agenttesla | 602d10d51dbe982c7734ea506d7bde39e55cca7a183f5356f640b473bbcd729b

Resubmissions

24/11/2023, 13:04

231124-qa6w9abb82 10

24/11/2023, 12:34

231124-pr17nabf4s 10

Analysis

max time kernel
1800s
max time network
1798s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2023, 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMG_0750.jpg
Size

303KB
MD5

2a51b0a807d9f22493f43f274bd296d9
SHA1

c08d9785eea512083446f288befd05962685dcfb
SHA256

602d10d51dbe982c7734ea506d7bde39e55cca7a183f5356f640b473bbcd729b
SHA512

94426032f3c72bc6438235349aba0aff69a11ae838b426c042655d688231bddd1ef4d2a5de2410183719d3dc504e664c1d54af4ceaaeef64bcc51f495402ada5
SSDEEP

6144:rT05ChxRejc33RlgRS6iIbYYBe/tww3AF+7Oq/RQ025bFgZYp:r0URejcHMWAe/tqFeR/kGZa

Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0006000000022f64-1345.dat	family_agenttesla
behavioral1/memory/6840-1346-0x00000245FC9B0000-0x00000245FCBA4000-memory.dmp	family_agenttesla

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
6840	XWormLoader 5.2 x64.exe
5568	XClient.exe
6692	XClient.exe
6092	XClient.exe

Loads dropped DLL 3 IoCs

pid	Process
1396	AnyDesk.exe
388	AnyDesk.exe
6840	XWormLoader 5.2 x64.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/files/0x0006000000022f99-1331.dat	agile_net
behavioral1/memory/6840-1332-0x00000245FCC80000-0x00000245FD8B8000-memory.dmp	agile_net

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWormLoader 5.2 x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWormLoader 5.2 x64.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Microsoft\Internet Explorer\TypedURLs	XWormLoader 5.2 x64.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "5"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	XWormLoader 5.2 x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	XWormLoader 5.2 x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 60003100000000006e571b80100058574f524d567e312e320000460009000400efbe78579b6978579c692e000000ed2e0200000007000000000000000000000000000000e6397c00580057006f0072006d002000560035002e00320000001a000000	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e8005398e082303024b98265d99428e115f0000	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	XWormLoader 5.2 x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	XWormLoader 5.2 x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	XWormLoader 5.2 x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	XWormLoader 5.2 x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	XWormLoader 5.2 x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	XWormLoader 5.2 x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	XWormLoader 5.2 x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "3"	XWormLoader 5.2 x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	XWormLoader 5.2 x64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\XWorm_V5.2.7z:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1396	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
388	AnyDesk.exe
388	AnyDesk.exe
388	AnyDesk.exe
388	AnyDesk.exe
388	AnyDesk.exe
388	AnyDesk.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5368	7zFM.exe
852	AnyDesk.exe
6840	XWormLoader 5.2 x64.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: 33	3296	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3296	AUDIODG.EXE
Token: SeDebugPrivilege	388	AnyDesk.exe
Token: SeDebugPrivilege	4616	firefox.exe
Token: SeDebugPrivilege	4616	firefox.exe
Token: SeDebugPrivilege	4616	firefox.exe
Token: SeRestorePrivilege	5368	7zFM.exe
Token: 35	5368	7zFM.exe
Token: SeSecurityPrivilege	5368	7zFM.exe
Token: SeDebugPrivilege	6840	XWormLoader 5.2 x64.exe
Token: SeDebugPrivilege	4616	firefox.exe
Token: SeDebugPrivilege	4616	firefox.exe
Token: SeDebugPrivilege	4616	firefox.exe
Token: SeDebugPrivilege	5568	XClient.exe
Token: SeDebugPrivilege	6692	XClient.exe
Token: SeDebugPrivilege	6092	XClient.exe
Token: SeDebugPrivilege	4616	firefox.exe
Token: SeDebugPrivilege	4616	firefox.exe
Token: SeDebugPrivilege	4616	firefox.exe

Suspicious use of FindShellTrayWindow 23 IoCs

pid	Process
1396	AnyDesk.exe
1396	AnyDesk.exe
1396	AnyDesk.exe
1396	AnyDesk.exe
1396	AnyDesk.exe
1396	AnyDesk.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
5368	7zFM.exe
5368	7zFM.exe
5368	7zFM.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
6840	XWormLoader 5.2 x64.exe
1396	AnyDesk.exe
1396	AnyDesk.exe

Suspicious use of SendNotifyMessage 19 IoCs

pid	Process
1396	AnyDesk.exe
1396	AnyDesk.exe
1396	AnyDesk.exe
1396	AnyDesk.exe
1396	AnyDesk.exe
1396	AnyDesk.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
6840	XWormLoader 5.2 x64.exe
1396	AnyDesk.exe
1396	AnyDesk.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
852	AnyDesk.exe
852	AnyDesk.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
4616	firefox.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe
6840	XWormLoader 5.2 x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 388	2772	AnyDesk.exe	119
PID 2772 wrote to memory of 388	2772	AnyDesk.exe	119
PID 2772 wrote to memory of 388	2772	AnyDesk.exe	119
PID 2772 wrote to memory of 1396	2772	AnyDesk.exe	120
PID 2772 wrote to memory of 1396	2772	AnyDesk.exe	120
PID 2772 wrote to memory of 1396	2772	AnyDesk.exe	120
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 2068 wrote to memory of 4616	2068	firefox.exe	141
PID 4616 wrote to memory of 5440	4616	firefox.exe	142
PID 4616 wrote to memory of 5440	4616	firefox.exe	142
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143
PID 4616 wrote to memory of 1356	4616	firefox.exe	143

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_0750.jpg
1⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe32379758,0x7ffe32379768,0x7ffe32379778
1⤵
PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:2
1⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:1716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3708 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=4960 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=4968 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4984 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:4196

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x2f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5544 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5984 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5820 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6364 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3944 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:4384

C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\Downloads\AnyDesk.exe
  "C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:388
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:852
- C:\Users\Admin\Downloads\AnyDesk.exe
  "C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5336 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:2
1⤵
PID:4016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5540 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:4976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6556 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:1256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6712 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6816 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:5288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=2232 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7120 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5848 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:548

