Malware Analysis Report

2024-11-30 19:05

Sample ID 240311-1fpv2afa6x
Target https://win11.blueedge.me/
Tags
agilenet spotify evasion persistence phishing spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://win11.blueedge.me/ was found to be: Known bad.

Malicious Activity Summary

agilenet spotify evasion persistence phishing spyware stealer trojan

UAC bypass

Modifies Installed Components in the registry

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Obfuscated with Agile.Net obfuscator

Uses the VBS compiler for execution

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Adds Run key to start application

Enumerates connected drives

Detected potential entity reuse from brand spotify.

Suspicious use of SetThreadContext

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

System policy modification

Uses Volume Shadow Copy WMI provider

Suspicious use of SendNotifyMessage

Checks processor information in registry

Enumerates processes with tasklist

Suspicious use of FindShellTrayWindow

Delays execution with timeout.exe

Modifies registry class

Kills process with taskkill

Modifies registry key

NTFS ADS

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-11 21:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-11 21:35

Reported

2024-03-11 21:55

Platform

win11-20240214-en

Max time kernel

1153s

Max time network

1155s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://win11.blueedge.me/

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1" C:\Users\Admin\Desktop\XWorm.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Uses the VBS compiler for execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\ChromeUpdater = "C:\\Users\\Admin\\AppData\\Roaming\\GoogleChromeUpdateLogger\\Updater.exe" C:\Windows\system32\reg.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1" C:\Users\Admin\Desktop\XWorm.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\Desktop\XWorm.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Detected potential entity reuse from brand spotify.

phishing spotify

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1476 set thread context of 1596 N/A C:\Users\Admin\Desktop\XHVNC-Client.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3560 set thread context of 2268 N/A C:\Users\Admin\Desktop\XHVNC-Client.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546665759204926" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "5" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000100000014000000494c200601000400280010001000ffffffff2110ffffffffffffffff424d36000000000000003600000028000000100000004000000001002000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000001000000040000001c0000000100000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000000000002000000ffffffff C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133524141059344388" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2567984660-2719943099-2683635618-1000\{02D77F9C-D5F7-4247-A118-42536E9EDA1E} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 C:\Windows\explorer.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe\:Zone.Identifier:$DATA C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
File opened for modification C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2176 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 3768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2176 wrote to memory of 4832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Desktop\XWorm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1" C:\Users\Admin\Desktop\XWorm.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://win11.blueedge.me/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffea64e9758,0x7ffea64e9768,0x7ffea64e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5088 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5400 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4400 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5560 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5104 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5864 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4516 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4824 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5964 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6124 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3812 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1192 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3524 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpB1F4.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpB1F4.tmp.bat

C:\Windows\system32\tasklist.exe

Tasklist /fi "PID eq 2448"

C:\Windows\system32\find.exe

find ":"

C:\Windows\system32\timeout.exe

Timeout /T 1 /Nobreak

C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe

"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe /f

C:\Windows\system32\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe /f

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe"

C:\Users\Admin\Desktop\XHVNC-Client.exe

"C:\Users\Admin\Desktop\XHVNC-Client.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" YHE42N 127.0.0.1 8000 QIJFDR

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Users\Admin\Desktop\XHVNC-Client.exe

"C:\Users\Admin\Desktop\XHVNC-Client.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" YHE42N 127.0.0.1 8000 QIJFDR

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c powershell.exe -exec bypass -File "C:\Users\Admin\AppData\Local\Temp\ResetScale.ps1"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -exec bypass -File "C:\Users\Admin\AppData\Local\Temp\ResetScale.ps1"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w1h2cmqz\w1h2cmqz.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC59C.tmp" "c:\Users\Admin\AppData\Local\Temp\w1h2cmqz\CSCBD29377745546EE98CBC47F63C9A525.TMP"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3156 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" " https://mail.google.com" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-sandbox --allow-no-sandbox-job --disable-accelerated-layers --disable-accelerated-plugins --disable-audio --disable-gpu --disable-d3d11 --disable-accelerated-2d-canvas --disable-deadline-scheduling --disable-ui-deadline-scheduling --aura-no-shadows --mute-audio

