7f6f449b4351b9eeecadbd7747dce56479d1ba8555f72e873b08ad18409fd357

Analysis

max time kernel
146s
max time network
133s
platform
windows11-21h2_x64
resource
win11-20250218-en
resource tags

arch:x64arch:x86image:win11-20250218-enlocale:en-usos:windows11-21h2-x64system
submitted
07/03/2025, 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xworm-V5.6.rar
Size

20.9MB
MD5

b6b4bf93b1dc8c104f8e677c025d6684
SHA1

a438c7f82e7dab81410d3e773eb4b1b28bf63208
SHA256

7f6f449b4351b9eeecadbd7747dce56479d1ba8555f72e873b08ad18409fd357
SHA512

1ba5f644b56cc3cb5e76bea8733ca243365c84921c4c35a4df52845322ba211c045706b4096ab4407c5736fc340761e124ab0cde57a8794473e965405c98b8fa
SSDEEP

393216:ZzvRTMd3iEH+IAAnR2TGE/rGVLl6h4bk3L6giAXWdJwMMnWbA7VcCpRl:ZChiAlsTRTGPBbk3L6KXuwMMoA7VFpRl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3652	Xworm V5.6.exe
3128	Xworm V5.6.exe

Drops file in System32 directory 24 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfh007.dat	lodctr.exe
File created	C:\Windows\system32\perfc009.dat	lodctr.exe
File created	C:\Windows\system32\perfh009.dat	lodctr.exe
File created	C:\Windows\system32\perfc007.dat	lodctr.exe
File created	C:\Windows\system32\perfh00A.dat	lodctr.exe
File created	C:\Windows\system32\perfh011.dat	lodctr.exe
File created	C:\Windows\system32\perfc00A.dat	lodctr.exe
File created	C:\Windows\system32\perfh00A.dat	lodctr.exe
File created	C:\Windows\system32\perfc010.dat	lodctr.exe
File created	C:\Windows\system32\perfh010.dat	lodctr.exe
File created	C:\Windows\system32\perfh009.dat	lodctr.exe
File created	C:\Windows\system32\perfc010.dat	lodctr.exe
File created	C:\Windows\system32\perfc011.dat	lodctr.exe
File created	C:\Windows\system32\perfh011.dat	lodctr.exe
File created	C:\Windows\system32\perfc00C.dat	lodctr.exe
File created	C:\Windows\system32\perfh00C.dat	lodctr.exe
File created	C:\Windows\system32\perfc011.dat	lodctr.exe
File created	C:\Windows\system32\perfc00C.dat	lodctr.exe
File created	C:\Windows\system32\perfh00C.dat	lodctr.exe
File created	C:\Windows\system32\perfh007.dat	lodctr.exe
File created	C:\Windows\system32\perfc009.dat	lodctr.exe
File created	C:\Windows\system32\perfc00A.dat	lodctr.exe
File created	C:\Windows\system32\perfh010.dat	lodctr.exe
File created	C:\Windows\system32\perfc007.dat	lodctr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000\Software\Microsoft\Internet Explorer\TypedURLs	Xworm V5.6.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3696	vlc.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

pid	Process
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe
3128	Xworm V5.6.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
1704	7zFM.exe
3652	Xworm V5.6.exe
3696	vlc.exe
3128	Xworm V5.6.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	1704	7zFM.exe
Token: 35	1704	7zFM.exe
Token: SeSecurityPrivilege	1704	7zFM.exe
Token: 33	3436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3436	AUDIODG.EXE
Token: 33	3696	vlc.exe
Token: SeIncBasePriorityPrivilege	3696	vlc.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
1704	7zFM.exe
1704	7zFM.exe
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3128	Xworm V5.6.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
3652	Xworm V5.6.exe
3652	Xworm V5.6.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3696	vlc.exe
3128	Xworm V5.6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3696	vlc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 4724	3172	cmd.exe	104
PID 3172 wrote to memory of 4724	3172	cmd.exe	104
PID 4732 wrote to memory of 968	4732	cmd.exe	107
PID 4732 wrote to memory of 968	4732	cmd.exe	107

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4236,i,6925591690600939166,85426131164229687,262144 --variations-seed-version --mojo-platform-channel-handle=2724 /prefetch:14
1⤵
PID:72

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4128,i,6925591690600939166,85426131164229687,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:14
1⤵
PID:4972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1012

C:\Users\Admin\Desktop\Xworm-V5.6\Xworm V5.6.exe
"C:\Users\Admin\Desktop\Xworm-V5.6\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3652