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\114cc65142074988b574a23dc41b3dbe /t 3932 /p 4972
1⤵
PID:5276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6456 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:8
1⤵
PID:5208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6292 --field-trial-handle=1904,i,15534146558514624977,10467000506673818010,131072 /prefetch:1
1⤵
PID:1556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.0.135112619\120150832" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6218264e-7974-41b3-b4cb-824fb3b5d3dd} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 2012 212b5eda058 gpu
    3⤵
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.1.1246489212\1018710673" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {201cfa34-a10c-4c0e-a696-c0f2ef6da413} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 2412 212b5ce9958 socket
    3⤵
    PID:1356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.2.508125380\432132990" -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c209843e-996a-4cbc-aee0-8db0e0cb6364} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 3328 212b9eafb58 tab
    3⤵
    PID:3308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.3.638691842\602063530" -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cce4e04-0707-44dc-86d9-33826035bb5e} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 3704 212bab6b658 tab
    3⤵
    PID:1268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.4.973195099\976378754" -childID 3 -isForBrowser -prefsHandle 4460 -prefMapHandle 4452 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe5ca580-cec7-4538-b18f-ef08e87314bd} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 4476 212bbcad458 tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.5.727020675\613381806" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 5184 -prefsLen 26575 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88e637db-e479-4981-82a1-034740940c24} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 5196 212bc8aa258 tab
    3⤵
    PID:2632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.7.1897109159\1653264035" -childID 6 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 26575 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fb9bd36-79d9-4d34-b615-e9bb9f17ad31} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 5464 212bc8ac958 tab
    3⤵
    PID:620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.6.1557957556\554576757" -childID 5 -isForBrowser -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 26575 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f00b7970-4c2f-4b65-b673-25e22eac1507} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 5376 212b88ed158 tab
    3⤵
    PID:3468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.8.1268718734\1015752093" -childID 7 -isForBrowser -prefsHandle 5852 -prefMapHandle 5696 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a88d9756-99ef-44f7-b30c-bdc5ade5ba06} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 5872 212bd3ea558 tab
    3⤵
    PID:5268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.9.847056506\904979209" -childID 8 -isForBrowser -prefsHandle 6320 -prefMapHandle 6316 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e5d27ff-d6ac-4b5c-92bf-ca13b0fb0bae} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 6332 212bead4258 tab
    3⤵
    PID:2076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.10.413123957\1905644171" -childID 9 -isForBrowser -prefsHandle 10272 -prefMapHandle 10276 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb6890e9-be08-4b51-9516-46bea535b310} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 10268 212bf334758 tab
    3⤵
    PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.13.89378548\1651726816" -childID 12 -isForBrowser -prefsHandle 10108 -prefMapHandle 10112 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {499b6d29-09ae-4c58-ae46-fd2cdf1edc09} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 7896 212bf60bf58 tab
    3⤵
    PID:5252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.12.514971934\1067027636" -childID 11 -isForBrowser -prefsHandle 10184 -prefMapHandle 7996 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52634782-3bc0-4fc1-ba78-4820640f159b} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 7992 212bf70e658 tab
    3⤵
    PID:3456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.11.666795588\1670022513" -childID 10 -isForBrowser -prefsHandle 7988 -prefMapHandle 3672 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64e15266-6ab6-490d-a07a-ab4370c10557} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 3084 212bdfd0f58 tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.16.991612599\1524213954" -childID 15 -isForBrowser -prefsHandle 9712 -prefMapHandle 9716 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e6d390c-5d8b-4a8d-b57b-5362db56fcf8} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 9720 212bf66d958 tab
    3⤵
    PID:5140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.15.1037493429\1956996228" -childID 14 -isForBrowser -prefsHandle 9724 -prefMapHandle 9740 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26587a1c-ecd6-4009-a602-0453f9b64350} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 7832 212bf70f558 tab
    3⤵
    PID:2700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.14.2044091600\1183855713" -childID 13 -isForBrowser -prefsHandle 9748 -prefMapHandle 9752 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afca9af1-084d-49d9-b84b-d552b5d4180b} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 6248 212bf66ee58 tab
    3⤵
    PID:5884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.18.1873251596\1786278061" -childID 17 -isForBrowser -prefsHandle 7524 -prefMapHandle 7520 -prefsLen 26927 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e83bd8b-1c65-4e25-87d2-72d6610f5c87} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 6108 212bfeeb858 tab
    3⤵
    PID:1888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.19.341391427\1124120985" -childID 18 -isForBrowser -prefsHandle 7536 -prefMapHandle 7532 -prefsLen 26927 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1cb39cd-6aa8-4c61-9f97-9d3518b94247} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 9340 212bfeeac58 tab
    3⤵
    PID:2060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.17.64691905\147609852" -childID 16 -isForBrowser -prefsHandle 9372 -prefMapHandle 6140 -prefsLen 26927 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a53b3b5-5b63-41ed-b915-539112c46333} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 9360 212bfee9758 tab
    3⤵
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.21.338882346\2123766819" -childID 20 -isForBrowser -prefsHandle 8536 -prefMapHandle 8532 -prefsLen 26927 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {931e3e17-2bd1-4f87-b983-22c129277e66} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 8548 212bf452658 tab
    3⤵
    PID:6856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.20.419495991\618599335" -childID 19 -isForBrowser -prefsHandle 8680 -prefMapHandle 9204 -prefsLen 26927 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d41a70b-ad7f-4a47-8d33-252a550495c6} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 9448 212bf335358 tab
    3⤵
    PID:6848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.22.1181773294\1634687401" -childID 21 -isForBrowser -prefsHandle 9808 -prefMapHandle 2796 -prefsLen 27328 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d830c0a-7485-42db-a399-13fefed3c559} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 8904 212b9fcc558 tab
    3⤵
    PID:5596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.23.1985808903\1859120856" -childID 22 -isForBrowser -prefsHandle 7404 -prefMapHandle 7400 -prefsLen 27337 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c6c2b07-d340-4b0d-b8ed-de53d0a77211} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 8532 212bf70fb58 tab
    3⤵
    PID:6228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.24.545727791\1923383066" -childID 23 -isForBrowser -prefsHandle 9208 -prefMapHandle 7228 -prefsLen 27337 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73191d03-8a37-44b5-b1df-790a206e042b} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 7164 212a3f5fc58 tab
    3⤵
    PID:5716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4616.25.2011198643\257241988" -childID 24 -isForBrowser -prefsHandle 8912 -prefMapHandle 9060 -prefsLen 27337 -prefMapSize 232675 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f125877-de99-4a42-9c8d-986865caa2c5} 4616 "\\.\pipe\gecko-crash-server-pipe.4616" 7328 212a3f5f958 tab
    3⤵
    PID:6516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5272

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm_V5.2.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5368

C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6840
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\clphq5ke\clphq5ke.cmdline"
  2⤵
  PID:6408
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAF6E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc22242F54ABA4B77914C738F822B0C0.TMP"
    3⤵
    PID:6832

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4992

C:\Users\Admin\Downloads\XClient.exe
"C:\Users\Admin\Downloads\XClient.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5568

C:\Users\Admin\Downloads\XClient.exe
"C:\Users\Admin\Downloads\XClient.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6692

C:\Users\Admin\Downloads\XClient.exe
"C:\Users\Admin\Downloads\XClient.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b171f66ebcb14f936aef6117e3ad0a95

SHA1
6c2cccf7c63ae15f1473d7d2526eb6825dfa9bf6

SHA256
e9f9246d0bee536c28b0e3a9f3df03b3ba2fe8dc1184bf6df41bd0bf4dee96c6

SHA512
ce36e33dfb4ebdc45c9a646fced0062b651e584620895a7dd754f33626d7acb710ae58fadfec5440f4034b69e1095b43a92698b561ec9e99a3258954179db1e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9cb2689738acb1c68c8581de37076335

SHA1
20196ce96a87cc75f3dead8d98dc13b12f3d6a35

SHA256
0ecfea0150307142225411cc0f4e94108ade79ebe9ff38680cc67cbc9d9bd2c4

SHA512
590575b2b3b5cba8e1141f0dcba6d5010d4dbd7eddfb33f2a875446222dee09a67177030b786f8bcafcd08a6e359d428b999a02d26f0c2498f12575a786ffd2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
88cbe776bddaddc29db2a57f374bcf4e

SHA1
795849a43c16226ef20cddd7213fe50c536e26c5

SHA256
e51451cff6577c7ee53afcc75f7efeb59690919f4dc05b88022e1947b758eb59

SHA512
b61bc870ef729e597fb2fb4c1aabd264ce75376f6eb3fdb9403c83e63f27010100c9af556f51f29299e4ae35f52d15251e6ae8a78835969f2d4cc9218e96ed58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1dd7a0a3a2f54990e8958db2f27b1fbc

SHA1
fbd7a72050768332059b25ce0290230a121725a3

SHA256
f45321b594489bce240768bbcedb3daefe92cda4189d754eabafca87ff176276

SHA512
8bef1478826f440f985c37a0229259689c26048f24cf5eb8dc2f7a173be97cfe8d0349915eb68253ea35141bed4836fdcf2b614999e0347df53fb073497cd5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5c5b0448806a130aa5ee9a1cea81d36c

SHA1
706743923727bf51dc33f799a7a8e7840f01ed36

SHA256
c0463d97762484d2abdcc66ceee8a95d8766b3e232626346de5d6f1625f8226d

SHA512
69cb2e99e853d9a6e6bc699485cf33b3a69c7e52eb935b6515d9917d24da2cde81df728eca74c7df8cbf95eafcca51e16fa017e2e443bea23911f3e4900f25da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c2d33179e4c6c56d04e001274a94a8c6

SHA1
dc6c6e98808b38b7ac3ea850d972cc598d654a56

SHA256
0810d2f95413c8979d2001c06fb07b0123d5a66116a61af3599e0f2034d20b91

SHA512
c535adfca4bf3facc01c8ba0975b879bf15ff3115e46573298007c45c21e97748e0064f576c322c731f062afd3893a92df435e70cd4ed51bcb214f487a45aa1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2ebb9cf437977a33981bf46378b09e93

