Malware Analysis Report

2024-08-06 11:58

Sample ID 240204-zh9sjsacg4
Target http://zx
Tags
toxiceye rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://zx was found to be: Known bad.

Malicious Activity Summary

toxiceye rat trojan

ToxicEye

Executes dropped EXE

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Creates scheduled task(s)

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies registry class

Enumerates processes with tasklist

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Delays execution with timeout.exe

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Scheduled Task/Job
T1053
Persistence
TA0003
Scheduled Task/Job
T1053
Privilege Escalation
TA0004
Scheduled Task/Job
T1053
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Process Discovery
T1057
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-02-04 20:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-04 20:44

Reported

2024-02-04 21:17

Platform

win10v2004-20231215-en

Max time kernel

266s

Max time network

304s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zx

Signatures

ToxicEye

rat trojan toxiceye

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Static\wsappx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Static\Update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe N/A
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe N/A
N/A N/A C:\Users\Static\Update.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A
N/A N/A C:\Windows\System32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133515532736786968" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Static\Update.exe N/A
N/A N/A C:\Users\Static\Update.exe N/A
N/A N/A C:\Users\Static\Update.exe N/A
N/A N/A C:\Users\Static\Update.exe N/A
N/A N/A C:\Users\Static\Update.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Static\wsappx.exe N/A
N/A N/A C:\Users\Static\Update.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3004 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3004 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zx

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82ae46f8,0x7ffc82ae4708,0x7ffc82ae4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc730b9758,0x7ffc730b9768,0x7ffc730b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4900 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3668 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5844 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5980 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5836 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3292 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5232 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2336 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5256 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6240 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6592 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6676 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5512 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5728 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5072 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2400 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-Rat-Remote-Administration-Tool--main.zip\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-Rat-Remote-Administration-Tool--main.zip\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe"

C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe

"C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp8F03.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp8F03.tmp.bat

C:\Windows\system32\tasklist.exe

Tasklist /fi "PID eq 2296"

C:\Windows\system32\find.exe

find ":"

C:\Windows\system32\timeout.exe

Timeout /T 1 /Nobreak

C:\Windows\system32\tasklist.exe

Tasklist /fi "PID eq 2296"

C:\Windows\system32\find.exe

find ":"

C:\Windows\system32\timeout.exe

Timeout /T 1 /Nobreak

C:\Users\Static\wsappx.exe

"wsappx.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-RAT-main.zip\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-RAT-main.zip\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe"

C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe

"C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe"

C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe

"C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe"

C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe

"C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe"

C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe

"C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp874D.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp874D.tmp.bat

C:\Windows\system32\tasklist.exe

Tasklist /fi "PID eq 2580"

C:\Windows\system32\find.exe

find ":"

C:\Windows\system32\timeout.exe

Timeout /T 1 /Nobreak

C:\Users\Static\Update.exe

"Update.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.212.206:443 apis.google.com tcp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.178.14:443 consent.google.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 216.58.212.206:443 apis.google.com udp
US 8.8.8.8:53 www.trellix.com udp
GB 104.91.71.214:443 www.trellix.com tcp
GB 104.91.71.214:443 www.trellix.com tcp
US 8.8.8.8:53 214.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 627-oog-590.mktoweb.com udp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 platform-api.sharethis.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 104.16.94.80:443 627-oog-590.mktoweb.com tcp
GB 23.37.1.19:443 assets.adobedtm.com tcp
GB 173.222.12.168:443 s.go-mpulse.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
DE 54.230.206.84:443 platform-api.sharethis.com tcp
US 8.8.8.8:53 80.94.16.104.in-addr.arpa udp
US 8.8.8.8:53 19.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 168.12.222.173.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 8.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 84.206.230.54.in-addr.arpa udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.16.169.193:443 dpm.demdex.net tcp
US 8.8.8.8:53 193.169.16.52.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 l.sharethis.com udp
IE 54.77.1.49:443 l.sharethis.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 49.1.77.54.in-addr.arpa udp
US 8.8.8.8:53 musarubra.demdex.net udp
IE 54.247.186.102:443 musarubra.demdex.net tcp
US 8.8.8.8:53 smetrics.trellix.com udp
FR 63.140.62.222:443 smetrics.trellix.com tcp
FR 63.140.62.222:443 smetrics.trellix.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 23.39.224.128:443 c.go-mpulse.net tcp
US 8.8.8.8:53 102.186.247.54.in-addr.arpa udp
US 8.8.8.8:53 222.62.140.63.in-addr.arpa udp
US 8.8.8.8:53 128.224.39.23.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 5350.xg4ken.com udp
IE 52.48.181.163:443 5350.xg4ken.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 163.181.48.52.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 js.driftt.com udp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 js.adsrvr.org udp
US 8.8.8.8:53 buttons-config.sharethis.com udp
US 8.8.8.8:53 cm.everesttech.net udp
GB 199.232.56.157:443 static.ads-twitter.com tcp
DE 18.155.153.32:443 buttons-config.sharethis.com tcp
GB 23.208.248.253:443 munchkin.marketo.net tcp
DE 52.222.177.228:443 js.adsrvr.org tcp
IE 52.212.233.39:443 cm.everesttech.net tcp
DE 18.155.145.87:443 js.driftt.com tcp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 253.248.208.23.in-addr.arpa udp
US 8.8.8.8:53 32.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 39.233.212.52.in-addr.arpa udp
US 8.8.8.8:53 228.177.222.52.in-addr.arpa udp
US 8.8.8.8:53 87.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 trellix.tt.omtrdc.net udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
IE 66.235.152.225:443 trellix.tt.omtrdc.net tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.69:443 t.co tcp
US 104.244.42.69:443 t.co tcp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 8.8.8.8:53 snap.licdn.com udp
GB 96.17.178.194:443 snap.licdn.com tcp
US 104.16.137.15:443 ws.zoominfo.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 627-oog-590.mktoresp.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 67.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 15.137.16.104.in-addr.arpa udp
US 8.8.8.8:53 34.31.224.52.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 192.28.144.124:443 627-oog-590.mktoresp.com tcp
US 192.28.144.124:443 627-oog-590.mktoresp.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 rc-widget-frame.js.driftt.com udp
US 8.8.8.8:53 c.clarity.ms udp
DE 18.155.145.12:443 rc-widget-frame.js.driftt.com tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 insight.adsrvr.org udp
US 8.8.8.8:53 lgkroo3ilnd5mzn77adq-f-45acbea55-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 conversation.api.drift.com udp
US 8.8.8.8:53 customer.api.drift.com udp
US 8.8.8.8:53 metrics.api.drift.com udp
US 8.8.8.8:53 targeting.api.drift.com udp
US 8.8.8.8:53 684dd32e.akstat.io udp
US 8.8.8.8:53 124.144.28.192.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 12.145.155.18.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 199.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
IE 52.48.181.163:443 5350.xg4ken.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.10:443 codeload.github.com tcp
US 8.8.8.8:53 10.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c23.gcp.gvt2.com udp
US 35.184.229.211:443 e2c23.gcp.gvt2.com tcp
US 8.8.8.8:53 211.229.184.35.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 142.250.200.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 e2c64.gcp.gvt2.com udp
US 34.162.18.59:443 e2c64.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 59.18.162.34.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 117.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 efc9c7501d0a6db520763baad1e05ce8
SHA1 60b5e190124b54ff7234bb2e36071d9c8db8545f
SHA256 7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512 bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