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffea64e9758,0x7ffea64e9768,0x7ffea64e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1668 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1908 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1960 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2720 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2728 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM brave.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM chrome.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM msedge.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM firefox.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM opera.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM opera.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea64f3cb8,0x7ffea64f3cc8,0x7ffea64f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gh30oad1\gh30oad1.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES502F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB2864CC4836140CB9E9838E489C0F15D.TMP"

C:\Users\Admin\Desktop\XWorm.exe

"C:\Users\Admin\Desktop\XWorm.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 win11.blueedge.me udp
US 185.199.108.153:443 win11.blueedge.me tcp
US 185.199.108.153:443 win11.blueedge.me tcp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 104.21.72.96:443 wintest.andrewstech.me tcp
US 104.21.72.96:443 wintest.andrewstech.me tcp
US 185.199.108.153:443 win11.blueedge.me tcp
US 104.21.72.96:443 wintest.andrewstech.me udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 bing.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 blueedge.me udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 open.spotify.com udp
US 8.8.8.8:53 bluelab.blueedge.me udp
US 8.8.8.8:53 othello.blueedge.me udp
US 8.8.8.8:53 upload.wikimedia.org udp
NL 142.250.179.196:443 www.google.com udp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 185.199.108.153:443 othello.blueedge.me tcp
NL 142.250.179.196:443 www.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 103.224.212.214:443 dev.saavn.me tcp
US 8.8.8.8:53 240.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 103.224.212.214:443 dev.saavn.me tcp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
NL 142.250.179.170:443 content-autofill.googleapis.com tcp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 13.107.21.200:443 bing.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
GB 104.77.160.207:443 open.spotify.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 104.77.160.207:443 open.spotify.com tcp
US 185.199.111.153:443 github.win11react.com tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 207.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 153.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
NL 185.15.59.224:443 en.wikipedia.org tcp
GB 92.123.128.152:443 www.bing.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
US 185.199.108.153:443 github.win11react.com tcp
US 185.199.110.153:443 github.win11react.com tcp
US 104.21.72.96:443 wintest.andrewstech.me udp
US 34.120.195.249:443 o575799.ingest.sentry.io tcp
N/A 224.0.0.251:5353 udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
NL 142.250.179.129:443 tpc.googlesyndication.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NL 172.217.23.206:443 google.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
NL 142.251.36.14:443 consent.google.com tcp
NL 216.58.214.14:443 apis.google.com tcp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 142.251.163.94:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 94.163.251.142.in-addr.arpa udp
DE 140.82.121.5:443 api.github.com tcp
US 142.251.163.94:443 beacons2.gvt2.com udp
NL 142.250.179.170:443 content-autofill.googleapis.com udp
NL 172.217.23.206:443 google.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.250.179.142:443 encrypted-vtbn0.gstatic.com tcp
NL 142.250.179.142:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 e2c15.gcp.gvt2.com udp
GB 34.105.225.79:443 e2c15.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com tcp
SA 34.166.9.70:443 e2c66.gcp.gvt2.com tcp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 142.251.163.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.9:443 codeload.github.com tcp
US 204.79.197.200:443 bing.com tcp
US 104.208.16.90:443 browser.pipe.aria.microsoft.com tcp
GB 2.23.92.203:443 www.bing.com tcp
GB 2.23.92.203:443 www.bing.com tcp
GB 2.23.92.203:443 www.bing.com tcp
GB 2.23.92.203:443 www.bing.com tcp
GB 2.23.92.203:443 www.bing.com tcp
GB 2.23.92.203:443 www.bing.com tcp
US 8.8.8.8:53 181.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
GB 2.20.37.224:443 cxcs.microsoft.net tcp
GB 2.23.92.203:443 www.bing.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 2.20.37.224:443 cxcs.microsoft.net tcp
GB 92.123.128.192:443 www.bing.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 192.178.49.163:443 beacons.gvt2.com udp
GB 2.20.37.224:443 cxcs.microsoft.net tcp
US 140.82.113.21:443 collector.github.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 204.79.197.200:443 bing.com tcp
US 4.150.240.254:443 arm-ring.msedge.net tcp
US 8.8.8.8:53 s-ring.msedge.net udp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 13.107.246.64:443 fp-afd.azureedge.net tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
FR 152.199.21.118:443 static-ecst.licdn.com tcp
US 8.8.8.8:53 254.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 254.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
GB 2.23.92.203:443 www.bing.com tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 mail.google.com udp
NL 142.250.179.197:443 mail.google.com tcp
NL 142.250.179.197:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 172.217.168.193:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 193.168.217.172.in-addr.arpa udp
NL 142.250.179.145:443 csp.withgoogle.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 127.0.0.1:7000 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
US 204.79.197.200:443 bing.com tcp
N/A 192.168.1.1:80 tcp
US 204.79.197.200:443 bing.com tcp
US 204.79.197.200:443 bing.com tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp
N/A 192.168.1.1:80 tcp