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3436

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\Xworm-V5.6\Sounds\Chat.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Xworm-V5.6\Fixer.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Windows\system32\lodctr.exe
  lodctr /r
  2⤵
  - Drops file in System32 directory
  PID:4724

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Xworm-V5.6\Fixer.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Windows\system32\lodctr.exe
  lodctr /r
  2⤵
  - Drops file in System32 directory
  PID:968

C:\Users\Admin\Desktop\Xworm-V5.6\Xworm V5.6.exe
"C:\Users\Admin\Desktop\Xworm-V5.6\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3128

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3576,i,6925591690600939166,85426131164229687,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:14
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Xworm V5.6.exe.log

Filesize
1KB

MD5
8e0f23092b7a620dc2f45b4a9a596029

SHA1
58cc7c47602c73529e91ff9db3c74ff05459e4ea

SHA256
58b9918225aee046894cb3c6263687bfe4b5a5b8dff7196d72687d0f3f735034

SHA512
be458f811ad6a1f6b320e8d3e68e71062a8de686bae77c400d65091947b805c95024f3f1837e088cf5ecac5388d36f354285a6b57f91ea55567f19706128a043

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A63A958\Xworm-V5.6\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
87B

MD5
1580939fc563a12bc63baee4d91e3a72

SHA1
330f9ff9976e3d631aeafe994bb9964be5c4ca33

SHA256
c21750ce607511cc86687119d99ca733b09d9bfc8fd04de0d3e79ac57a2d6f23

SHA512
cd5f6dd6bd9c3e33ed665d3f00757319cd9125e268d301a4edf6ed857472a1221fbe260ac51491d5e4d0a3da7b1d358424a4bc51c1a1a7fb28ce48c98d180e9b

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
0a6c989a79f1907158566e07d8d4403b

SHA1
83987d82d9c0833b463bc640ebdde76b7e40adb0

SHA256
beb0f2655a9c0394825965483ab0247ca7f8263ea09e2147580d4f2309058b1c

SHA512
b6ccaaec647c1e749743c5b2e904caa2c6b5cba9259c0388556df5da585db480c81919b4e8b323c87e0660bcee10ecbcf4faacf958d57be622fc58dadc2b633e

Download Submit
C:\Users\Admin\Desktop\Xworm-V5.6\Fixer.bat

Filesize
122B

MD5
2dabc46ce85aaff29f22cd74ec074f86

SHA1
208ae3e48d67b94cc8be7bbfd9341d373fa8a730

SHA256
a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55

SHA512
6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3

Download Submit
C:\Users\Admin\Desktop\Xworm-V5.6\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\Xworm-V5.6\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\Xworm-V5.6\Sounds\Chat.wav

Filesize
45KB

MD5
832a3652fd780edcdb2439ec33532c0d

SHA1
f0754ee6519d77700f5ee5b744b8c99386d7b577

SHA256
45f4136e58a5f749d125d2ab54308f81954d2c5b364b66013660a6c358845d1e

SHA512
3b3b55afcdfa00d9b7085b20ed52a7b4d8b7d403f5d0d1c539781db1a20257efd8c856e19b8f32ea33766a580690b498ff063849519691a9a4cbbcd3e9447cd4

Download Submit
C:\Users\Admin\Desktop\Xworm-V5.6\Sounds\Intro.wav

Filesize
238KB

MD5
ad3b4fae17bcabc254df49f5e76b87a6

SHA1
1683ff029eebaffdc7a4827827da7bb361c8747e

SHA256
e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

SHA512
3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

Download Submit
C:\Users\Admin\Desktop\Xworm-V5.6\Xworm V5.6.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\Desktop\Xworm-V5.6\Xworm V5.6.exe.config

Filesize
183B

MD5
66f09a3993dcae94acfe39d45b553f58

SHA1
9d09f8e22d464f7021d7f713269b8169aed98682

SHA256
7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

SHA512
c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

Download Submit
C:\Windows\System32\perfc007.dat

Filesize
44KB

MD5
bc3d1639f16cb93350a76b95cd59108b

SHA1
47f1067b694967d71af236d5e33d31cb99741f4c

SHA256
004818827ecc581f75674919f4605d28eed27e3f2229ae051d6849129eef40e9

SHA512
fe44f3dbd009d932491af26c3615e616bc0042741dc3815ffb4d2b8d201efd8ab89f7cdd747406609393f005a596a6e9ea8e3f231bc150dc406c2adb8f806249