\??\pipe\LOCAL\crashpad_3004_HDVIZKLYSFMSFYMW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bab7ef1aa50157b5ed63bbf5124a1832
SHA1 5580fc358cc4aff25c4d5c1b83b80ff3bed4b225
SHA256 14b0fcb3ff1150b48e22e2640b868bfe8b183e8fc705d4a2f6e0545e4802d629
SHA512 6713ecd5ac5f2c52f421bc9381f9b80fb2aae10ebc018596fd26b4d7da0642d272355e1258bdd9d0f279794e40b0599413b8b10c8b7aa3c4f727f7c67a5e4881

C:\Users\Admin\Desktop\BlockUnpublish.mpg

MD5 d25183a24f1713bedf04010b0fc2bd38
SHA1 8630628268de2d22a4d78d128682103430eccb13
SHA256 7ddddd24e4da7557853386294b1f864ce46ab95680f3214604f935d668257749
SHA512 cad57fc0eafac5991d890fe23519af07eb713a20639bd3ce790b123a68f20d9f0ad16337639d1af96aa1e4b012907ca93d41e7d26a29696ed6e5deb4dc444de1

C:\Users\Admin\Desktop\CompareResize.ex_

MD5 b9a6207debfbe93703e1e2a6f98e3611
SHA1 0c6cfa445d4ff05ec4bb89814429c9010b0b775e
SHA256 b98542c3ceadd6b64bd250ce878a98b1db870821376d2d04192e5768a4d294c0
SHA512 6c762afccc9b2848c4511db2b956a0fbe1518dd8d45e2214ec9ed06116dd8f17a9618452260b761fc7b2f4bbb862487a3d7622a6f7dd24e81c14f4de7caf85e4

C:\Users\Admin\Desktop\CompareConvertTo.mpeg3

MD5 773b5d4c4796a9a780d8991bd0b26232
SHA1 29d3994d079e9858738e89d9d3398523144eaa99
SHA256 104382a32ce1e538c68b34ea8caa8df74ff7ba4a9cd3685873b6ea9288afe5c7
SHA512 c97c61df15de1ecbff25d118da437c214b66d023f3cc158c903b63746c5568a360574da2c0d57e4efc8030b790d83cf435a88b7f8fecba961aaaeac8a4fa1c01

C:\Users\Admin\Desktop\EnterRequest.wmx

MD5 a25fcd3ba1615a839601604047813e91
SHA1 76efd1e7d08492c8bdc2257255048c407e50f0f5
SHA256 c387f368abc601db0f3fcb3822f92586e178852be6319dd12d039cb23144a364
SHA512 0ff99fc000f793f3c4e9b0348cc66bf36d88f292b45036545d109b836f94c7a42a26102548b60ee0c921429736ad514349e8be5989783c2026ecdad4572bd977

C:\Users\Admin\Desktop\DebugCompress.mp4

MD5 22dfb10e6ecd4b7fd3b75e3c16488936
SHA1 8a1005d3ab6991260c3e2b48c42cdcacbc28b15e
SHA256 c905feecdb37a49828d277c2b161421d1b82e13e08c695b5a065984661846f59
SHA512 526b2de0666c6cb6d4c87a3c4194035a889bd8d3e33745ae52dfeec2e5cee8f0c1b41ccb228ac7ac88fffeb18e0bff5e274ec58aea38a000b1a8d1514f0e7861

C:\Users\Admin\Desktop\GrantPing.mpv2

MD5 0141865a1bc2c1ffe919335f9a13d4b1
SHA1 54c548bdb7ab413d5113a7c98671dbb72bb28cf4
SHA256 dd00c36f69471b80a8d98695556d22f76a00c96ff4c1cc0377004b0de874905a
SHA512 8daea9c09f7232d5dced03614c084fec7b58907a558580aa27c5ae06f2601296ca4ea0d18b468bcc84a0be486589adfc6391874c1df5784a0c90e59fb3f1e95b

C:\Users\Admin\Desktop\ExpandExit.au

MD5 a27a0c076a36fbf6b00f3b808478a067
SHA1 af173f6db428afa5a4b8e62c23f06194b01a6ace
SHA256 9d3e413188fcbb6bde7ad9c3686625469556ed34246c5e089ce6ce9d366bd1ad
SHA512 537ce5b4e1ce418d842876cc78034c30381edb9f9470a0f9ac545ecb87fc2c25d4e999b050978a03d049927b0b8c5c3eb2b2b50fb8a79d8ec13cfc40a9b3ccd3

C:\Users\Admin\Desktop\NewResize.ocx

MD5 e2927a274082161da8a6bbcc90f3c5e1
SHA1 4e9a4f15968eb7cd7931125af0f5928f0c1bc1d2
SHA256 d2b6d50a0e29a92b06e9931f86848fcc6ae809f2db6ed4b813fc157ce03bd9be
SHA512 724c6a9b5e69644843506c7b905c68015d26931dabb6a2b5f6662386b9af90d8f68ee7f8b67cb4e5b998f9c4be18448c3ad67ae4ded2951b5e9c22731c0039e7

