734b686a9c0322fd5
SHA1 3e4b97da5651aa4597b85ee9684b1d87269fb71c
SHA256 f96c1ae5551a107424dbf3c4f10964549c6d2daf54eeb7029ace25946686fffb
SHA512 403e09b3a744bbcf062438c569014b28bc40057c69388c30ee2627e03e2c601b3add5a0ad082d65c7f24e13671224cd7d83d5b82d3cf27e48e2e10d4c1c95bc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 543a5f3e915456b1e2fc6adce3c0a7e9
SHA1 b25fa9fe12999b7214faa19e337c9af6dc5363da
SHA256 092751c6a3ccf602cc58456752c3d878aa20954fe2ed717beb2e7fbb74ce9238
SHA512 c24355e214c3d99af1475f59e3d445481af075ac9c7ca17e69c0eab1d4dd8d23f63467628f8e1caaf9c5217aee2d1978fc7baab59a20e05d512523a4d0779d3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb56f05cbd89f1482c8f0efa771fe803
SHA1 11fca1380129408bf2dd6f70e1d0e270432aa059
SHA256 d8b5fc1a6d34fcaddd8132b7147391cea33ffa670df6d24faaf6e931417b2979
SHA512 9348ed69f9edc2c0de78731c97d0fe4e6a60ef2de2ef3dd3c2b4d00061129f14e4f20dc12089994e42df483d0725ed2b238da5437b8b2ae4fbdbcc9655f2619d

C:\Users\Admin\Downloads\XWorm.V5.2.rar

MD5 2a16b9474dd55ed48f1602c4a17a3b60
SHA1 f279b4a379e4c30e134ccb6a2837dbceecce9d13
SHA256 6a4beba8dda5d6d9b9f301c6bcf100b05d8c192453ee7d293efbe95f9a0f76c9
SHA512 b2ceeeb17f77c589068259ba07c2c1ccef420af17398f26b6bb92729771c6fb67bcbb2a139243c77dbdfc9dcddcc3e71a805b1645d70afcbbc08b27c7c0881e4

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 719fbf61db0d7ba221bcc35e4f964875
SHA1 0f1084bb1f9f1906d227fad67a676070f4404d7b
SHA256 6b3f690752e3e8a10c65102edad87a213c7b5b691c9586b69ff63a44fef7bbb6
SHA512 262e5672c26d2dc9385731b9169c0b44e3a99760e06fcac72ce38a8dc88d03e6bffe04283d2730daef9849adaec5213e8e0f44776f5ee8566db4e4d8303bcb47

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWormLoader 5.1 x64.exe

MD5 dfad6480336587ed4ca5f713db8e5bc5
SHA1 61e57a8e6ccb6e46623f51726c1f5851724c4a58
SHA256 02f4c1fef324c120432c4d54cd97d4aef3eddc2c426b03f9990cdeef37bdf6c9
SHA512 6f19ea16ec970529a4b38edbac13e5229580fe29303a8b3e3b7646637f44d73434fdfb029eee33e26fbbfb91489cf7156cc1ec12c3658ddeacad340235121a85

C:\Users\Admin\AppData\Local\Temp\CONSOLEAPP1.EXE

MD5 3facc93eb70a073f208f90955fb055cb
SHA1 8f04cf5b9c9164f82b7e77034eee62396f6c5bf0
SHA256 608c73065d03ab7da0a0b8c8c3db3e073b2403a8d0249b9d684286f58e52dead
SHA512 269fb263dd7a2f383c2442a43e98435c4ee0767eab55c77ce5ff2e169089739e746f70208baaac2e4459076596a6afbf3fc8960d1ce9b8f46e91f7e462bd649c