SHA1
2bec7b19bb0b6b33ae24a230d99006162329338d

SHA256
aa538e070f2061bcf4fade4f658a415dd92de619cbbad47aeeedc02c95a9511c

SHA512
f9e28bf08022014b2528ac0618b5a62287ce77d4c49f723ee8f93273d273a0ebdd2db70535f8260b2d67345aceb93c540605778782f04b5da40dbe1f46ac5e58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a66fb001-4fc3-4e93-a5fc-a823acdc2d88.tmp

Filesize
2KB

MD5
fc065028894e0bcaaeb3da6807a8c51b

SHA1
09751bcf05d3b552631b642682f29c2b09bbe285

SHA256
247287f7419180c596394221ba8f28b6317be9fe71b0e5d4a403a37e8f21158e

SHA512
97dc449b5126ca9c0a536b1ae38c9b065156fd62f0b185416fd050027351895660faa257d96eab5d2f4dda77fba54289f54408cf47b817c866461120673d63da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\dd5a1d5a-4e3a-47ae-804f-411e20ab46c8.tmp

Filesize
2KB

MD5
a506ee095e96563966c09cada068db95

SHA1
df7f78cd24ac12f5f2305b0931a3eddc357b9fb1

SHA256
053a27cf423563b9efea0213e4d9a977cd3d8201ff6d2ec7a02688c565549de4

SHA512
cb4771bfce571a73890752e7afc280d8f00ee8b69a03eb5ceb93e601ed410e29ec3a986eed6bfe9ada59436415939ccaad3f354954e61750c8c9906e8e033bc3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
e1c39595160ffa6676770ff4069bb12e

SHA1
6c9e026354d94fd1fdd6c51e6dadd5d55266dd28

SHA256
d843d51166afecf69b26e3846668de96eff60b7fb0fe20b78fd4810c0a4f570d

SHA512
c902966c2e4f9055861ddf927b90d19526f65a568960095d5abb6cdd82ed834af2b8da76105628fd97608cfe2ec4ae854c28c4ed8367f2eb4e48b562c0e0045d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\12010

Filesize
20KB

MD5
cec7a54265769c575223a92128df0c34

SHA1
4fde73f3c04a7cdd11af28331747fae428b9103f

SHA256
ffa31f9115fe84d945854814bc580612ae98fbf032da6fa032f7b737e69f6474

SHA512
7572c896d4ca010325750ac110e386b659c812e51c090d7f885cc98f2924f665a645aa1a13ce39ba382bc4132b3aa7f89d746f1f14bbb01c23a92a5feb93a440

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\12440

Filesize
10KB

MD5
eb3936ca814a1bb144f4edfb53663325

SHA1
8c5e80fc9f34e0ea9d1cfa65916194b54f1dd282

SHA256
7495a67456c8930498da6a8154b9905026beaade0f3ec58088a44e7d16fd91df

SHA512
e3f3461f932afd2c96c22730e5a226ebf579f03ec77c295740a2abffac6e7fea14a7144ddec5b78b413b364b61a3a487f36cf19d6fea8c25662527425ad0c36b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\14740

Filesize
8KB

MD5
6f774fba8baab667eea8d8d4f35bb325

SHA1
be5c1d5862b28772095f1b8be6fbddba309fdd3c

SHA256
69fdf9ff69b0c37d9eb5e5d7b1fa8f043457c1de715571150725609651d12852

SHA512
1a1055d0a887d8cff924a924d287995150fb95f7a7e42a7f6bb33d9de1a0c4ce8d3f93c02536b5a2065f9b995163026a6e02f8addca4ad1418ca47bda461ee34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\14834

Filesize
14KB

MD5
1579996362900f25cf0fe539e70f0341

SHA1
33cd88877d24599e2858b8c7457807f4b0657e00

SHA256
72be40046f608c26581973cb9140ba11aae9144a4c14168149d1dde48600b1e5

SHA512
5b2bfcde47922008a9791c36a3e5c8e433d364e24b6013f731d0aaed45ebe2e63919b396cadec631227d078301d5ca16022b65db69b6ebcda90d0eb72c0a517d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\1685

Filesize
11KB

MD5
2fe0cb0625a020e54c3e8fc752b830e7

SHA1
23a6bf52b5069b7a79f1118e7694cd6fd19e6f04

SHA256
85c4e6aeec2c175e98ef2810f321ba4f752dee434af6c856bfcbc49ed7714817

SHA512
c45dc3863fe5264ce2841f3e47e0aa638aadff0516a7c4a93a080ba0ff1d78c559a94531e5bd3bcb779bfc1a1fc2a9b09e2815d8ed9d8ff53e8ee85b1140dd71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\17219

Filesize
12KB

MD5
41bbba3190f33a6a032202fdb5e8f15c

SHA1
fd515d9d90b413f9007e1e0aeb75950c5c549d96

SHA256
de258af0f3530f7ba2fe193651e7272324415aebfa685d0061748a11fe5067bf

SHA512
1d7e9058ae32bbcae33e353f6f79ad1fe83736687c47bd6e1ff63f116c55da5fd8f72d4230211d4fbd8b85d0c37077bc544a0a42f02687853c04e7b3aba72900

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\18819

Filesize
11KB

MD5
9959fb5c6524e9ec79b1c6b47d35a448

SHA1
d707daae67dd8a3e35201d5044b4d9907ed41936

SHA256
ec16b140b04340679486da6f1003f3786beea0c9f772e40d93cd76c5a07d8baf

SHA512
2aba2c2cf201eb70224956d6b4340c83fadad3a0f1e73b960671ed3c41eec69bf085180431722b3d551066dc33ebc82c55972198606616cb5f6004e697dc6895

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\2107

Filesize
9KB

MD5
01c270e0bb0ab65ce53a79b0965162b9

SHA1
b22746ad2456e2d6f3a50df79a5bbf9634971344

SHA256
4b14c233b9772d467d0d2c21097783dab33aabb846b7c8fc19afea1fe9eefaa6

SHA512
8946bfea10881e5e7129d460b1e7fd052486185615b6a338074da7768fd8dce9070cd862b5bb3709bb958268a2bb95836b817a1cbf316412ba6edbdd7479f663

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\21808

Filesize
9KB

MD5
e6defa9706be7bee657e476c438c8b02

SHA1
a5cc0f87888ac28f2cc862d558db6425050ec858

SHA256
75a674911d6315b61ed8960211e924671aceda922d7c2d88dcdf58aa90f42a5c

SHA512
5ede300612f4ed3ac82044f74dacc9117f262834b4188f33e4bbfe57a96571799ae4b7436156626c4b81b8c7ff72acdb66cd43988015c52dc10af57c2ff6b834

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\24294

Filesize
9KB

MD5
daff9e40353fdf264cb0e56012372343

SHA1
1c86b82f93a19b7101202d02e7c5b86bc9628519

SHA256
6f319b29c51e3414234f3ee088788dbc10b9fd91071b00de2086a4e3db66048e

SHA512
0f86f40570deec878927826c313914b9d20d26844592709a9253380bca165ae21c4875b3e45c253b245d65239535b1440e8cfff0c4ff9982c287d795a6d1eb76

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\2556

Filesize
14KB

MD5
f0c23e6998c167cf70825724367b1cdb

SHA1
36a3c66006bb094b38079c1bc8b417271454a09b

SHA256
d09e4c188a5fcca1ede5c6f3c3074e8fc89c2e490da9f94e6e3f84efb4b66c4a

SHA512
78043189e182419a76c26ed068c28b7f1f5cbb0c1c5df7b8b8a130644e0e9373a4fa1b9d7d1c3db0cc6a4315546bee57e0c5feaf422bdbea0ddd39ee73645159

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\2562

Filesize
8KB

MD5
96b8dd45d9bc0c8a2043b147b025d3f4

SHA1
53b24dcb2c695811a4a8149176a76b25b2e6f193

SHA256
b1b240621be4777dd3fb079ee1379e1d6790a1cf010d0b51ff91828c90a7bba5

SHA512
6b222c351ad5ef641201549c14562c7df541017eba3c5dc60ec582de9d4f3ae713a50db28d568d849f284e8d70f88fe8310aa28cb22edd6694a9cd28a7eb3383