C:\Users\Admin\Desktop\PushFormat.xla

MD5 114f808e9efe6f7a0fbe8ba87e35b950
SHA1 06072611ffd0446e19eacac4c67e5a1fce50640f
SHA256 dc2c5703a2457b59e27b7aa084d33bdb553f004eb11e7421e17294c162b0452d
SHA512 605c76f52e7cd22627fb4667f813689d1184b2cfb909ffedfd93250db2fea6ee8157bfb6f976504229ea0ba2b23457075496e950677a4e84949c7ffe096a92c2

C:\Users\Admin\Desktop\WaitRedo.ods

MD5 51d740dadb0edfb6c0c71f86f64ee2de
SHA1 43047a97ab0cb04a2ba5944c7446bc775550bc14
SHA256 c87d1c26eabbcb64aa8204bca6f782ea0d6b2a8fcedbf2b6f534b7101fa9d9f8
SHA512 90e17b3e1e3810756fad08fe8523da4052c124c4bef3fab6f25a0191a906ab1b72471e4a7f883ce6dea8b34701559b1f4fd5518b0bb4c7d6436d81fb8c3fce7c

C:\Users\Admin\Desktop\SkipUnlock.potm

MD5 73a92d2c28223957687366fe64708c07
SHA1 0cccc61706d67ec7d40f3f359ecd1c4218f675d2
SHA256 83ff0d1ab0ed090e1814e4dce9fb2648f7a1553284649dc844f9e78b869fdc49
SHA512 445c35c5bcea2b1669e5e42034915aac8db247926a403bf6d43a4d3fd03f3736ee5043883dbb3fd08ce6b898e3e0dc116838b18eaf0aab4ea63827605fed6cb2

C:\Users\Admin\Desktop\UnlockInstall.vbs

MD5 2bccb6940c6f03511e6cfccb0adc6b30
SHA1 82e7c296f57495f73ece2399aee364a61253a0ab
SHA256 e20aad1f4147472f1d652aca8c0950901023a851ec2b41b6e5a77058b470f9c1
SHA512 2561845dfe67eb066e8b412fda8795580e928d53ffd0cf0508ce2befd948ae50527f36d9e583b4782c953d32b2e8d47ae584c8fc141cff48b63a7d8d5589c946

C:\Users\Admin\Desktop\SaveRequest.hta

MD5 af3b438725909dd8c86bbd0263b02ddf
SHA1 926994b657aec478a0288c5089587ffde9d5ee0d
SHA256 e0a6974fa732985315fc247299e4c937e2b95c0c17108b4ef47b5bff3fb6b533
SHA512 adac3c80b1732dbe0e1ea51c8345199b947f626e0240bcbe40c990012763656c2615e2bea2d8783126b69b98767ab00f2854cbed69193c9ff070303f06d507ce

C:\Users\Admin\Desktop\ResumeBackup.ps1xml

MD5 b0bc6c8d72d0f923d0728585abebe3ef
SHA1 b74e684e5772eae65bd9f3eb217a064dc66647f2
SHA256 b6937f0b1d828e97ecc228061b0a1655236d9776c4e142e3a67f341f25700116
SHA512 64fd05bcd7011f8b175704c59a1e00544de450468efa2ab759d8b09dfb01d7ff31de3a5318476c80bc1e662a60cbf65f69552257ec5ae3b009f4d4a38d91008c

C:\Users\Admin\Desktop\RemoveGet.eprtx

MD5 5bd88fc6c44b821ef10a6c7cdb940726
SHA1 c20b33b000366dc07a3298fc8864bf3e037de3a7
SHA256 0ef2bc7d68c0b3635c7b907f4c9a1a5c33db5a42f869261e4388643c7e1d2b14
SHA512 5ade0b7d70fe27de3784b2b82d5005158df9d586ad7f9ad26eba62854febd566f988e08d9df241870f9c39b849a18a05dbb96a9e7634e25e2396f2e8c1ded59e

C:\Users\Admin\Desktop\ConvertFromDisable.mpeg

MD5 c9bb3d777241153c971d4552ba2740a4
SHA1 4275bac97f9fb25b8c33b603e2acb14f82556f09
SHA256 e034c6037809165ebe356721432b88cd9215ee7129bbe9e70c1d6b8899a3496b
SHA512 5ab2e395cd494015d25c574e025cf20d28ef2429eda17c5d6bd2d4c3d4e811ec7d93efb27e14071b1ff2e4919f7f3c8281311e46d4f2b93e91b3013e20b8559a

C:\Users\Admin\Desktop\SyncPop.mpeg3

MD5 4b03acefac18015418035e1b4924aca6
SHA1 38fe2843ce75abc04d10825573af24c841efdedb
SHA256 adb49490ebc8e7f900cdf0c7086ed7caaf1e6792e89c01e9c0d21078c9f02e6d
SHA512 e3537604145296f87d60b7dd75b74d11b1ddbb8f4d7e5c0d3d2662c3dfe6cf89f891a35a28e062d60a79957a032323daebc58bad1882e871cecf08209620cefb

C:\Users\Admin\Desktop\ConvertFromSet.wvx

MD5 4aa8a0502afa5fc8918d1e91c1e42dd3
SHA1 2dc8af0d93e1d6fd08cd92260e2d1ed83481729f
SHA256 387fdeb5db1a2d761181b88c8bc47bdd3fc3f3e5779aecaacab210dd06404ca3
SHA512 e8defd2d74bb880f0b48b8a2e23f11789436c8f20fda7cdb6b7064fd4dd082866b9fedec278d875c1778b9354089840298abd91bff4d77c56151ba56a4395aa3

C:\Users\Admin\Desktop\OptimizeSubmit.3gp

MD5 ebc659bf1ff258bc1796078dec75010e
SHA1 96a2fd5307aa3b0749964fd6ea4468b44675e667
SHA256 a2c17daa192c3da500a9d2779d8ceefac5737305e917ff8bc5a95090bfd575aa
SHA512 b2d26bec89802bcfc70ad82a63a212ec7e07394d38a319e63a53978b9b102c6d1f0030aafcc871e6bfd7440f613f5d974f891be98cb9961696d299cc4bf16e99