Download Submit
C:\Windows\System32\perfc00A.dat

Filesize
51KB

MD5
70c7ba068b82106810720fdec5406762

SHA1
744c05ee14ea69e9706a07967b4ca1597298729d

SHA256
f3fccee564956fd81a1bba3477a18b04197bccf5efa057713c92a77b266c7b33

SHA512
14bb6e89946abcc10f640e2d553623b319c829e31ff872be0976c3d0419bc8ac656e4774333d4040df9507f064e9f92347677f4b20c66317fffaabed5bb1c4b4

Download Submit
C:\Windows\System32\perfc00C.dat

Filesize
47KB

MD5
391168ff06e8d68c7a6f90c1ccb088be

SHA1
c3f8c12481c9d3559e8df93ade8f5bfefd271627

SHA256
7f2847cbf10a70dec0bfb78ca1bf2e548caa8de43deb290cc21d4d1a47bd7525

SHA512
71fe34a07a2107c03fc4735ca78814adc1c55ee3362ce01d6b9983b0ac52315485135b58edecbcd67252c1e27a451138a765bdf3f746e1241834cf35106520c6

Download Submit
C:\Windows\System32\perfc010.dat

Filesize
46KB

MD5
9c127d90b405f6e4e98e60bb83285a93

SHA1
358b36827fb8dbfd9f268d7278961ae3309baaa1

SHA256
878a012b076c81d7b46068109d9b9e1a86aa8527d87d0baee47b59b07502c578

SHA512
bd80bb82e6f2375107153b7da67ce4a3ab3d457103a8371f93e130edece21791d8a716ab9793b74c6b5ab10166ccb52aee430bc4b63403b7e4749d7db9929e73

Download Submit
C:\Windows\System32\perfc011.dat

Filesize
32KB

MD5
50681b748a019d0096b5df4ebe1eab74

SHA1
0fa741b445f16f05a1984813c7b07cc66097e180

SHA256
33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a

SHA512
568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e

Download Submit
C:\Windows\System32\perfh007.dat

Filesize
307KB

MD5
312d855b1d95ae830e067657cffdd28c

SHA1
8133c02adeae24916fa9c53e52b3bfe66ac3d5a3

SHA256
ca3f8056e3e2378509ab24f8b8471e5fccac403a5413be518ac35bbb42a2e2cf

SHA512
f25c1a81a582a2a5e3142bd97f425c6ee5c26f878b1155232002fff1e4a3528bc371fb962da256c281e05c6c537160a4f48e00ea1fcf3e9887097f8ca6ec2b14

Download Submit
C:\Windows\System32\perfh009.dat

Filesize
312KB

MD5
78f403befbe16cd64854e55383a41c8b

SHA1
ab36bacfdfd4f8fb6d1c2ead8a1886816a47c670

SHA256
220aa10410924876965bedb27d953a5902eab5aeb1c5ca59022465e28cbfcc92

SHA512
c3df5e3feebd4d0c0ff126fbbdb4eefedb7e044ba59dc626df6eb1a1064c70b0ae145816c23d5fb651f2f209b62bd5c8e80faf89cbb6f5e93d73294fb47c8749

Download Submit
C:\Windows\System32\perfh00A.dat

Filesize
360KB

MD5
1402add2a611322eb6f624705c8a9a4e

SHA1
d08b0b5e602d4587e534cf5e9c3d04c549a5aa47

SHA256
0ac43c8e77edb2c1468420653fc5d505b26cdc4da06c4121ce4bbecae561e6cb

SHA512
177d5ea7e77eee154042b5e064db67a5cac9435890a2ff65cd98da21433f4e7de743e9df22ac0ac61be89fc0be8655b46454ed4a930d13fc7c1dfebe5896781f

Download Submit
C:\Windows\System32\perfh00C.dat

Filesize
365KB

MD5
d5972cca5d434d4ca1742fe0a5ddd5d4

SHA1
a3cdc3ad50ff9ba19722f2e2cb76f95b60bd92b2

SHA256
f85cfffd1414d3e975f430a1e2f2a3b473ee8995a961dfb103fe18d5bf06e321

SHA512
2ce34cf9b868fda0852e6b0d805171fcfda00c0c6cf044bf8831e6fa2aef4933ae00a8eaf757c09d67c30ae7ab58136959351f7d04d8ba6921f51fc87378565c