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\27626

Filesize
10KB

MD5
20d856ac9b793edecaf4c492c4b9b54a

SHA1
7729cb607f980c6633187ea1854129ab7e28b825

SHA256
c3ac9cdb510b2f53e15b177d253ca7480929dff1702d641577d0ead96ddd3f3c

SHA512
f5f89b14ccc8becfc8e8e0c7191e668acbc3d496e856a16624ac54d6d3f8390a2a6c547290df0b9ccb223698e565f80d6af71dd959b97ed42be30528d8a0daf2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\30299

Filesize
42KB

MD5
b750660889a5bea8fc237d67471057e4

SHA1
9a3a183c8edfd6d4bee659c08897f9730f1ed33c

SHA256
30699bbac37677ccc31b8a517df1b0e2268d5ef439ab49a928d9e516b1c7951e

SHA512
822f726c5f65af44fa1e5e65f6d8bda0ae600424e1d18e3599c4209691ac2b038a5e4e863994b393223e2a3d5bd032fd001885923c34f573940b1ea198b83e68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\30530

Filesize
11KB

MD5
c51dfccbc79ea1406a3379556f0eb52c

SHA1
f4203ddc10002fcaa743a5a4441f29afc83e3fde

SHA256
09071d18a5ad7931d15d11b35e9450ed79282c8c295d2ca770e2436b1e2aff66

SHA512
ad7a25021bf8c584b9c5a20905a162c4a9a7833c64afe6282d65d50556b03d8c69f223e4e59b200f7f669ec041d7903b3aebd794a672249b9b02a61bdcb7eee8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\32659

Filesize
11KB

MD5
35a2a3a3d4c61e3cda89883460b5f6d3

SHA1
bcb85d6e90a3d820c9da60c0737216c8c6eeb11d

SHA256
a3098463730c49cd97c96963492796cca9560f382919df9e6eea03cdaa2967eb

SHA512
4cbb99d8e2eded7e2e043a6f69c64e1157d41734448e1ecd03b0965c48495f869f6e73a4622257f4b6ad191de6f9f133b22f34133334ef4c45b7800c7333e03a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\4498

Filesize
11KB

MD5
f08168e244f9adc817e99aa39822992e

SHA1
811eab23cf9cec71bb300c271c6b3e4607056b9c

SHA256
2c8a3bce2970dfc369592a968dd7e7dfffb4c44bcb1bcfdabbec35be90e8838b

SHA512
d6907d8c2a314e557a163d59ff3b1a0b41d6a36d61af9a79011b6ab532f31532ededdde53f601ed77f0ec744ccb102291a7539feffc347f119e9a5388702c607

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\entries\577A586685F8D27BD5B926CE96132B84424D8EA4

Filesize
13KB

MD5
01d46d3235ea4de3b036f75bb994fed0

SHA1
fbef4e3d8761ec0c96920aae0339e0859be73c28

SHA256
337b30bdd7be35e5a1c712ea339c57b391d2e9111e5791ac6d4154db1b144059

SHA512
df8f39a0ef9ab05c63aa30637606c8aced1bf7e76e6c5ced5f2480df84118a523934bbbc27f6797853c9e5ae94e6af835f44a5af5575c3dbcae1ec54bf276e82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\entries\F292AFEB82256A830F3B565FB6F65280E1551362

Filesize
29KB

MD5
d840e447f48aa2858ca7b6a7dc9f681e

SHA1
154abb334ce2d11c0b2f414d4d38eaaa23f444a6

SHA256
cfc7329c1497a5fde2678e261890fec0af1fb87f52313484e7a2644165528ac4

SHA512
06fc5417cab0bc0e70887ff06af380a0f384b72114c42729efa98dbfdaa13e9db6cce270787cda029b603ca8c74ea8f20cfdd996402c5a78576540b7638df298

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\thumbnails\006cf48c3bca0f832a74e7acef9e9843.png

Filesize
6KB

MD5
c875ff94cb3e1b44a2fe8a958d6d0878

SHA1
cb3f0d115ea69e1ac4561626d1474e6e11f87411

SHA256
9cfd2a18ecbb8564e3e58b7ce84bef6705caaea3343ff11afb1e58b55fb8bbeb

SHA512
8d124aa4d73802373181cf54cb0bc10f982be1963623cd47c5ae2fc304084536799bf5833105ecc5ebaa2c4d48dfbd6823a4bfa46abd949a0af06a8a62989f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8F441E5F\XWorm V5.2\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll

Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll

Filesize
112KB

MD5
2f1a50031dcf5c87d92e8b2491fdcea6

SHA1
71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

SHA256
47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

SHA512
1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
040dde1ec0c33591c6ba7f8e1ea1c8f5

SHA1
b654a84dde0b8fe3796b5aa8dd22eabde563fc05

SHA256
a385524a95969ba60de38b4b169ec00c8071e1d51ac5318bbdde15db210b7fd6

SHA512
f82613ab463f41ac69c0ef3760c13406acf1185931e69486aa8c6306a7b7ff6143f7accfb5873757e7e7d2ccd2cffe9667096760550b97dde873a83a2e760403

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
040dde1ec0c33591c6ba7f8e1ea1c8f5

SHA1
b654a84dde0b8fe3796b5aa8dd22eabde563fc05

SHA256
a385524a95969ba60de38b4b169ec00c8071e1d51ac5318bbdde15db210b7fd6

SHA512
f82613ab463f41ac69c0ef3760c13406acf1185931e69486aa8c6306a7b7ff6143f7accfb5873757e7e7d2ccd2cffe9667096760550b97dde873a83a2e760403

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
39KB

MD5
21f8f96cfa1e8d8e1719fa20f48ee89a

SHA1
58bb3f9f239b75f4fc10b42457b155224ff62a65

SHA256
78a9876f38a488620a1272f42096a2dcb5563ae5c536c0a9141f4cd83c1b65f7

SHA512
79f033a9dc1263c9aeff95e5d06f02f6ea538c40f05dafa674b5491b7cf7f4eb1fdd4f942574dcaa829a03c0705446889f0d876ccce51d279a23258ae6b3d8f5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
8af422a12cbec09b1a2cd5a5e84683fa

SHA1
663a782964d2f6fdfe7f1515b9bacbdd56e1df2f

SHA256
40319dc92733763e3948b5a142f7b046e72785618f85c477415115981bb380d9

SHA512
ef5b9b7d266ce97f1ac3b12601b7d7f815047db1b33699bee0752cca64a8a2be99a6ce3e29e9cb58a6feeb4a3931dbe7194522d60e33fa96f6308c23130fcdec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
5cc12eb137861f80f3bbd9a6278968d6

SHA1
e97ff244a15302b6f9d141f9577d8d9801a3817b

SHA256
70c4ff137aa9c2226c096548ebf5275eef23e9eb9c874b8631cb668186ff229f

SHA512
cdb2da609f30d281d99b0d1b5acf0fe5603df0370d9780c27bb4328e1177c695dbbb1035c39ca44bb16f410927c700479faa66b45a9e31c9c71aa01c35198b51

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
522596dbccaf2200cfa644cdae304cfb

SHA1
b48c54979c6caeb62f03a978a737a71dc39c2bed

SHA256
bc1146303c9790b0cb2f3efb4ab2ea83b4c658f80668fc142a6cee0b72c752d7

SHA512
7d813901f008d4da1d19264ae9015f73abe71abcf51d0499d31111f500280077ec5409dd093e33ec3fbd2ae7528c51e6d3f0116940333af298d04f5f8810de78

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
522596dbccaf2200cfa644cdae304cfb

SHA1
b48c54979c6caeb62f03a978a737a71dc39c2bed

SHA256
bc1146303c9790b0cb2f3efb4ab2ea83b4c658f80668fc142a6cee0b72c752d7

SHA512
7d813901f008d4da1d19264ae9015f73abe71abcf51d0499d31111f500280077ec5409dd093e33ec3fbd2ae7528c51e6d3f0116940333af298d04f5f8810de78

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
522596dbccaf2200cfa644cdae304cfb