C:\Users\Admin\AppData\Local\Temp\NEW.EXE

MD5 e2b473487e4b8429711aef51a68f56a4
SHA1 7d3119b07b951c68d17ae12e0764072a8c3d961b
SHA256 c2ced27749e5bf8d9d01de0feb58ab40818c3f4339dd9c5898b2b6168be2ce44
SHA512 ead5c2977428cd44eb98f48511dbce8e64f5544fc3f8cc3e706f24f5903eeca92207a07c18f089e4451f8ed5264c28b6e1e088437100cc6c7274432275d18dd1

memory/1556-356-0x0000000000DF0000-0x0000000000E06000-memory.dmp

memory/3564-357-0x00000000003A0000-0x00000000003A8000-memory.dmp

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\crack.exe

MD5 e6a20535b636d6402164a8e2d871ef6d
SHA1 981cb1fd9361ca58f8985104e00132d1836a8736
SHA256 b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
SHA512 35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

memory/876-361-0x0000000000100000-0x0000000000120000-memory.dmp

memory/876-363-0x00000295BC1B0000-0x00000295BC1F2000-memory.dmp

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\RVGLib.dll

MD5 d34c13128c6c7c93af2000a45196df81
SHA1 664c821c9d2ed234aea31d8b4f17d987e4b386f1
SHA256 aaf9fb0158bd40ab562a4212c2a795cb40ef6864042dc12f3a2415f2446ba1c7
SHA512 91f4e0e795f359b03595b01cbf29188a2a0b52ab9d64eadd8fb8b3508e417b8c7a70be439940975bf5bdf26493ea161aa45025beb83bc95076ed269e82d39689

memory/876-365-0x00000295BD9E0000-0x00000295BDA08000-memory.dmp

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\MonoMod.Backports.dll

MD5 dd43356f07fc0ce082db4e2f102747a2
SHA1 aa0782732e2d60fa668b0aadbf3447ef70b6a619
SHA256 e375b83a3e242212a2ed9478e1f0b8383c1bf1fdfab5a1cf766df740b631afd6
SHA512 284d64b99931ed1f2e839a7b19ee8389eefaf6c72bac556468a01f3eb17000252613c01dbae88923e9a02f3c84bcab02296659648fad727123f63d0ac38d258e

memory/876-367-0x00000295BC200000-0x00000295BC206000-memory.dmp

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\MonoMod.ILHelpers.dll

MD5 6512e89e0cb92514ef24be43f0bf4500
SHA1 a039c51f89656d9d5c584f063b2b675a9ff44b8e
SHA256 1411e4858412ded195f0e65544a4ec8e8249118b76375050a35c076940826cd0
SHA512 9ffb2ff050cce82dbfbbb0e85ab5f976fcd81086b3d8695502c5221c23d14080f0e494a33e0092b4feb2eda12e2130a2f02df3125733c2f5ec31356e92dea00b

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\Mono.Cecil.dll

MD5 de69bb29d6a9dfb615a90df3580d63b1
SHA1 74446b4dcc146ce61e5216bf7efac186adf7849b
SHA256 f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc
SHA512 6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

memory/876-369-0x00000295BDA70000-0x00000295BDACE000-memory.dmp

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\MonoMod.Utils.dll

MD5 79f1c4c312fdbb9258c2cdde3772271f
SHA1 a143434883e4ef2c0190407602b030f5c4fdf96f
SHA256 f22a4fa1e8b1b70286ecf07effb15d2184454fa88325ce4c0f31ffadb4bef50a
SHA512 b28ed3c063ae3a15cd52e625a860bbb65f6cd38ccad458657a163cd927c74ebf498fb12f1e578e869bcea00c6cd3f47ede10866e34a48c133c5ac26b902ae5d9

memory/876-371-0x00000295BDAE0000-0x00000295BDB36000-memory.dmp

memory/876-372-0x00000295BC130000-0x00000295BC136000-memory.dmp

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\MonoMod.Core.dll

MD5 b808181453b17f3fc1ab153bf11be197
SHA1 bce86080b7eb76783940d1ff277e2b46f231efe9
SHA256 da00cdfab411f8f535f17258981ec51d1af9b0bfcee3a360cbd0cb6f692dbcdd
SHA512 a2d941c6e69972f99707ade5c5325eb50b0ec4c5abf6a189eb11a46606fed8076be44c839d83cf310b67e66471e0ea3f6597857a8e2c7e2a7ad6de60c314f7d3

memory/876-373-0x00000295BC140000-0x00000295BC146000-memory.dmp

memory/876-375-0x00000295BDB40000-0x00000295BDB7C000-memory.dmp

memory/876-376-0x00000295BDA10000-0x00000295BDA2A000-memory.dmp

memory/876-377-0x0000000000430000-0x000000000043A000-memory.dmp

memory/1556-378-0x0000000005650000-0x00000000056EC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp4B3D.tmp.bat