Download Submit
C:\Windows\System32\perfh010.dat

Filesize
356KB

MD5
4e277d7a9304103e3b68291044c7db6b

SHA1
b23864c76259c674ac2bc0210dab181bfc04dedf

SHA256
5dc2192236274fda886a0c0f396646f9292000ba33bd0e2061a65bc06639be16

SHA512
094477571cb17d7b19f6e81ef237c579f03c944745499b2e537d77972da89f8f4baa0825c3f79993d96116aa071bbc776a96f55cf8ab3f60698c2c4e03e36957

Download Submit
C:\Windows\System32\perfh011.dat

Filesize
159KB

MD5
ab6f8e83a55fadfc107060ed8311e0a4

SHA1
55a39474b14b6600543080268d41e8732ba0edad

SHA256
8647f007d314a30ae0760a8b70c6c42b4cf0e7da321795dbf1d254377a70ff18

SHA512
f5be5c78e9d10dd69c8b21ab4d5702a3a24e2ff4cec19ae56a9d58e6ceb9edc40e17b548373b7db5ce58b6759ef3ce361e8514c774fda9a7d988d330a7944732

Download Submit
C:\Windows\system32\perfc007.dat

Filesize
39KB

MD5
c6a00700213a4cdfac7b02faabc2fa10

SHA1
d1fab1803050a67c59dfce442c1f1dacb166d0dc

SHA256
987d276742eba82260ac1509adc8678651d30103162b44d4e62fbde1b2f28559

SHA512
e3c879502f91b7e4ccbd300372108ffe0cfd2e49070c54f1b27fb83d3c0a7344ea7393b619f1fd6b21314915e32c50fb93f5a1511a383098107c57f1a14faf1d

Download Submit
C:\Windows\system32\perfc009.dat

Filesize
32KB

MD5
1e60bc5e525063b96078df17fbd3c4e1

SHA1
bae8eda409cb3e016ddd420c6354aeaac2d267b9

SHA256
a0894847ca6208cf7e519d8e825458596bbcd78156a453e32872de7592ea20d8

SHA512
5758d535e4ce20cc30b9b57fea1811feffb2655ecc6eec69c942defb4b4f8c06e8e37860f85ec7cad26df9d7635ecaf131a68ec4ee291aa36e448c7ef2339652

Download Submit
C:\Windows\system32\perfc009.dat

Filesize
132KB

MD5
6dc5c14932145ac8ce521d70380fc341

SHA1
d937ba8d03634dc67f0a2a081436e7a502b6abaa

SHA256
8997d7f264e18fb3cecd7774f67947f5224bda27b51d70d175fde7868a2ee47e

SHA512
085e3f424cc7845c590e73487dab0a1f62362cc9e7ef20ce26e2e39622e9f391266babfdd23b690149df790ba00b866ce63d94602a1d87fe92bfdd163c6e0131

Download Submit
C:\Windows\system32\perfc00A.dat

Filesize
42KB

MD5
08728aef33bbac5884423c1597e74a29

SHA1
64d28ea3dc5c4392a0210b4d26db146b26e40f0b

SHA256
fbd64fca18300003ddcdddf3b25ad501cf224035ef5975dedc64c7d139eb69e6

SHA512
001cc1ef7a69ce59a9e37133a8cdf14cc8e7a09bc74d4678d9af25da3eaa9d99efc6fdf64fd2e301acb796cef4a988d502b63a61dcce14511568130bb1551a0c

Download Submit
C:\Windows\system32\perfc00C.dat

Filesize
39KB

MD5
9f9af8517189b0d61b2615007e071084

SHA1
a33753ca07f370b7d99f6658b32abb97eed7bbc4

SHA256
b6dc84d6c21f558e69174d3b62e13fbb8aecd5e49de0fb737f56445a9b883034

SHA512
640f51590a6f5d61e9dcb9a463a6b7aae6d88749843d1ec62f30a00c95b4a449b442281ac61058db4da464bee03e62a1f43a91b0a05914d4dbda2bce007d745d

Download Submit
C:\Windows\system32\perfc010.dat

Filesize
145KB

MD5
f39f0d92a6e4dcaaa1ae2bc1fccba63e

SHA1
005498d62065f39e8db5fd2d75c21f37bc1da8bb

SHA256
991ee269d1105678f205462e84ba074080af30020170c4faaeef27c9188e3c01

SHA512
226dc7ee62c7b2e06af6d1bfd674816c2866dfb34bfb9b0991630f2ea31b38dd805bd7eee586406a4b3203f12283be77bc00d644ff1cb04dc1ae94c45940d1b7