SHA1
b48c54979c6caeb62f03a978a737a71dc39c2bed

SHA256
bc1146303c9790b0cb2f3efb4ab2ea83b4c658f80668fc142a6cee0b72c752d7

SHA512
7d813901f008d4da1d19264ae9015f73abe71abcf51d0499d31111f500280077ec5409dd093e33ec3fbd2ae7528c51e6d3f0116940333af298d04f5f8810de78

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
612B

MD5
44191163f9aa26774bedd51f3b176a6f

SHA1
4267101aeefc20bd22dfabe8ce70d9ed7a7f68a4

SHA256
bd8f2c7ac3dfdf723162a2f0881b7be7c8d4e9d0d97869884689d59383e89e74

SHA512
7f16cdae96f8f87b1aaac1a598dcb26337947fa43697a47d0bd24e41980258a00c72bc54313a6ba00b6b69709c0f01a32446254ead86961c332494469fa24ecc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
838ee2e4af10d44159853bf5e76269b2

SHA1
7a97f9aeef565a7d49f021880d59db4b6ed52b86

SHA256
78c62178378e58e120613819a9f75d32ba99716f1eeca42af53e451d310359ff

SHA512
4ed0ae51ff5d7f107bbcb8b486b44a2c53062321538fe6253be6bdd500adff4da2607ae1354a3cb5583b885ef9c9559ca371079fc41dcb3d8989d0f5e83a28aa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
838ee2e4af10d44159853bf5e76269b2

SHA1
7a97f9aeef565a7d49f021880d59db4b6ed52b86

SHA256
78c62178378e58e120613819a9f75d32ba99716f1eeca42af53e451d310359ff

SHA512
4ed0ae51ff5d7f107bbcb8b486b44a2c53062321538fe6253be6bdd500adff4da2607ae1354a3cb5583b885ef9c9559ca371079fc41dcb3d8989d0f5e83a28aa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
bf32697ca1ce4a20c5eaa28573bb998b

SHA1
1866d4bee90e43755cb2fde3bd1ffb4a2847ad86

SHA256
423e8a5c813dbe38f6276cbe1c66e555b267597b2c84c7eefa973c544ecff72b

SHA512
9049fc15ce2723fa50c32d8e7eef0d5c1e858cdeb2796c569b8b97344eb61d74cea7241806b0719a8721f2435c26895177225f498ec027aa38ca2d57ccd76b21

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
fdc2a5484eab0f0b12f02adca52da63d

SHA1
0771591cf187b99e4bd4cfae2a0cb9c47c79f76b

SHA256
7b923ab31f7e8975c37e022f8707e1bf5bddfd7f4e696cd81874948998c2fa5a

SHA512
ff9b2700bee5d7ace665c3d940194bfe771a22ff158181eee5620f8f63e9b45f09e07dd06b278c378a44ba7895522d497fca297958bcf1e2881493ffa90e4cb1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b136ced34b22c476fceb2428846a28b3

SHA1
00aaa95bc6a0abd99399167259ef07207f8500a9

SHA256
90aecf5780e40eb3a3d8c9796ee858610a793c35ce85352edbfbb5fb14b76e62

SHA512
69b57402067b96e44713c8fa448a79401ace4c6201621f5a0a42a2a5c7526af24f46ba1bbf0db84477f2bd0e6975b8aafc80ec4c5daa38fad1e07c02f4c4d053

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
254ba6704959156de5ceb9eda8ae6681

SHA1
8422281616cb90204c887a701ddf3000116b8760

SHA256
5b93f0fec03e79a9991a5fec81e6d0688fc4c7748933d834785385ca3d851a88

SHA512
ab3d4e98ff12a82896c7d9547358e387eabaecc9d92e2c34c82fba41245aa1302e339c8fddd8fdb128ce116752dabacea341638f9b2a6e463b3565f9939da034

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d7252149be5df5f28e5516b3513e1ea6

SHA1
f5a25d49cfb0f8a93b72c330752353edfa8e649d

SHA256
95ba34c4a1c35afd0c5d4d79fcc77db0b6654d5f59b77a9dad0d179cca21fbd9

SHA512
8d80e52f1f83beb55af1359b5b8b83da4796d1fd9633788ac08d847538bd7a7a777bb39dab54d76977eedb73331e6c21780363f0c0e3df1548a0cf80511bae02

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d7252149be5df5f28e5516b3513e1ea6

SHA1
f5a25d49cfb0f8a93b72c330752353edfa8e649d

SHA256
95ba34c4a1c35afd0c5d4d79fcc77db0b6654d5f59b77a9dad0d179cca21fbd9

SHA512
8d80e52f1f83beb55af1359b5b8b83da4796d1fd9633788ac08d847538bd7a7a777bb39dab54d76977eedb73331e6c21780363f0c0e3df1548a0cf80511bae02

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d7252149be5df5f28e5516b3513e1ea6

SHA1
f5a25d49cfb0f8a93b72c330752353edfa8e649d

SHA256
95ba34c4a1c35afd0c5d4d79fcc77db0b6654d5f59b77a9dad0d179cca21fbd9

SHA512
8d80e52f1f83beb55af1359b5b8b83da4796d1fd9633788ac08d847538bd7a7a777bb39dab54d76977eedb73331e6c21780363f0c0e3df1548a0cf80511bae02

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d7252149be5df5f28e5516b3513e1ea6

SHA1
f5a25d49cfb0f8a93b72c330752353edfa8e649d

SHA256
95ba34c4a1c35afd0c5d4d79fcc77db0b6654d5f59b77a9dad0d179cca21fbd9

SHA512
8d80e52f1f83beb55af1359b5b8b83da4796d1fd9633788ac08d847538bd7a7a777bb39dab54d76977eedb73331e6c21780363f0c0e3df1548a0cf80511bae02

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ef0adf1f32b06101209eda49b82fbbc

SHA1
9e120588245b0d90c8f9086c86c99e806415ef9f

SHA256
a45d99419b4b28834f1f5fe57a8082d64dac37244180eafaf1b72c903f802b32

SHA512
a57fa027d2d4214c8d5b9fcb89f00438dc6c7a3ff3d26d4ae29df3e2b8ff5abd18d38eb3171a45507683f5dfea1d17ed0c42392e2aae99aade8108b6f1306bc2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
6d22bba005fe6171b5832a6f6455742e

SHA1
7b20118b651ebeb9004e9b33ab5c7632d3d52f50

SHA256
f47bdf783d5e997b3b8b9444900e9677e086abcb5c9737ecee83f306926918d1

SHA512
42689e81c91b895bdb4aadb3c732bec6fb82c2d4fd5299c789259ae9f3855ab83c9a5b73dfcb9c3962605b30715f100d209bbb4a4eeb027dfc7b6cf63d73ab9b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
6d22bba005fe6171b5832a6f6455742e

SHA1
7b20118b651ebeb9004e9b33ab5c7632d3d52f50

SHA256
f47bdf783d5e997b3b8b9444900e9677e086abcb5c9737ecee83f306926918d1

SHA512
42689e81c91b895bdb4aadb3c732bec6fb82c2d4fd5299c789259ae9f3855ab83c9a5b73dfcb9c3962605b30715f100d209bbb4a4eeb027dfc7b6cf63d73ab9b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
cba3ea965d2d69f7ba4468459126c6ee

SHA1
d7e0386d5edc931746b1ceb4a964201529820658

SHA256
2d030bb8e21d34c764f2520b113461b419b2bb501e0cab56a7b7bd5077f8e2b5

SHA512
dc9c994f8f8ca0f14323e2989c85307e1955083142d6acabf8e0126b8568c19718fd2d7da51c4001450203ffc803bf0f9b4fb3eae42c5be132300b80d75eade3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
cba3ea965d2d69f7ba4468459126c6ee

SHA1
d7e0386d5edc931746b1ceb4a964201529820658

SHA256
2d030bb8e21d34c764f2520b113461b419b2bb501e0cab56a7b7bd5077f8e2b5

SHA512
dc9c994f8f8ca0f14323e2989c85307e1955083142d6acabf8e0126b8568c19718fd2d7da51c4001450203ffc803bf0f9b4fb3eae42c5be132300b80d75eade3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
3e1aaa964e363315959d6fddf5c761bd