MD5 39c9e325fa0a1a86d1c6a3796c005b63
SHA1 d987c76e530c96ce5ff17932204bf2935636eae1
SHA256 becbf9479d56115a565c4886951d9c042a9e71857cdb6fba46d36ba4190fb8bc
SHA512 117081ce5beb5b99d87a549bc3058c9a2409b7dac042478981eef2118dcf184fe86b549610b5a453fc4e94b2144f984ba8e81210d227d6f9980996b8120e55cb

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe

MD5 8b7b015c1ea809f5c6ade7269bdc5610
SHA1 c67d5d83ca18731d17f79529cfdb3d3dcad36b96
SHA256 7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
SHA512 e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\XWorm V5.2.exe.config

MD5 66f09a3993dcae94acfe39d45b553f58
SHA1 9d09f8e22d464f7021d7f713269b8169aed98682
SHA256 7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7
SHA512 c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

memory/5032-392-0x000001A806B80000-0x000001A8077B8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll

MD5 2f1a50031dcf5c87d92e8b2491fdcea6
SHA1 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA256 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA512 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

memory/5032-399-0x000001A822B60000-0x000001A82374C000-memory.dmp

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\Guna.UI2.dll

MD5 bcc0fe2b28edd2da651388f84599059b
SHA1 44d7756708aafa08730ca9dbdc01091790940a4f
SHA256 c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef
SHA512 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

memory/5032-401-0x000001A823A80000-0x000001A823C74000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffead769ed29e6b7dc383a5cecab3bed
SHA1 0de6b3fd587ab40a02d82e56672d90ffe94686cc
SHA256 8a1a285dc768e013bb0561e9e5605e71e6c60ee13e39d056c995d618f20c069a
SHA512 5a782303103a1cd2f8d1c72e0fab5e6d43f35d89bcf8997699d3290caa3665c9bec83836adac8fef984f6eecebd9602d62e2d6e96c3272383f0e408e703e7eb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 89a5c789ccfb9b7dfafa353ae6230766
SHA1 a7cb2f4e1b08bfe8c4f52b8f3d716d2d8df4d29f
SHA256 de5c24c6a61e3bbf055308cbf3d2f4cf8fd1cc17006313b4c8dea37facef3912
SHA512 d0f3ea2a6cddd08dfe8f8f9727980b756916f850195b3085a4b04de276dc3f59e18c9289ea1e4d73cc65e4aba0827b444e319214812a40ffa765f01b0276033c

C:\Users\Admin\Downloads\XWorm.V5.2\XWorm V5.2\GeoIP.dat

MD5 8ef41798df108ce9bd41382c9721b1c9
SHA1 1e6227635a12039f4d380531b032bf773f0e6de0
SHA256 bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740
SHA512 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