Download Submit
C:\Windows\system32\perfc011.dat

Filesize
130KB

MD5
325bc872c5d669db877817bbc17b4dc9

SHA1
21d79a76b7d84295a89c4f7496c1a0905d2d95dd

SHA256
5fa3c048b49ca1fefd35ca2399bb4031f408bc27161833723d8f25809a0bc128

SHA512
f217a33219de253b0f22b72616a046fbf847773b47f38a130179282c27d93232b9dc1cfefd3bc981e6ee636af4f9cad8012ca20061787e64e2cd14075531e53b

Download Submit
C:\Windows\system32\perfh007.dat

Filesize
298KB

MD5
eadd51b4e0a81aa0a1ec7392a1ce681a

SHA1
f384c3bc0f16ccb5049ebbf7df776e684da84706

SHA256
1a2fd21891c4055b2ee03ee06665f1a09a6503f7a4b57acba67820ec561d12e4

SHA512
de74112ed8f81f4723241102e9e493921419f836e7f095000a0ae34616db1886c22dff6ab4dfd5bd1ebbc9840498c3606ac0e5791f7fadac1b52c18043571ae4

Download Submit
C:\Windows\system32\perfh009.dat

Filesize
290KB

MD5
56c3b96dd714b0da77c0b9fb0d392c86

SHA1
6dfd6e883c67ea4aef8a03d28874a677441e512f

SHA256
1bc70ca290a7b4afc37049a8435c81d9b863520609d2e4f627d08cd21c07a58e

SHA512
c2036039da93d0c594b99aad74f1bb807c7230a746d749cec57a5f6012e8dfc401f9430fe1c7090280532ffdb044f7a4970e17e5cede82581793d69e9bc6d10a

Download Submit
C:\Windows\system32\perfh00A.dat

Filesize
338KB

MD5
757de55399f7c5167e7cdfa65f184108

SHA1
06876adabd18e79946cc5280861145432257d210

SHA256
e7c22cb8443fb549de7a3e826645450ed47169ce0168c740096de44addd360dd

SHA512
51977c1104108e5b5ab0042e6d10ec95195be8c62dbd547b85626cc02b35e46cb363be8804f360220ce347709da3ba1626f253477b7512cdd414f1ad96cf4571

Download Submit
C:\Windows\system32\perfh00C.dat

Filesize
342KB

MD5
9a780b14eeafa8b9a2409f02bf9d9af0

SHA1
f52c28235879e45685ee0163f97c31099baa616d

SHA256
a04ee6316af61e7a475d47ab74744ea485b419566f5e40c96ec09b400926b932

SHA512
f316652ec8dc3af06842de056329230152e74f53530c4f099a2ee73a96106f2fc3dbf244dce75c10e3131cdfbaa3b4a28d8ff116f8d6d7ae7b5553688c170d7a

Download Submit
C:\Windows\system32\perfh010.dat

Filesize
704KB

MD5
b6eaca843e7bf14579d0175b75aa8743

SHA1
671651dc6f4bb51607811dd9c024463ccca54ce6

SHA256
32be4e7b8f74686266ef49420ff07343b975957884f3afc9a5de3b214447905b

SHA512
71229f7779f68d877f5af7e891b7e7fe38646eb9b57218f0b16f5e3dd30f62783f76a806dd2a4552cb183f948d5c182609ca7a93810c712dd2cb1aca762fd6e2

Download Submit
C:\Windows\system32\perfh011.dat

Filesize
468KB

MD5
431550bba9fff98401bf082888dfaea8

SHA1
c15ad12ae3d45bd79ce8e7883387e83749fd16c5

SHA256
2c56511ca6c0b774bdeff5104c67ff9dec7e8bb5cc50d5411c60dc99b536e028

SHA512
a577ca0d5a6f7418f81fecaa388eef8d2438bbe39444b750462e357fac976158823c4c135b6985720062e888bc71ea3bee3e44900f47acbef65e250bb145ce2e