SHA1
b12d2780fea7e95495fad8a65509c24a18c9e73f

SHA256
26f356e2e8c364b7477b6f1bf472f14848d1849dc5188fa7b098f397ea41683b

SHA512
327001801e8f0cdc0d7f7c534ffc8ee11999477d8799ea4a32c8d791281b3d35958976fdaf4f27fb120a4ed74372e62541f2ef92f5bd1f6a17e719ea85d7429b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
f8f15e93f4b70f2d07a83754cf74435c

SHA1
8679cf8968c4e11d83183b721c0227210286cdd5

SHA256
de27d7d5f22d671af6bfe0765d7d3ce27ae859344e5c100493969d78fc82a686

SHA512
d9df8591621ddd0bacbd7482dedf369e69f6f67f293560bb486f44a5561ce8b4bd3a5c9076d65e5e95b5d61d2d961bd2247e6d593f6dfb1d70ca5e364b235272

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
669311110ee9e585d6899fe7ef8f01ee

SHA1
4bb73d7f190352fb944d61df92ed60a69d5ecd2d

SHA256
ee2957a340acd658af674449760d8dd24a7b9a9f47c49f301948f851108d893f

SHA512
a287c7f49604e92b36ea9d7f4861352ec85e7f2910aacc5917761c6fa2c78724fcc200c0711d82983290b43c1d08dd7b0b55cb990e6e829062da54338a8cc9d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\SiteSecurityServiceState.txt

Filesize
697B

MD5
443b744b6f2e6d3f8895cb312c5657ab

SHA1
667bfcd30d9aba1d72619e72c8e7c4aaf0c01726

SHA256
a86000ea93dceeb6ab5dcababf5fcc19fea003ed643a310d6105df4670766a2f

SHA512
9108cbbd999be50b130a12875d861ea29c813956e205dd1d85e25ace2e1013e1167c043801cd7916a6e3308dddfcea14651db628fe508b7dfbb81ccf177ac434

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\bookmarkbackups\bookmarks-2023-11-24_11_StGYf3G9O5f8jTNdS2eb1w==.jsonlz4

Filesize
948B

MD5
dab402984d62c27249ff9f83846baba6

SHA1
46df6c1474a125369aaaa5f2534f3965f277f80a

SHA256
6c9af1eb6acef7ef1ab5744a59072c83948e8136d2feb75853e0006bdecd0c49

SHA512
4d08990d6af287963cdd231a87f4b4cf4cd33a4d434e42ee53c8720bce840cf7bed87ade7598499f9341c721955bd9081408eb9a64f150c4f09f20310fd10107

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\broadcast-listeners.json

Filesize
216B

MD5
a9a52a1180271708f018f965ca2c79b4

SHA1
e16e62e81478caaa316ddd4fafd6be9eb6d21186

SHA256
acfb3f84150a73542fea3afff0f5565be4b329146ce256ca0ed207667e0b0598

SHA512
64e58ed5fa037af3fd9efef63a14c598de4c3394748d90001d044ba67604afe6e078a33c703b79fd92f92fcc4c500a63c735e1d0a2d3843b58f1d85123aaef10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
6KB

MD5
c84f9660ed28cc34cfc536d283ccd8dd

SHA1
abcd77e25a745f803a51915aa37fdc9f47f2fae0

SHA256
f656af483550029461819498c380364b7ec7b1777b68fd6527c3a6d4e9a44602

SHA512
9f133a9742aaeb87f64da3b512d3b9068bf7621de0e9bf97f24ec6db32558271be6b75ed92132e26ef67c90628ac26e13c56f57a31b387ca630782b515ec2922

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
9KB

MD5
82b787afd39c38fe2a10f9f11365ed27

SHA1
5bbfd240e15926bd329b70337ab182cdd384bb92

SHA256
3638357d39fe3b3bc5316617a533aa3e122f497b0e58eb383f368dcf65087489

SHA512
fd8da383689e17cdcc6c62c0c894875f90ccab352e1d1326be121c74b79bcb4e7d5e5dbc1fd00b69417247dc8357916d63084a5c4c13baf927b04d2db7055a2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
10KB

MD5
cba0ec8733810922743bebdaf7ad36ad

SHA1
17571a7b08af4687fdbdea4818d818d933577088

SHA256
3c66c6c6cffa5e0a466b24e4c68f75b3fd35899ec862c735e93d1ec56f925527

SHA512
1c174123af830356dd1dde7e20ed4e82c829b20abb72607fcf8cd287a0dca768ad6411700c7be86525de328a2c5407883d29ab9783ad8e5206cd7e37792bb139

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
7KB

MD5
6a8ccd86298004b06ce8ef2b549b9823

SHA1
92db1cbb28ed5a8617900150c704556cf2155be2

SHA256
c943f072a4cddbbe2f40ef1acd61f66392523135533e1f7ed6bfd7cf795f0936

SHA512
e019a4dd79d965b465abf97f75f483165858e189f44dfa79de498962c435977318ba99493dab756f4e8c0cae5507f18c551e19c4f425a1351ecbc0a8da12e891

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e84ebd14a9a4b90039d9f40e1c749b52

SHA1
68cb213aad9e0ff9a441fe566a561d8a03d28abf

SHA256
475429ea51be1506a604901df86bee13ab86ca4659a41cd9f626cf83bc3e49bf

SHA512
9076660fcbc71115fb6a2328b7e3ca215d6aa689b626ac398a930713310c25bc88155529c3b1cd219ff85f8b04daeed40c1cf5b88942ef570cc37b77df4590a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
09b7253292a49bf7a82fcf163893725c

SHA1
23ba716997ae85203869f7ecd790eba68587af5f

SHA256
1a813b09b29442a528c005183c8030bf3980236752745c96a076a034193372cf

SHA512
3e61fe603b554330b5b3eb1a894fe8ebb192ec5028e1a1df5b3ee37f5e10f401c94dc5afdf7ad0ca0acbc77371e285b39558c543618218f940e366f00b5f09b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
c35ed47713a9f444f556c46d88d9e435

SHA1
c583965e2bad490d67cdfe8131ff6339195da517

SHA256
b7554c5635e2660d3218f05baa0a67fad679c2dbadfd7ec994efa7905761ae59

SHA512
07d51fc889e04a9f1f34136919a724f30607faf101a3bf41e74be3208655efeb88a1c9767c9d6921f04ef38d124ab3398e00ab3c4c304ad8a27eba5ffd0e4ccb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
beb5866f46d0f322e20e95a2dc86ec4f

SHA1
a0f4993084210e95d47d0df750f5ce45170b2ed0

SHA256
5d75008976967afbdb73787ec07e4ca7a1af3fadc7bae9450209afc003c0dd55

SHA512
9b85349eb082f90fb9f4c7f5cd94bf60fd6dfd25e48392c44b1f7ee8ebe64e8123521f3d546fe5de65823b148d9775b83735c839f7b0311c4382b29986105bb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6b78ab63774cff64922054d20a1888c6

SHA1
8352538b84adfdc0484414fd72dff9ce045b2aa3

SHA256
ba011f2010fabb739c1988bc047e8d055a12a54b30afc982a81b25c65eec4e67

SHA512
eaf49117985b7ef30d6beaa6dd0129b501f0ff84b66e714636a056e4b90a72f519b54e7819c6f4548412a3d787a4f799cf835f102403c891e7eed7801ba6e67f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
ac4dbbdd2f499cfd087c3ff19df12f97

SHA1
b162326b77af75aef136edf878979e544deba285

SHA256
3aa8300ed10acd3a684969c04d969596678dd1f53131fdece32e107568b3450f

SHA512
b9485860bcc6e77ffcceee9e7b21702da9a86a7bc9ba118c85fe8107404b5621f034d5027f613c97af834470c215b2c7a859f8935ed11ea08160b32c7dac9bfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
fa5cf6edd477db52da288e76a5b40f7a

SHA1
aed13b5e8c8c84b41e49f9e11295cd40e2cc774d

SHA256
5b96d17846d2b8d6bc3ff3cebbc16e7b74e54887d355689e7296c26bb61e0825

SHA512
4b745069001ddde982e513ae47a1ce624e9d3f0e02c9ffcb2ce6f8bf173ba2d8409da82b24e3273ca4599ae73c50ce05ec63220a8f0b098db050acd98755f69f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
eaf6cf58f10da07161858536af96b7f7