memory/3864-417-0x000001A57AF20000-0x000001A57AF30000-memory.dmp

memory/3864-433-0x000001A57B020000-0x000001A57B030000-memory.dmp

memory/3864-452-0x000001A5001C0000-0x000001A5001C2000-memory.dmp

memory/3352-462-0x00000209420C0000-0x00000209421C0000-memory.dmp

memory/1572-481-0x0000026A67B10000-0x0000026A67C10000-memory.dmp

memory/1572-512-0x0000026A78A10000-0x0000026A78A12000-memory.dmp

memory/1572-510-0x0000026A788F0000-0x0000026A788F2000-memory.dmp

memory/1572-515-0x0000026A78860000-0x0000026A78862000-memory.dmp

memory/1572-525-0x0000026A79000000-0x0000026A79002000-memory.dmp

memory/1572-517-0x0000026A78CE0000-0x0000026A78CE2000-memory.dmp

memory/1572-523-0x0000026A78EA0000-0x0000026A78EA2000-memory.dmp

memory/1572-536-0x0000026A78D60000-0x0000026A78D62000-memory.dmp

memory/1572-534-0x0000026A78D40000-0x0000026A78D42000-memory.dmp

memory/1572-530-0x0000026A78D20000-0x0000026A78D22000-memory.dmp

memory/1572-528-0x0000026A78D00000-0x0000026A78D02000-memory.dmp

memory/1572-521-0x0000026A78E80000-0x0000026A78E82000-memory.dmp

memory/1572-519-0x0000026A78E60000-0x0000026A78E62000-memory.dmp

memory/1572-578-0x0000026A79400000-0x0000026A79500000-memory.dmp

memory/1572-581-0x0000026A79630000-0x0000026A79730000-memory.dmp

memory/1572-579-0x0000026A79630000-0x0000026A79730000-memory.dmp

memory/1572-594-0x0000026A78A50000-0x0000026A78A52000-memory.dmp

memory/1572-592-0x0000026A78A40000-0x0000026A78A42000-memory.dmp

memory/1572-608-0x0000026A79600000-0x0000026A79602000-memory.dmp

memory/1572-610-0x0000026A79610000-0x0000026A79612000-memory.dmp

memory/3864-620-0x000001A501E90000-0x000001A501E91000-memory.dmp

memory/3864-619-0x000001A501E80000-0x000001A501E81000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4RJHRD2W\website_icon[1].svg

MD5 02f7553e1ac3129cd1c4d0442b5a0f81
SHA1 0dd8634450681fe1a2d0c1e5b02d6d0954e2772d
SHA256 0019255c610cb0843c524d7995905fa5201651fcc393846bee8414f0610097f5
SHA512 ac141a5648a3a22ceb295de8ecc6823f53d2a453316cd591dde888715344a60694316e1b85a5ceec72af62e34cc3d01768b020e5dfd5e0cb9916ec975ba4318e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JQCL54OC\favicon-32x32[1].png

MD5 16a75c7824b5223b8e22864354e9e33f
SHA1 2c35e76ebe2d8002369d582b32bd70374552c574
SHA256 7f3e38478d53875c1f35d67fc035067274bacf9df8285889ad04fb143dfdddd8
SHA512 bd09744894646081e02b9e730c68c82354e3907c419578bdcb45d52c99d909d78ee084c8948b99d14ac6c8dfb343c9eb9197af039c5ac99d356440efd10a4ee8

memory/1572-632-0x0000026A78690000-0x0000026A78692000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF44C627450E8E6D49.TMP

MD5 3299ea98e23acc25b3e39a202a1558fa
SHA1 e399287d9473fe42c85ed3675db6e5c8b4f2e18e
SHA256 de87a4dd7ae04ecb93bd101d8336b6a19dec3425175327d412b988f9c264c3af
SHA512 ac774f8dd7a14c403c0e6a152318944c297001e4df2513ab38b48eb3d83ac0f798a55d200d6a989edf02e6fe88bac264630a72ce29633b6d2cfe25ff65198011

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 457a87e1b25dcfd3d449e10a40d0a5af
SHA1 c301d239ad21f43c297c1b1ff80c54bfca602cc2
SHA256 1bde2d8fe2580cbd5d6b08bb9dfdd002510a0f91da7968c41647becbab75eb34
SHA512 e98303ea545a6b8de159f0cc4e35bd2d9a51e8b754ac41d8b02feba3abc09e01c9025c8dc50f022327acd637c129bf00b742e3b181a438806f7fc5c859f6d3d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fa6d439e3886cc47fb035234eba937d0
SHA1 a78c1e6bb10288f5071fa7884838f450a96e1a5b
SHA256 b5ab50305cf707b1986ad27f977925fe506d6f6b9034fe57ca1af1adf35da678
SHA512 aef23e4897b4109bd53bdd7047b25e723d9a3781f0033cbc4340963a91d7b31320d36e741df5c0f6d94b63af0e79e002255165fecdbf70e3589e6a48396f4d45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 de30e1be346430941a540f0d10ee877f
SHA1 4fd3d87a835e468139ec5cb40ee1f3c965b15aae
SHA256 dea96b775369c824325e6138959ae8af2dc4999e9e6062a8419888c0a43e17a3
SHA512 10fe100663d55f4ab608d5eef01f40c31f87802204c41be53ddc0959dc95e5bc9fe967a54c4cd9125b845ccaf56043c525d4ac77aac6db7b56e1904c0d213101