C:\Users\Admin\Desktop\SplitSubmit.M2TS

MD5 cd50fe59ef2f7d5c96a740a6a0fb6f62
SHA1 847315ee765fb1ab63d9c2cea7231792bda2ad99
SHA256 1c9d0e2135a98876ebec68ad165478cf4e94348530d9d0565df45227a91ade76
SHA512 e1fe4910d3d169fe88a8a7aafbd416052daf82939046501b1e70eaaf4f9e27b1177cf27383e9f8cd50e78702166f11dd815d1739286bf8fb93857f1de7df9a0a

C:\Users\Admin\Desktop\ShowSuspend.ppsx

MD5 59455d2fe98a7cb232924a81cf1b0208
SHA1 dad2ee68198a023b640c4dbd8b2d1d23d13da303
SHA256 c4779525013e26dd9863e01fe21168661cab24737bd24a826130b277375afe65
SHA512 d73db1394b057da3152e76832a897186613c43b6206f23f83da454b8398b4d55fd4a0bb9a23819d3530b3b2c0f95b1d5e4bca2be975d19aaa58a5d479a522032

C:\Users\Admin\Desktop\PushGet.jfif

MD5 afb3ae82882bd3c576b10e4b0ba39eaa
SHA1 4300956623dc4f15a16360449e4f82c2f87bc4ef
SHA256 6c10a2fa41a6ca68ff7cbc9538f3c69fb9b6f44099f591c987c41f7ab61f047c
SHA512 aef73e515ed9e4479a85084f67c85b47fe1b05a7d1c179dd89c837bc09aace49e6e86afa5dffe871d7d8433ca6af67ac82321105f1ac372655ba23fc62ba8878

C:\Users\Admin\Desktop\ProtectUnblock.otf

MD5 40db5c5b89cb53ffa244e3f65aeed353
SHA1 41b49acdb0b1edf970ade58fad6f94542e06ce89
SHA256 f292ee8bc3a2874751891c81d77d04629d4cce483af4f7bfff2a7888373ddf7f
SHA512 9b9e0e8340ebd0564827ab13377be4b793135b37de6733e81c11b71ead02b056aaff0280e1f35d7e30afa447fbe7cae993c53f4366e1889a45720c17237f6506

C:\Users\Admin\Desktop\OpenResolve.ex_

MD5 71bebee7df5ffd494bbd1ebca7b3b449
SHA1 0ee26020bb6ca75ff193f09a2cb56ca46200f907
SHA256 0c2e30828117b904182b6399e32fe74c4c6c81b6f7b0ae24cc1d868b240b950d
SHA512 aaf7bd4ec11a448dd3f10a9cdc2acee30b50fcc7bbe4b2b40417259605e8edf660bd1d93d66624d4d5316c2e4050b6f189e86eae6eed26f5d14af60d36ac85c7

C:\Users\Admin\Desktop\MeasurePop.potx

MD5 3b118b5ae5c880856c2956b69263b402
SHA1 14ce9450fc2ac0fab32ed65cb888f6c272a8b298
SHA256 74db558a52a17862de5680f028baae76ba9d0a817a81577d616f91b22cf06602
SHA512 c734db5b6b6e539ca9a477d7be23c29d0d9bc09a10f9e0dafd470c8cd583096f72a7025d1f4b8a96c908266484e8dc7007d220f870c157bb38b03fff989502b4

C:\Users\Admin\Desktop\JoinCompare.zip

MD5 86bf4a3dba28325915373323a6c430a0
SHA1 f2d574924a3b61a6472254231770ed9510f539ff
SHA256 db6a4e62e450a188cd2dc155cc1e26dad92591f043470604166ab2af58b1423c
SHA512 aab9b0cf03776b31d7f9a84ad268340542ca758a1a2f0dabde01581740ce02de52849f3a6d9fcb9b9576d5d98a476bfdd2f9129610e7396838da23e04b821d95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7fb8276fba4ee64d7d1c1290938da39e
SHA1 2dcc9fdb686fb407b994a4ab7a6e254afdb9a56d
SHA256 35f824a3970e812f9bc03e68c12753efc031e123d75b5d92a9d5bc7a2cd6e647
SHA512 031c176cf10384d16eecc87e9d5c79b4298f31390bd3587691082aadb53ba3ce4b8ef6c508e9f5696a2798f46b807b9ac99506415e5007061a2420364ca601e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e029efe70912cf57d40d04c01776d41d
SHA1 94eba5604a8e4523d23565ac3ebcdcda4005e4eb
SHA256 57cd696aea3594a27f18b3636da302823ca687c6a326ff9ed2b578a23a96ac37
SHA512 3c380b2c1530a103030562135f9b71eb36a15c49ea96082f64f717e7045ea578ecbec2d1f53cd569d720f7e37a3c091f9bc6ff3dfecde6775658c1c51a03f01b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4377706384c06ef6c55e414ee5b6a505
SHA1 58790e34c7d5fa6c594ba40c539627c926d6aa93
SHA256 01854d1b51902159eff72ca548f48dcdb286ef9b31bceb458913b15fa7f2f952
SHA512 b7a57fc6897764336cfd814e9743786867e9a142055cc2cc78c9d9b5c8ca7423912a2be180e563c92dc739d0399b90ee96c06e62634a908fce5a3fc56830dbbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 26d55536f576f2b1e3cddd5b6fec75c1
SHA1 cdf9b027a8c2b28b97794e92c046ddc10d079b72
SHA256 a64e2c72f09cff0e7b8c2eba32923d67f0f9a2d7513c5569ccf48ed7379f73a6
SHA512 0441c1848d0bbb7eff82552e388c0c654269b705c7fcc052fc775dd9dca8df46e5f6d2b229027c3a653e3a6b10366ad40d10f088ddb32773cb90760e26c4b033