SHA1
baecc8a42eea51280e572bda72afecb0368b67d4

SHA256
d3e63cac3ecee7394e473e7d1fc2f5da48e96794eaf91c2484c7ff8a001f9795

SHA512
5f6ec51d8dff9232718f33e71b914eff3495abce5820df29f5f8398d8e0a8bfaaeaf986727030fa85cfc4ee0f4e5fa39d9cf158880c4b695529175ea655ded4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
ccaa0859a3151dabcaae33a7b3cc27e3

SHA1
58ccb7acdf6ac66fb2be789995a4a4a70b20a523

SHA256
94fcc35aa554c9e16dc646933125ca72520b60919a58d6a05011842ac79420a7

SHA512
1c39197a6928eacb85980dc7c28b6454ef47db7d5c016ce86165a4d224f8cf7538bebc9d97b44425d0da285474200d100bcff487a870134d7b26a4c1dcfc8965

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
aae1e9f3095beb20bc2c8c5c92ee1305

SHA1
98c6ed334aa4e5ec60224a6adb82af6f6d6acd36

SHA256
06c9ce11248da56f46fe287a3629b9a1d66f3c3d427e1f9a461a374cfa6772d2

SHA512
17ca19968a7141a912dd78d3f79b80d2cc777de37e0f12d52ae2b5a95813a80818fd3549680aa0ded4163aefdafd2ae750d433e4be3ba6bd2feaa142e444e6bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
39310c57d886d33c434455beda72ef4f

SHA1
d4215cd54dddb7d148bd46f08bd51ad25a362a70

SHA256
35c2d1b19d816ccfb79ea99021c9b0ff96b59cb97a3fa209534ce1d2a9c72efb

SHA512
a4521ce033f68547ac761fe404bac3e74d8ae351f3c161ad283db8f9bdef9a2e94f5fa04a2e5d3ede275a454579a148dd2e1f9a3b47f3c9e78af89d331ac45d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\storage\default\https+++www.virustotal.com\cache\morgue\115\{d95853ad-a8be-4e83-93a1-679c208a2973}.final

Filesize
44KB

MD5
9732e9bd5abfcd679b33a7d5596d4ed2

SHA1
743c9a3b0f26fc7c9ecb678fae8c3abf5e9a1691

SHA256
b9f061fbd9324041af2bf2d1bb11511bc1a4647bd6d367f1ef79b20a5a32fb87

SHA512
26712a652d7e848caada74e91b9c738f4d974205ae5d29070bf463c5a77a72717a3d04a5a479d3a3710e92eef675c5b9ee11d8b288e52bc919f6be109eba9011

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\targeting.snapshot.json

Filesize
4KB

MD5
d5c0f4a089364ca1c59f3781e329ea1a

SHA1
89756d38ff90ac8a2789824a86da0a89501cdf77

SHA256
e48932924f0ea26b03ee0d29d56bd5d37b4647385c2aaff1249908740449c0a4

SHA512
49b4c99ca0727b8d3a8e26c84e2fc01b8f550b403c4e427ef5026a1032772713781556210526f0cdbec603a7ecb3acbe23f0a8629eade550db5b4df64f6c6ba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\xulstore.json

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\Mono.Cecil.dll

Filesize
350KB

MD5
de69bb29d6a9dfb615a90df3580d63b1

SHA1
74446b4dcc146ce61e5216bf7efac186adf7849b

SHA256
f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

SHA512
6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\MonoMod.Backports.dll

Filesize
138KB

MD5
dd43356f07fc0ce082db4e2f102747a2

SHA1
aa0782732e2d60fa668b0aadbf3447ef70b6a619

SHA256
e375b83a3e242212a2ed9478e1f0b8383c1bf1fdfab5a1cf766df740b631afd6

SHA512
284d64b99931ed1f2e839a7b19ee8389eefaf6c72bac556468a01f3eb17000252613c01dbae88923e9a02f3c84bcab02296659648fad727123f63d0ac38d258e

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\MonoMod.Core.dll

Filesize
216KB

MD5
b808181453b17f3fc1ab153bf11be197

SHA1
bce86080b7eb76783940d1ff277e2b46f231efe9

SHA256
da00cdfab411f8f535f17258981ec51d1af9b0bfcee3a360cbd0cb6f692dbcdd

SHA512
a2d941c6e69972f99707ade5c5325eb50b0ec4c5abf6a189eb11a46606fed8076be44c839d83cf310b67e66471e0ea3f6597857a8e2c7e2a7ad6de60c314f7d3

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\MonoMod.ILHelpers.dll

Filesize
6KB

MD5
6512e89e0cb92514ef24be43f0bf4500

SHA1
a039c51f89656d9d5c584f063b2b675a9ff44b8e

SHA256
1411e4858412ded195f0e65544a4ec8e8249118b76375050a35c076940826cd0

SHA512
9ffb2ff050cce82dbfbbb0e85ab5f976fcd81086b3d8695502c5221c23d14080f0e494a33e0092b4feb2eda12e2130a2f02df3125733c2f5ec31356e92dea00b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\MonoMod.Utils.dll

Filesize
319KB

MD5
79f1c4c312fdbb9258c2cdde3772271f

SHA1
a143434883e4ef2c0190407602b030f5c4fdf96f

SHA256
f22a4fa1e8b1b70286ecf07effb15d2184454fa88325ce4c0f31ffadb4bef50a

SHA512
b28ed3c063ae3a15cd52e625a860bbb65f6cd38ccad458657a163cd927c74ebf498fb12f1e578e869bcea00c6cd3f47ede10866e34a48c133c5ac26b902ae5d9

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\RVGLib.dll

Filesize
241KB

MD5
d34c13128c6c7c93af2000a45196df81

SHA1
664c821c9d2ed234aea31d8b4f17d987e4b386f1

SHA256
aaf9fb0158bd40ab562a4212c2a795cb40ef6864042dc12f3a2415f2446ba1c7

SHA512
91f4e0e795f359b03595b01cbf29188a2a0b52ab9d64eadd8fb8b3508e417b8c7a70be439940975bf5bdf26493ea161aa45025beb83bc95076ed269e82d39689

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe

Filesize
12.2MB

MD5
8b7b015c1ea809f5c6ade7269bdc5610

SHA1
c67d5d83ca18731d17f79529cfdb3d3dcad36b96

SHA256
7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e

SHA512
e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe

Filesize
109KB

MD5
e6a20535b636d6402164a8e2d871ef6d

SHA1
981cb1fd9361ca58f8985104e00132d1836a8736

SHA256
b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2

SHA512
35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe

Filesize
109KB

MD5
e6a20535b636d6402164a8e2d871ef6d

SHA1
981cb1fd9361ca58f8985104e00132d1836a8736

SHA256
b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2

SHA512
35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

Download Submit
C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe.config

Filesize
187B

MD5
15c8c4ba1aa574c0c00fd45bb9cce1ab

SHA1
0dad65a3d4e9080fa29c42aa485c6102d2fa8bc8

SHA256
f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15

SHA512
52baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4

Download Submit
C:\Users\Admin\Downloads\XWorm_V5.2.7z

Filesize
28.8MB

MD5
fc228e3a8d39fd3c3a0a1957a5b4394c

SHA1
c29f1273a05704b364fdd35503ac45b643631ca4

SHA256
e5a806f33cb86793817005e8ee547493a7a2f992263ee45089094520cf887b7a

SHA512
90252ce5f0cdff6d25a29aadca9cc5090fefc3dcfb34516b1a981ce938ab31e67f089a86240f0edde6a9e7c5c0de62f728a35e22e00015e57d8a688e875d5670

Download Submit
C:\Users\Admin\Downloads\XWorm_V5.AlD6zOyA.2.7z.part

Filesize
28.8MB

MD5
fc228e3a8d39fd3c3a0a1957a5b4394c

SHA1
c29f1273a05704b364fdd35503ac45b643631ca4

SHA256
e5a806f33cb86793817005e8ee547493a7a2f992263ee45089094520cf887b7a

SHA512
90252ce5f0cdff6d25a29aadca9cc5090fefc3dcfb34516b1a981ce938ab31e67f089a86240f0edde6a9e7c5c0de62f728a35e22e00015e57d8a688e875d5670