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c6e1ee23ed9e5fd7b9d36af2a71b827d
SHA1 6e3b5a3074aba98ada27a485502fec60cbf28213
SHA256 fd6c7893da9230aa4be861142bc1eff532f629535806a0cf42af26fe2fea4d56
SHA512 8b776fa37dac505f0e8b34f40de76e7575be387aea437f292ff732db6ccfb57d93253bf22b6c2db584aa84138c5d888388b6673abbd544f288c018773933ff80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41853ff930c70b5fe62b6c4ae392b0c9
SHA1 6f1cd51f7b3d330c49b51a1c9146ba76e78f1e8d
SHA256 746e031726d6009751b618177ad33fca9570a86f6f18f7f880a5d93324471164
SHA512 b266fd1526a585d0fbdc25e6d1b7e1dbd4186dc7450df93c4b4799dca3938c89f124b963f4804ff4e4ca69ab25500de7f8949d6bc590bfe9523e1ad3e31e3688

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 038a1f8cc73e2df5ebc31f4183baac18
SHA1 9f8787f10a588e28f4f89904f6a7eadb4a5bf062
SHA256 1d8ad80460524707764cee51da1845896d8b68a2da85076e1f0ab6a38df98b6d
SHA512 77f56a523905a4633cc4faeebfb5c87f5feb4cb36ee970c51638d73729680aa59295f46ba5fa5474eed1d34c6c3d33aa504bc2583763163d550423d14baa039d

C:\Users\Admin\Downloads\Xworm-Crack-main.zip.crdownload

MD5 b4b215c28bef2672999adbc0523ddba6
SHA1 ad898b411b07ad2002a33041235de27df8440318
SHA256 9dd1682f5e8414c278f9d99866fa955a814c136b7f13678a8187ca007731a942
SHA512 b0935ae6117557200001442eaf750a2e690cef188aef72eab194ced153b6b484855e1e358473431d5d5400b194036b993b221475224e78826acac99bda244846

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ee110a68cda6f39c7174106032335e42
SHA1 d62d0749c117bf40ae83dabe304ea1e0f1881e34
SHA256 34761179b883410f95fc145e523e01224852535546598754d9f1c13f10a7fc66
SHA512 8cb0d7651b6cffb056784b5c9e71d42f117637fbe6c7371a763bee67e4aa3f31688055c929125d2054355e9960142e2e62175c8fa88f998c0cac9b3521d0d4b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 883192456ca64194f6e9fc4b84de4d94
SHA1 d006979fb277909fe4d9ed83aac611d83d424c82
SHA256 7951e3550d4206e66696635a01e1c4479d52d3ea04e05ab3cea1f0e7ad1c9a8d
SHA512 020a4bfa90f8c96f0ed6b7a20802bf516334051595baf14dfac49abdfaebd41d9159ae7a484c1438987597f77ca7fe1559e5bc5b0c5d9f1e514897f6e35e78ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a2328d15c499e7bf35b633531a52555
SHA1 de5e3ed31225c3412cd56b69399ef2137a7eda27
SHA256 54dc13ffc2e04801001b3464715ce1c7087b3ae93641871a8de480afcf81c6be
SHA512 d542d40725b9bf80affee4ee6e23492e95e310c0a58c1b27a0877b1e866b4dafaba7f40213743e4b3ddc3b2ad9895c115507ead3712934f178b49058e8435bf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a5bfc.TMP

MD5 e87654a4d3221f750f7bb19ff22f68f0
SHA1 45638785533cb9881fba8e759237ab221e131f4a
SHA256 cba589ed904a57d9436712216741be7d8bf7937c9629ae3ad72d2fda5ab77847
SHA512 60fc517358b83bce19e16eec90b028a40eca841173c8dc84344504cef597e781334fab0d547734d933512d88326d28f154ff5e703899dd807654d64106507582