C:\Users\Public\Desktop\VLC media player.lnk

MD5 6215122b18d50f648e6a2dbf85eaba84
SHA1 879e3174fa9b449b8d2a5bff891722a8d717a692
SHA256 3f5eef4f36cb76c88811279c2d2af5f5a818fcd4d16d784bf393cc26290e8be6
SHA512 30fcf59259f85982ec8e3f2e170aab23c1e0024838b2dc97cec2863ce28180b3c9333cf9600540821916662c89078273e704e9ff31bda87e46771ee290eb437a

C:\Users\Public\Desktop\Firefox.lnk

MD5 36dceec7f886ff0317ce89eb52d85ac2
SHA1 bcc03df73b5d565242db3c321f2cdbd527a32eb0
SHA256 550584634181162d8f9ea770b827a46c7ae08178b99034a8310050e29554cc30
SHA512 cd3eca63c89e9bd720ef1ec7563bd4b02870e0171636b6d2a1cb1f5496098095f7857295797bede179ca595581c68b47666cadc2b81e97bef43a10d260435468

C:\Users\Admin\Desktop\Microsoft Edge.lnk

MD5 2f65c27f586945402bcdce6f7ba6f2b7
SHA1 c6ee7e05cb89a7620de4fcd971a4c1d956bdcc66
SHA256 ebdc4f02a3e6061bb4893d48b10a9d094a4d84103fa4a3ac8e11647998b4e1ea
SHA512 ebf110d71da45c228afb3bbd63912e01b130e21319ebc625f48e42af9eda55bf5029f778d7f21750014cd644ea7926085be59b5627b6dbc32d17268c5ee2a02d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ed5cdbe97595aedfc6d7727fc76d62cd
SHA1 9094eadd7564e3fd580db3a7b8b9c5cb03f329eb
SHA256 5d81beca771b3d170647c9e978272d5da1f18c6198a0d160123724a10ea23891
SHA512 20b2f1ee69d26ef19652bdc12945b9423d3d2c089fde1727e6d1bdaf8ccc419944ae40344cb6ccddf109d714d6e1047f7541cb40d59dae5ad443ee3082a43b67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1a8eacb6c4254d2d654157591a9104e
SHA1 254a7f954e3894aa38235cc7660059966c8a6946
SHA256 4f1e81505b2cd0119a30b373e561033a27effed821e3fc67a90a035ec4fe366b
SHA512 890875a66fcf3a0ce6b29b586d4e36f370340681fee1f622fd7bf134ec8855db64a4d089e8ac513dd2b8292a42c186bd9938bf691c20386faaf5e49ffe338ec3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d703dc1ec7bab67757fef32e217a7151
SHA1 06816be5fc0417511997471ec45a0a5fe04c30eb
SHA256 99d32f8988e398d48652024d59cf84ede029d4aaf24f15e7c9c3de546716e1b9
SHA512 591478bed59379444106dde90cc98ffda0d2501690833189c5eeecba692ea30c75128ff5d6665f91aa41cceaa9dd6bc8f095358dfbb8c87e4335ba3a14f91ac1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b414acd82ffc845a66129df44ad5448f
SHA1 237417cb57095631368aa622eb4b034164f1733e
SHA256 7548fa443cff664149251d56934f50b887042727e63815d89196efaadbd5f2a1
SHA512 24b4f13b9b6fb1f36cf6db2c90fce01b20235090fe0c3fe4b432714ed4fd67de67650e4f5fe0f54ca573ffaca1936fde05a3ade13cbfad7aa687a75293652283

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 1128652e9d55dcfc30d11ce65dbfc490
SHA1 c3dc05f00453708162853a9e6083a1362cc0fc26
SHA256 b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e
SHA512 75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a1a6bd345155b2128be013f4510de0e0
SHA1 cc8513673e1534f2cca5df63a1d47c8cfeb08198
SHA256 5d419212bf3040d0902bd192f47e08414a3eb9ab62c288c15dbaab48f9226414
SHA512 3a07b9be22249ab520a44e8fa093930b06b14409af95e9b0981f53142db1b3ff304da549636cb67a4d25f4ece4c6f56d5ad8525db55127d06f9ba3c4a49d45ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a259f2b02769850bc7a1f3411992442a
SHA1 17f0645fe37b478e455f39bbbf0a2f618d0762f1
SHA256 733a3f5bc84407cd5a7d82c4e1fb6ab1f79b13c2b9f7e2f4052b2495923c55ae
SHA512 0487b3ca30980d70a442d73c9d42e059ef7eaee596a8c813bd5bfa7cbe25debb66e3fe94df3a811cdd6c469a68f6d9663abef117cb8ccfa5891f16d39170c07c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2e4f8d57f9168efe754e5d7633e9e915
SHA1 610adca18162d2f60a475ee21d62d8c4ca75b922
SHA256 8cacdd4dfa85708ff3a3164438c9fc2e985ef12598e819ba7c10c59d3435be25
SHA512 818641b34e3b7268f29fe2563c4186b17f930468aa8e00a238cb40a9c67355ede7c6352429058fd41f1eefe07e7be9f15a2f8c6c3c4da7f48e72c4e5c8c145ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007c

MD5 7fe2c36271aa8065b034ce9efdbd2a07
SHA1 e22ee654cb122d0d62393dd8d6753d2bcad148a3
SHA256 02cf672988303d8fbdbc7625f54596ece6d83c78152ca6e1aa332fc8c75d5c34
SHA512 45d53a09ced29138e2f99e0e8a293322050f8032e006df06315ac9af2f1ab64d1c767ea5db53289bb5881a4866061299e5a60cd83753fe6ba88e8de7562706ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cfe405d258b9e1ef5e734556f10444f0
SHA1 debe6faba4046240d9951430d34a42073351a274
SHA256 5210654a44d9c4be666684d1828cfe2d1d9831ee65808656c488d06548883f93
SHA512 3857d4766164fda7407fcf09536c6337d02c64fa4cdf07f93c4720cdace335303663a01bd9dec74f9de2ec1e06de1d4bdb6a4bfa25cbaa5051cc1335dd5cd611