Download Submit
memory/388-191-0x0000000000FB0000-0x0000000000FB1000-memory.dmp

Filesize
4KB

Download
memory/388-181-0x0000000000FD0000-0x00000000027A0000-memory.dmp

Filesize
23.8MB

Download
memory/388-363-0x0000000000FD0000-0x00000000027A0000-memory.dmp

Filesize
23.8MB

Download
memory/852-486-0x0000000005F20000-0x0000000005F21000-memory.dmp

Filesize
4KB

Download
memory/852-475-0x0000000005E70000-0x0000000005E71000-memory.dmp

Filesize
4KB

Download
memory/852-493-0x0000000008730000-0x0000000008731000-memory.dmp

Filesize
4KB

Download
memory/852-469-0x0000000005E00000-0x0000000005E01000-memory.dmp

Filesize
4KB

Download
memory/852-485-0x0000000005F10000-0x0000000005F11000-memory.dmp

Filesize
4KB

Download
memory/852-483-0x0000000005EF0000-0x0000000005EF1000-memory.dmp

Filesize
4KB

Download
memory/852-501-0x0000000000FD0000-0x00000000027A0000-memory.dmp

Filesize
23.8MB

Download
memory/852-484-0x0000000005F00000-0x0000000005F01000-memory.dmp

Filesize
4KB

Download
memory/852-470-0x0000000005E10000-0x0000000005E11000-memory.dmp

Filesize
4KB

Download
memory/852-473-0x0000000005E50000-0x0000000005E51000-memory.dmp

Filesize
4KB

Download
memory/852-472-0x0000000005E40000-0x0000000005E41000-memory.dmp

Filesize
4KB

Download
memory/852-474-0x0000000005E60000-0x0000000005E61000-memory.dmp

Filesize
4KB

Download
memory/852-465-0x0000000005C30000-0x0000000005C31000-memory.dmp

Filesize
4KB

Download
memory/852-471-0x0000000005E30000-0x0000000005E31000-memory.dmp

Filesize
4KB

Download
memory/852-468-0x0000000005DF0000-0x0000000005DF1000-memory.dmp

Filesize
4KB

Download
memory/852-466-0x0000000005DC0000-0x0000000005DC1000-memory.dmp

Filesize
4KB

Download
memory/852-482-0x0000000005EE0000-0x0000000005EE1000-memory.dmp

Filesize
4KB

Download
memory/852-467-0x0000000005DD0000-0x0000000005DD1000-memory.dmp

Filesize
4KB

Download
memory/852-481-0x0000000005ED0000-0x0000000005ED1000-memory.dmp

Filesize
4KB

Download
memory/852-480-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/852-463-0x0000000005BF0000-0x0000000005BF1000-memory.dmp

Filesize
4KB

Download
memory/852-464-0x0000000005C10000-0x0000000005C11000-memory.dmp

Filesize
4KB

Download
memory/852-479-0x0000000005EB0000-0x0000000005EB1000-memory.dmp

Filesize
4KB

Download
memory/852-456-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

Filesize
4KB

Download
memory/852-478-0x0000000005EA0000-0x0000000005EA1000-memory.dmp

Filesize
4KB

Download
memory/852-477-0x0000000005E90000-0x0000000005E91000-memory.dmp

Filesize
4KB

Download
memory/852-476-0x0000000005E80000-0x0000000005E81000-memory.dmp

Filesize
4KB

Download
memory/852-452-0x0000000000FD0000-0x00000000027A0000-memory.dmp

Filesize
23.8MB

Download
memory/1396-178-0x0000000000FD0000-0x00000000027A0000-memory.dmp

Filesize
23.8MB

Download
memory/1396-364-0x0000000000FD0000-0x00000000027A0000-memory.dmp

Filesize
23.8MB

Download
memory/1396-192-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download
memory/2772-176-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/2772-160-0x0000000000FD0000-0x00000000027A0000-memory.dmp

Filesize
23.8MB

Download
memory/2772-259-0x00000000072C0000-0x00000000072C1000-memory.dmp

Filesize
4KB

Download
memory/2772-348-0x00000000072D0000-0x00000000072D1000-memory.dmp

Filesize
4KB

Download
memory/2772-362-0x0000000000FD0000-0x00000000027A0000-memory.dmp

Filesize
23.8MB

Download
memory/2772-242-0x0000000008010000-0x0000000008011000-memory.dmp

Filesize
4KB

Download
memory/2772-159-0x0000000000FD0000-0x00000000027A0000-memory.dmp

Filesize
23.8MB

Download
memory/2772-177-0x0000000005A40000-0x0000000005A41000-memory.dmp

Filesize
4KB

Download
memory/2772-163-0x0000000000E00000-0x0000000000E01000-memory.dmp

Filesize
4KB

Download
memory/6840-1328-0x00000245FBFB0000-0x00000245FBFEC000-memory.dmp

Filesize
240KB

Download
memory/6840-1320-0x00007FFE1F1D0000-0x00007FFE1FC91000-memory.dmp

Filesize
10.8MB

Download
memory/6840-1343-0x00007FFE1EA89000-0x00007FFE1EA8A000-memory.dmp

Filesize
4KB

Download
memory/6840-1330-0x00000245E3660000-0x00000245E367A000-memory.dmp

Filesize
104KB

Download
memory/6840-1332-0x00000245FCC80000-0x00000245FD8B8000-memory.dmp

Filesize
12.2MB

Download
memory/6840-1333-0x00007FFE1E177000-0x00007FFE1E178000-memory.dmp

Filesize
4KB

Download
memory/6840-1326-0x00000245E34B0000-0x00000245E34B6000-memory.dmp

Filesize
24KB

Download
memory/6840-1325-0x00000245FC030000-0x00000245FC040000-memory.dmp

Filesize
64KB

Download
memory/6840-1383-0x00007FFE1FF6D000-0x00007FFE1FF6E000-memory.dmp

Filesize
4KB

Download
memory/6840-1381-0x00000245FC030000-0x00000245FC040000-memory.dmp

Filesize
64KB

Download
memory/6840-1362-0x00000245FC030000-0x00000245FC040000-memory.dmp

Filesize
64KB

Download
memory/6840-1353-0x00007FFE1FF74000-0x00007FFE1FF75000-memory.dmp

Filesize
4KB

Download
memory/6840-1324-0x00000245E1CA0000-0x00000245E1CA6000-memory.dmp

Filesize
24KB

Download
memory/6840-1314-0x00000245E3610000-0x00000245E3638000-memory.dmp

Filesize
160KB

Download
memory/6840-1302-0x0000000000730000-0x0000000000750000-memory.dmp

Filesize
128KB

Download
memory/6840-1352-0x00007FFE1F1D0000-0x00007FFE1FC91000-memory.dmp

Filesize
10.8MB

Download
memory/6840-1321-0x00000245FBF50000-0x00000245FBFA6000-memory.dmp

Filesize
344KB

Download
memory/6840-1351-0x00000245FC030000-0x00000245FC040000-memory.dmp

Filesize
64KB

Download
memory/6840-1350-0x00000245FC030000-0x00000245FC040000-memory.dmp

Filesize
64KB

Download
memory/6840-1349-0x00007FFE1FF5D000-0x00007FFE1FF5E000-memory.dmp

Filesize
4KB

Download
memory/6840-1318-0x00000245FBEF0000-0x00000245FBF4E000-memory.dmp

Filesize
376KB

Download
memory/6840-1304-0x00000245E3460000-0x00000245E34A2000-memory.dmp

Filesize
264KB

Download
memory/6840-1346-0x00000245FC9B0000-0x00000245FCBA4000-memory.dmp

Filesize
2.0MB

Download
memory/6840-1344-0x00000245FE0C0000-0x00000245FECAC000-memory.dmp

Filesize
11.9MB

Download
memory/6840-1342-0x00007FFE1EA88000-0x00007FFE1EA89000-memory.dmp

Filesize
4KB

Download
memory/6840-1316-0x00000245E34D0000-0x00000245E34D6000-memory.dmp

Filesize
24KB

Download