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 c755d5d057eebcff1cd497343004414c
SHA1 60091bbdfb43b6866d8fc20537441dc7d175abc8
SHA256 08c08f66e507ad096a2cdc9d34181291e9c6b0ebbce78bbedc42844aa949dbd8
SHA512 91d223cb51ace0576ff885135a8cf519bf906b1bee69220b1bdb33730cd9bd5c148d6ac2d2048fa195a1355bc922a81926e024c07a4f5bcd68fdc10d5e8e6ce8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a1a60ccf8c8b8e330f0332c9669e5531
SHA1 961dd9a0c4412c343b4903ea49c2ad83a22af3c7
SHA256 9d000e0626644fd0bb309388133a48f31874d7d74a0890b317ad7eee920aa733
SHA512 03eb932363a260ea20bac51c32162293229277edc93e33b1a6680a53126d82aa9ff8f5c967e0cd1560e0b14a49ca72fb9ba6ebce6b6306baee3be4f50b0daf29

memory/4508-1081-0x0000000000C80000-0x0000000000D00000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWorm V5.6.exe.log

MD5 16c5fce5f7230eea11598ec11ed42862
SHA1 75392d4824706090f5e8907eee1059349c927600
SHA256 87ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151
SHA512 153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d015bb5b8b1a88d3f31c3aad7b683fb4
SHA1 f88830eb4191e38fb9344df7576881b414588af0
SHA256 a232e81b789e17167582e17018807f5b7a09384c30722c0588af47a30447350a
SHA512 9612658b17540bb55fa8ab9317cab979ed95d5e5c7c1616409ec318ab78e7d85377e0e2e2f42bf0e01b1970a82a32a0a362b3582ebd88886807ddea62d44004b

C:\Users\Public\COM Surrogate

MD5 bf1ccd2d127e4ac0dc4ad6307cd1b62f
SHA1 fc95eb4ec00d3b745fb97f7f8f140cfbe51c23ac
SHA256 b32c1554a1a62e6d4c30bad330e5146016fe11521671536c669b429b895e5a11
SHA512 0b6fcb5596904849c5d1ef7439af2849394a56a5f64d337b85cfe2158c8aff2c2a6db5a03c5464520537ec5a203f4c784db4e47d48dc16efdfe064a0e831a3ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 346b7f0fd7f08d0bb954c5d68cc5299d
SHA1 19818f505af36ac6e0646395a17a3cb67bd5acba
SHA256 9ac15befd94c788ca70dceea7f62217d9e3611056dbef22bfcceec2247d4d262
SHA512 60fd833ac50a1d72995923d3aa51284fd0ee69e4d8a40681df7b609044b749bfdf7d6e90a8f9e22881b3c95f48d1b9d43e7f4f304ac768d3e77bf395aa4b79d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 510bbbafad2d8364db35b91959f834ad
SHA1 0b462589fa880b3d6d457ba409c7a59645a8e4ce
SHA256 3659cf757ce0ae34f3d30370274f93fbd1330941d587d8f6430b1b4fca4ac564
SHA512 235ad7bed4a0beb362e1e9d25957f5fa08fee831436030a33dd7f7b27a5960b523a996778f07fb5575e03ce3765fe20802bc2b73f3190a6692e914f983b59f8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cba4e3fa1dc162b1d7008bc15f43756f
SHA1 ae981c8261b9315a41f49bf15b18c22a719acebc
SHA256 acb8ef5de755267deebc088471f4cb1c7841c5246e7e3e0b2bf125cc1914ed9f
SHA512 92f74b63a0d87d43ab15ba3a55c1243667f368af819747065874298d2ede80b5ef9e8d30b7dfa64bdd6c6f5a89dd8ebaa652ffba30e3a3bdb37ca7ba52a7a9b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bdb62fe2f8ae40ed6b7f2e641e18bb16
SHA1 4fe36befcc02c5e8119127919822c766f2b323bc
SHA256 a5d3fffca0c17cd1446be65e39d953986167c048aeaad1661734dae507695cc5
SHA512 841ef1ca80f592db5a8cbc675d38bb573b679fae23c7d3cb458ab046b6cf52dc3e6a477abd7b5652d982ee526e801f0677f8d2f1f25bf788e4e1b8d9af5e5b1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ae64d2669a2334cbab6552b32626ff4
SHA1 28a6ba4b744622942fb159c39a7a291c998a5c1d
SHA256 5ebbb9370c9eebaa0695ce78cda6e3f061e590202204f0345f49efe4074bad83
SHA512 99d7ff67e6e231cc0d0068a7b92eefb25e0a0b19bce5b4ef29c44904983260df88eb9d4c7a375c5ca961df78a02dd1f4fd1ef1667859e662eab306bff33f3516