Files

\??\pipe\crashpad_2176_LUJUABBSNWLGBUFS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e9370372d9e144a719a710a826ff8bdc
SHA1 8474e900ad54aafe3668b43bd70a760c41a206d7
SHA256 af5fd1c5850460d7a45047109dedef163b70fe1ee2004ae6a648e92485df4e5b
SHA512 971987973a141a0b0c03ea02278df49540fdedbe9a5df495def0414068952cbfd93e300f41e2da262de9276030ce597393187433ed1f9b8ae3929f37f86b1a94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8a139eb194d8db89a56cb59ab2200434
SHA1 55cecb8dd2106fec0e0cc626e3e099a7944acba1
SHA256 86df4c05afadaf18f4f86c0824dbadae208d935f4f176ce38932dd7658b938f9
SHA512 10653514b2311aa36528fcbbc5e3f7dc34033041e1289af8d562795a1aaa3d23507a9060c416578fa1cff17f9eb189984faa1ccc9e919c172aff8dab8b2ba22c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e6bbfc5c1146edde0f5aa27753f9e6dc
SHA1 21554ffd41499dbbdc123964a5893abfd8474ef2
SHA256 d2363f0274ef89166857e34e4ee986047214d3954c2ace5588d3d9d395c770ca
SHA512 11008dfe391db8065f9e9f580099a843017d100bdd03a923cf2fcd5ecb6086a3d747146ca295a1f0fcc93002a5e29f716bdd4460dc85e01e14be605805ad5906

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 68b84661cc0a64bfddaa8e63283f6e74
SHA1 ba391fa4f4a97b477c276d98f16454095e022fea
SHA256 2b8bf3c0f8d96d5cad37d70b73a6a65605c05b27ea7a6bae2f97ec6a82d82d49
SHA512 7b78367fb6a297b83bd304acaaf7cf1c1602308a802c99812d301e72d8ce5f6efc4b4da3d0dc8aec798ed60fb5fdd84745db47613d75501ea268b504fd8912bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d08a7ecf29fb8987922f333f68f3592
SHA1 584b9ccc9a5431739856557ae61149ab3ba4da74
SHA256 104340f89a4b254589d4d8179c580009f26ca60e3926c9650933b3f25c97994c
SHA512 5c5a1b73f3b7a4cf2122538aa1773aa5ff286b25408c960992229422d2f28d06e496a7d07ac38e50be44d720538806384f20232c7cd322a8bbc0ccc775428092

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ac2e.TMP

MD5 786d29e219c5f190520672b6e5370788
SHA1 02d032ffc33d8a38779cce7543a7ed6ec5c17afb
SHA256 c49335b3f0c3d060f72be22b9ef5b47a825cc5a69a30669ab89a6c7f424a13f8
SHA512 ec5f0c435b5a954624ccd726a01f6f705243837e8650da591596db0a49f2475618e3bd4ca39cd25091c0e7ad29938366038962626be069726efb64c5e48881be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 7923d6f5276ce35981c3c3032cf208f2
SHA1 633af4ad7d449ac194c72ea43dec55bb7812b6ef
SHA256 35e820c32831ce374c91221205e89ceb921960b24ac4746d64116cf6a009532f
SHA512 91d06bd08015ec4f8676b4cdf341ae135db17463caea568f9d2b2f988eaf88ee326e79e8409572e11842bb600e1443992c385064bfbecde50372f61773e1d88c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\d1293963-a890-4e86-9f3b-9fc3189e1392\index-dir\the-real-index