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 210e611d718b0ce78a49e86c1e1471ca
SHA1 455999dbe27e0d759ea192dae2a7e7c39afdc73c
SHA256 8ee813d288001bb8641cfaff9f717830c6411866824a4ea90fcb8f851c405054
SHA512 f6360a73ed4cf5987004230ef6757140c0b7f6b0739c1ecc95d7c1b653188f68b98c1accd7ab3ea7a7557a672559646efec6f24ceca5d16a6ea49e689fd9dba8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a0d30d4e239840242c89efb2036decf
SHA1 547c6d1fcb6e5917699db39f995f7b25bd79e922
SHA256 a96c391742cb9daff55cc4e850589596226e51582d8823abf292e17db2afa4da
SHA512 445380dd96fb8b8027fb1038358b581b23fd1b0af7cf04403120ddefe63511785eac4e540baa2ad8aff5d0d65014a2e466796a049b5ee3b4053636d0b7336b45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d

MD5 8b36b954e5a8947dedbc720664fbccb7
SHA1 0310a60a8bbd7ac385b6e94aec8dee9aa05a6d24
SHA256 069b3e224154172e3c385b5ebbdde887253d596776b74b9fb2a326b875fb718e
SHA512 c2827251585fbb5e24bc38ef58822e8892d952c6e2a90743453502254550384cfcc9789858d66706c86f51c483fc28c23c796ba6285747689940460402b30f29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 037876c0d45ec2cc6e5815582bcbcaf6
SHA1 217443a1d8b5494c24176c0a60b95176a4b14fcf
SHA256 f6957b06fd6fca1dc4af84a89085ff93f61f31969302d18477b74236694feaa9
SHA512 6fb1fd87379c126be3fb157fd68310aade7dcf0718704564a4325ad5f759b95bd593297305582019dc684e5c9e58b245d504cd1da1b37f687af8b83d445e7677

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

MD5 4b4947c20d0989be322a003596b94bdc
SHA1 f24db7a83eb52ecbd99c35c2af513e85a5a06dda
SHA256 96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180
SHA512 2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

MD5 cfe2d91fd166569359b397da57d9e288
SHA1 b301bbb35e5316bd02997c76ffff2175e19fa196
SHA256 7cada24520ab8dddf58e3b2ce548eddd8dd8cd8bd34345a752207139a7b0ae3d
SHA512 99e5ddb84c466c30f85c729152b64dbb5b89fb0f0f0eea8907bf7b2ae45301eef0732a383ac1c7e51dd8e4147431b69bd5c35c9aed0e99837c0e62359220ef4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

MD5 26620edcc076cc2fd62492c433a5beb8
SHA1 22a6dc4ee6d78c8a7f25563f090aff42ea044922
SHA256 aab2b198d6c92759e5be4647aed2d3f7e0d581c1e5d5ff58ea99b887f8ee5860
SHA512 1b5a3c8bbc6caf6d12b312a8b693310e4f4416eec4e079a076b966f3036b3a3856f33f46479f91c5605b5248070615321a91fbc70fe20b190da271c1a0347c3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1647bd6c8859f20d0ba180e210fac0c3
SHA1 677c0356d60c445d7aaad19d2bed230467b78ee1
SHA256 585a6cf7d10aba30dc50d439c6d455f52089afa38a34fbe3c4322d66584360b0
SHA512 a6c80b4fdabf2aab02d4b1fc5b3ee54dd9ec0840903dee2d6c73f70b5680406c169096c0d3a2dcabaef9f815d11f6e1a5c18bbcfff189279fa71209bb781ad9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b9648f961660bc9e5e5434a164abc45
SHA1 9db569cb8403be10e1897e33c8f736af74fc6943
SHA256 25fa4ef545884cdcbe8c34de84ac7e005140bc61821efe3521b6ee3f690dadc8
SHA512 524094a16b7151d7090b63de4b5131ee8f41d380ccea58506331440ba2dfc4fab2f800cb2e5674e15d99d23031b597420fba86184a8d10f2209ee0012bc8a451

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 56cd5fe8e2d9003796553ef2571aed03
SHA1 7cd70a232ff3ca6ba662608f300097ad961120e9
SHA256 4b8191c861df6e038a78af3823e03a7807bfa539b5adf2ff757ef5ebbf898a97
SHA512 f7299370a775f12b893df33ce1bac95b921e9a4e36392d18dcbfec8f54478296134d511a23434988a4f19bcb536b0ddd2de1c41ff41f9ba8cb188d7a2aa5c601

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

MD5 5c848f21375fca8bdd155347516b2d79
SHA1 f7cbbcbfe3deb43160b60a6a381724d1ad3cce00
SHA256 02f4d8333d1f16ef029c4aa3de40e24972100cfdab823db61a2439378da4804d
SHA512 4c6e175c5a24c12a15337bcb702db15a87aac19f2d3f2cc96be855a756c00b904651ad1472aabf6c669f56c6afa8dada3762febe2c82baaf46782e62b0f042a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

MD5 7afadf030c3e2dbbd7954a5870ae481b
SHA1 5a8ee92d07ac3cefd06d89d9c2344abc6a76aa76
SHA256 134e987229911d033c7f7b3d8b123f0c48195d94d69cf64337b7d5d254cfc6eb
SHA512 d0798786986e7f2121113e7a8dd3e4248c1ef223f0e22f2776aeb3a7b375780815c4a63b9ee698f52eea0ad59b72ba92918c4ce49e7feef3f226b8b0c7a2deee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

MD5 74a677f2b142f1b6b4f8cde1c6d49b5e
SHA1 ddd50d3de3b0c849de66d87dc6cafe5cf9fcd7b5
SHA256 c8bd28fb081b3eb04ac62eec7224063aef869281e78d2070b961b2fad2238cd6
SHA512 09715d3767d497ba71aa58f8f6d24e9c47e659f007fc597ed042449d03b15f98450ade90b8ffaa680504f37428823842dc4cd4fc8a1b1ec5a9e5f82e1a289997

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

MD5 5d04a5aed02ac5a2f8a4269a6c2570b5
SHA1 727f0be60a1bd0abfe72a018e5741204006d5f03
SHA256 7d8edeba0329989214034e43d9b5c089bb187c2082dd29a811cc766ad998c258
SHA512 88bcd58efd108cacc3818994606e9fd58f0fdf59e4a0beec4be6081f49d0c236c08168ae9a8b975e7a8955068d4fa2765d68506e5a042bf2a962393aedcf1961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