Download Submit
memory/3652-253-0x00007FFBE7E60000-0x00007FFBE8922000-memory.dmp

Filesize
10.8MB

Download
memory/3652-250-0x00007FFBE7E60000-0x00007FFBE8922000-memory.dmp

Filesize
10.8MB

Download
memory/3652-248-0x00007FFBE7E63000-0x00007FFBE7E65000-memory.dmp

Filesize
8KB

Download
memory/3652-247-0x000002CA6D790000-0x000002CA6D984000-memory.dmp

Filesize
2.0MB

Download
memory/3652-245-0x00007FFBE7E60000-0x00007FFBE8922000-memory.dmp

Filesize
10.8MB

Download
memory/3652-244-0x000002CA504E0000-0x000002CA513C8000-memory.dmp

Filesize
14.9MB

Download
memory/3652-243-0x00007FFBE7E63000-0x00007FFBE7E65000-memory.dmp

Filesize
8KB

Download
memory/3696-294-0x00007FFBFB1B0000-0x00007FFBFB1C7000-memory.dmp

Filesize
92KB

Download
memory/3696-340-0x00007FFBE9140000-0x00007FFBE93F6000-memory.dmp

Filesize
2.7MB

Download
memory/3696-339-0x00007FFBFAF10000-0x00007FFBFAF44000-memory.dmp

Filesize
208KB

Download
memory/3696-341-0x00007FFBE6FA0000-0x00007FFBE8050000-memory.dmp

Filesize
16.7MB

Download
memory/3696-338-0x00007FF792800000-0x00007FF7928F8000-memory.dmp

Filesize
992KB

Download
memory/3696-308-0x00007FFBE90F0000-0x00007FFBE9131000-memory.dmp

Filesize
260KB

Download
memory/3696-309-0x00007FFBFA6E0000-0x00007FFBFA701000-memory.dmp

Filesize
132KB

Download
memory/3696-310-0x00007FFBEF920000-0x00007FFBEF938000-memory.dmp

Filesize
96KB

Download
memory/3696-311-0x00007FFBE9EE0000-0x00007FFBE9EF1000-memory.dmp

Filesize
68KB

Download
memory/3696-312-0x00007FFBE90D0000-0x00007FFBE90E1000-memory.dmp

Filesize
68KB

Download
memory/3696-313-0x00007FFBE90B0000-0x00007FFBE90C1000-memory.dmp

Filesize
68KB

Download
memory/3696-314-0x00007FFBE9090000-0x00007FFBE90AB000-memory.dmp

Filesize
108KB

Download
memory/3696-315-0x00007FFBE9070000-0x00007FFBE9081000-memory.dmp

Filesize
68KB

Download
memory/3696-316-0x00007FFBE9050000-0x00007FFBE9068000-memory.dmp

Filesize
96KB

Download
memory/3696-317-0x00007FFBE6F70000-0x00007FFBE6FA0000-memory.dmp

Filesize
192KB

Download
memory/3696-318-0x00007FFBE6F00000-0x00007FFBE6F67000-memory.dmp

Filesize
412KB

Download
memory/3696-319-0x00007FFBE6E80000-0x00007FFBE6EFC000-memory.dmp

Filesize
496KB

Download
memory/3696-307-0x00007FFBE6FA0000-0x00007FFBE8050000-memory.dmp

Filesize
16.7MB

Download
memory/3696-320-0x000002AB4A890000-0x000002AB4A8A1000-memory.dmp

Filesize
68KB

Download
memory/3696-321-0x000002AB4B710000-0x000002AB4B767000-memory.dmp

Filesize
348KB

Download
memory/3696-293-0x00007FFBFB6D0000-0x00007FFBFB6E8000-memory.dmp

Filesize
96KB

Download
memory/3696-306-0x00007FFBE8050000-0x00007FFBE825B000-memory.dmp

Filesize
2.0MB

Download
memory/3696-295-0x00007FFBFAEB0000-0x00007FFBFAEC1000-memory.dmp

Filesize
68KB

Download
memory/3696-304-0x00007FFBFAE50000-0x00007FFBFAE6D000-memory.dmp

Filesize
116KB

Download
memory/3696-292-0x00007FFBE9140000-0x00007FFBE93F6000-memory.dmp

Filesize
2.7MB

Download
memory/3696-305-0x00007FFBFA710000-0x00007FFBFA721000-memory.dmp

Filesize
68KB

Download
memory/3696-303-0x00007FFBFAE70000-0x00007FFBFAE81000-memory.dmp

Filesize
68KB

Download
memory/3696-296-0x00007FFBFAE90000-0x00007FFBFAEA7000-memory.dmp

Filesize
92KB

Download
memory/3696-290-0x00007FF792800000-0x00007FF7928F8000-memory.dmp

Filesize
992KB

Download
memory/3696-291-0x00007FFBFAF10000-0x00007FFBFAF44000-memory.dmp

Filesize
208KB

Download