MD5 ba629950f8ae7f5641c3ab59e68d306a
SHA1 9478d9a6178a603dfb60085366b6091a3e17be86
SHA256 f0d1ed0ede365c19e8283ac1e27caaffa1fa316bb6035ec9a3df76c1b8e6a9bc
SHA512 6922523a24918252000ef64fd8ac1373e704b23d928a7d7c79a21ab1118a0f2847d02765578b9d4f5ff85cb5ae8bf9d80f84142a6b127a164a699cd888132eb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000094

MD5 0e411c015dd4f8619ad94213d4a28cac
SHA1 f9e5ce6a933b93085c274cd849e465fb219121b6
SHA256 16baa47b36f047fdd01dba4a2be21c4199ea111c92720d01b847de399acaed26
SHA512 cfc1576c17cc8af4e7cb69d787fe9b92c1ffcee5104bbd6d6800c09bdf46d3db14b8af96e24975c1d58ec10010a524ce049ed276cb736de30d1efce3b03574d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f47b1a345af6050e6c51844020aea9b8
SHA1 9f9bc035e92ace1d40d9978c603c2206e864d40d
SHA256 d411d7c3dbc28651f4147d4acf95922a50180f6f59b64e65cf1fa69d2bef1a85
SHA512 1f5791e56ea9e266bf9d274139b5163f6f678357a81be3918b33c9a0104cb3f9920170985b9d1a8ebc86a6372b3297309ab2c33075fb130d8d4a7ccb658eaa6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c110f430f210fc18810234120be62b58
SHA1 a25c71952fff20d944a976513801ced31f4ad4c9
SHA256 03dd34c68800f589913381e4c9e04a60e079b14e884603cc3db2208b7a862bfa
SHA512 35d07ac2be57eaea4dc4f1f72ffd574f5f8bf12d880a41f87cf516eabe460d1752028b350f8b1a4d796abf61e3e5521e04ee5d194839b87e0fdc915bd4b8311a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 60e9b2cffde11cb4dc57b6f2f5c637e1
SHA1 0a37fc4e2e5b35d3ac902219eb808efbc9861b01
SHA256 947506e1beeaf1616629ccbd1a93a45ec72d28c59f0069486a173a6bf831b9ee
SHA512 58d862cf0dd2207fd17e26161d65e0516a9d96451efc7e408dfc4e6a34fb7e54e4e9f97e8376ad115b8ad7a27b25c06aabce8d1b2adef22bc0c7361cb5ff5105

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 99fa6ceff3dcb15a1025f246b96bfd10
SHA1 4015cb8ac2cb0e26576de01a09962c4a7c2090c8
SHA256 3e88b7096c9b8782a858c3aac3842415d400236acc7b9896368bcf002979d164
SHA512 64889ae85108cd240830cf0a0acffe3c62ae39b9c2891ede0cc1e4c0d83a6ff25aa051bd6630e1bc73d001745d2ea1ebefd50a9da0a9acf7901b5e37ab5961dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da749764400f765cb51e0fb0bab4d24f
SHA1 eb16ebb89149bc12170281ed33963758c8ddd3b1
SHA256 2fab25e1d5814683c1cfd6ca7036dbba5003fdeb377cff5cb7b11fbf4dbd4a99
SHA512 d0a3d5c5bc64913cb2ce0b6846a6fcb9851fc78df30aafa2ac188c373eebcd02c90036ff038110e99f1bda10e6edaec2fe82874282a7a59aa01d53c7866559c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 72c6bd935a9e4978fbb386b8e07bfcb6
SHA1 9a8ffb0e26b0dcd8fc3d25fd85c27cfa8f004b5e
SHA256 e5c4b22d39e7d513df7600fd83f6478fe9c4e66db05ef513d88fa44569835d86
SHA512 4705949f3677e8975aa9b7ba59b7cbabd88156837e2ce2121524699486c02e80c1568e73f5b084318fc5bead0bd1ef46eadcfa550bbf01b9d8ba310bb3bc6449

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe592be8.TMP

MD5 335b8624babddbae2af58d2480a801bd
SHA1 aaed67b7df570b7da543a45e28cb46ad17498e92
SHA256 4300a40863fb40468461ec6a329ecdbaa80e3c033ef962ca1e1567088a956b81
SHA512 9da377691e5816abd4ec8e7a9c3348c606871dcbe2173eeabb48ef7184bfcecd9627ff8034f93689ce0db188cf46c930ff103be314c6fce98f5ecc117632517a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a89b7b48f81bf03591b5e30746678d72
SHA1 d3288539342936c865136ba1d3eec78f55db010c
SHA256 e91b5fed771a72293d8c561539cdccb9e77150fa29fb0e58b6e78fbdbc58d21f
SHA512 2e8b2c911cabd5e83e04bb2534410daeb78c7f06e142495a56f19a012a8ba6b1a0b294891975ee27c26df2600c2ed617344f842c2058a70f8e081a80d00ccc46

C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool--main.zip.crdownload

MD5 ed997c518b1affa39a5db6d5e1e38874
SHA1 d0355de864604e0ba04d4d79753ee926b197f9cf
SHA256 8a7d20fb5bc7ef8b02ab6e11ef78ebc0a31ba5376bd97d40fe5d1da521324556
SHA512 50699cdd035c48e431102c703d7855dc85caa6feb7a7b34bdb23c7ccc298dbcc3ab261690c3dfb078451d3e299a0b037351edcbf54e79b6edaaacbf30ec68cb7

C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main.zip.crdownload

MD5 c29e5cac95dd0b675f226b0fcfb7fb2c
SHA1 174a1dc6aa9131f31e1be7e79422ca13d2720fb8
SHA256 96f92d251a44edad3994c0bc22bd063124fbdf0c18eae81f2a35119542546f0c
SHA512 65de4c8399601a62b67bc1c85ed202519f9131964049c00d7928402ce69074ab58f787066725c026e470fd1f02ad2066c0b8b62df655cd2c07ce49b3a3bbc877

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f58cddc194ddf550482bf09782e9877d
SHA1 f735d160ac262a2f1c4b3720132cd6c81979d9ba
SHA256 9c3918cbdea1b1186b3f15631460838181107da2a958f750a61343db351889ef
SHA512 9cf96f47aeef2d294c07ffbbab4aa0ea6637c08fc50409fedc5ef5d632f17ca9d23a71b74bfb60336aae353df2de5d23aee8641492814d7eedee937e2402f5e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4cdc297cf5e6e47ba4e05f7524fb0f65
SHA1 d97bcc082254d08c26415d4d0ad875c160af4f26
SHA256 dd1c8575c9b4259535314ea722cfbd17a5121b442da7f2c3da6aabeb4ba54971
SHA512 8f84f3a067b9ef392570f0f3ef582f326723012b822c208e6bfaae89cc7e0232a1cf61c4b6326c3b26d0fdb5700a89a0896f13350544fae6aae464b43355f6c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d7dfe9b12cfb371b561d41544a1c8bd
SHA1 7bf00396bc2a1ca72b93ae191e5f56b97dd469dd
SHA256 78dbf8099e5f034d1fc103367989907f83871b51039500a4ca1d5b68121a6111
SHA512 33ad6d590c4ca84551cbb363183e53935bb63122b5a71bbec223c92508d9d5d118172d5a06f5cd7be5830544997a0f33b436692573ceafff734a03fd24d8f51e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9dd0ae3b7df58cba30ad8ade428aa8e1
SHA1 de7e4b316d118573010ba1a8cd96e287bf2c2f0a
SHA256 b1c63f181e965d9a941b3125a24e666a63cb7323bd7cf4b3b8e727f83786b66f
SHA512 f99d597ae9dae27b72712841ed1390e9c2663746ab1a12421f3fe3409510bdc3cef73151c5be724858ae3d486381c4fc59e871fd278b49fc2a30056fb5038013

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a3b7d73d633cfa02ea71463de74635a5
SHA1 efd523e0f7635fe315e725dbf4c4f1696e201a50
SHA256 f9b3608980693058158b9ad63fb6bcd51e129a6e17dd336fbfa0b9c2da3ec15e
SHA512 45657106bf0abc3e8d52e16ad07f70c43951c4506d877f63069aafcb2d60452306f7c3b07c2578477e5a310b0ea81548f0babcea9cf75db77cb29a70ef364687

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6e1c641f0b95151a59f47480458ede4a
SHA1 4f16cbdc8c76f6e9c0942d1a4e5e1aace00c0a7f
SHA256 bc00bc5d6d94e908bfe97faa27b6190751657c649347deb2a1f8d023f7324a76
SHA512 631de8cb6192e5c968a929a3f713af327249712ed062fd413e0da62493b16a7b50e04a3b9cf1fb7a32e87604c455dbf833a9219816d3d060988432fdbc584ee2

memory/5712-1574-0x0000022C737D0000-0x0000022C73B0E000-memory.dmp

memory/5712-1575-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/5712-1576-0x0000022C75990000-0x0000022C759A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe

MD5 835d21dc5baa96f1ce1bf6b66d92d637
SHA1 e0fb2a01a9859f0d2c983b3850c76f8512817e2d
SHA256 e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319
SHA512 747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87

memory/5712-1586-0x0000022C75930000-0x0000022C75950000-memory.dmp

memory/2296-1587-0x0000019AEB740000-0x0000019AEB80C000-memory.dmp

memory/2296-1588-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/2296-1589-0x0000019AED5A0000-0x0000019AED5B0000-memory.dmp

memory/2296-1593-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/5712-1594-0x0000022C759C0000-0x0000022C759CA000-memory.dmp

memory/5712-1596-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/4384-1597-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/5712-1599-0x0000022C75990000-0x0000022C759A0000-memory.dmp

memory/4384-1598-0x00000163092E0000-0x00000163092F0000-memory.dmp

memory/5448-1600-0x000002114E260000-0x000002114E34E000-memory.dmp

memory/5448-1601-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/5448-1603-0x000002114E750000-0x000002114E760000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe

MD5 f6f686df785d0abdc66d1f90fa508c4b
SHA1 75f348132001df30cbad9c7cae2e2072fcaca38e
SHA256 61b52af14fc66126a4e7f09b3cff7d3c09e5ad35acf23fb9ba43293fac0c995f
SHA512 7daa425723caade3ec747fbe6e425e26bc419e1a7dccd6253770fe1a118a8b90e0f40f6cf4bdac259e68a0198a384ed1b5de7515958f5e17e4e35219b9077d77

memory/3088-1612-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/3088-1613-0x000001DD1B4A0000-0x000001DD1B4C6000-memory.dmp

memory/3088-1614-0x000001DD1D0F0000-0x000001DD1D100000-memory.dmp

memory/3088-1616-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/5448-1617-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/5712-1618-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/4384-1619-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/5532-1630-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/5532-1631-0x00000276F2F50000-0x00000276F2F60000-memory.dmp

memory/2580-1643-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/2580-1644-0x000002A9788C0000-0x000002A9788D0000-memory.dmp

C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe

MD5 a21db5b6e09c3ec82f048fd7f1c4bb3a
SHA1 e7ffb13176d60b79d0b3f60eaea641827f30df64
SHA256 67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5
SHA512 7caab4f21c33ef90c1104aa7256504ee40ff0a36525b15eb3d48940862346ccf90a16eef87c06d79b0ffd920beb103ed380eae45df8c9286768890b15ed1067c

memory/5532-1651-0x00000276DA5A0000-0x00000276DA5C0000-memory.dmp

memory/2580-1654-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/5532-1655-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/2592-1657-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

memory/2592-1658-0x0000022D78350000-0x0000022D78360000-memory.dmp

memory/4244-1659-0x00000000747C0000-0x0000000074F70000-memory.dmp

memory/4244-1660-0x0000000000850000-0x0000000000EE2000-memory.dmp

memory/4244-1661-0x0000000005780000-0x000000000581C000-memory.dmp