MD5 a53bf73608ec0d5b5863cd0e99362fee
SHA1 4e29ae8476f7576749eaea0fdf729083e80bf35a
SHA256 32deef3b88abb562fb34ace74c5669af5ad37e1b81be69a17d5e50d91f38401d
SHA512 ed32cbd1162773ce28c915635b99d24c750b548fd03560d618b0dfafec1ed0b830475177060df9147b03c4a9fba8b023c4ad51486c48bda3ce1a1a3b2201acde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\d1293963-a890-4e86-9f3b-9fc3189e1392\index-dir\the-real-index~RFe57b4e8.TMP

MD5 727793c4f230b79b29bbcebeb4135a6a
SHA1 7071f8a8affac1df973ee0553a0885f24b883a73
SHA256 f4049e4bc1099404c90a5b2d79b6c47e066e80eff96361c884de299552ba52f9
SHA512 a3132e92a703d2568f392facccd789a6c47629d5c5e563a94f011335615386eff1e009efce98b255ce30b3a62197a94da52c61e3d85df3db4752b5557cd8cb86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\index.txt~RFe57b536.TMP

MD5 cc38ffe9dfe46037286634b022f9d600
SHA1 a9b9cd1168fb7dea05ae2decb8a1114639215e24
SHA256 5d93c56f8b8c82de5624b28fa5b979cd630f65c17f2d64436e2a0aaefe844610
SHA512 3dbdb981baa1ac5d6cb7049b8a9cf65282a8e9747e3a402a5f896d02b9dbdb046d1b622bc31e0f2643d7be74560ce8dad1aa966a6a69d3873a1cce04c42277bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\index.txt

MD5 fc9fd463f9aff5a9d4a9fed15bd8855c
SHA1 3bd25a9ebf61b6364a3ce3916a97e717a9fc1ce5
SHA256 a034f275299172227999282c694874c9e0b196ad92d60c0ce6ef15818abb4934
SHA512 de9c00f160dc1d18080208c51e9890d66a78d120f75bd428ec35618ac18259516cd627f8c9df78f78ed431c9663e5a653b8aee2cb6245dcae26927e0fb0013a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9220041a90c47f87a88d0b2088e1b2ec
SHA1 010a295cd0e79e0f985a1a7765b3d7d757d310d3
SHA256 6e7666a4e68bdf2177af045c75ef1af86f652e69ef9b40f5e4891ded79cbe92d
SHA512 3095ea13c1b1ec7aec48c4a77f6104cbe5c8426969f0d6aeb972712cfcda93dffa2f772eebf9754e2cf4d1b97c1fbe5f5a20a9a7e9e7415dfc96d0a49310e789

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 009f27de190d4c2f2b8f3942e58137ae
SHA1 a44f8661bb3c5e8cac432aba37394b5361956495
SHA256 76234570ba83511c9a2e99ea6423439fba3b4ab9ac2d87a60016b924b45406d9
SHA512 13d96ec2a62de5ecbeecaf81abfa7be4f243bf9af9d62191383f103a7e6ac31bf2a75976d5c32e6384eb9fa6406ba5aeba585a0eb282a1ec393042cd43439b87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 06d89b6e12b97bc606512e62f4d2078f
SHA1 30727cb9b31cbd3295ee18bd57d00aad612a72ec
SHA256 d1ff98a3691107401f7329bb8183d6562bdfee6d5f5333f9efd7024ebbcea61e
SHA512 1f7b0c73dd8e10cc180b75f7fc11d32e8826f1ae315cdafbc912cadb2370a8df30f69da1482d518985deeed02ecc1700c2e67dfd1d2a804e3fae510ad5922ee3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 eac6dfb4a419ec75fe767bca8504b298
SHA1 33c3ea31f0b8ba32603ac8b82a8d7f87f909d4bf
SHA256 2ceea6c26380c743e0c8bc4cb3352b6c1193f9661618f50b99220c05016fb982
SHA512 80753c556b94987bfdd0dbecdf5799b62789282e641e168b25d6ccfb60c357b51dbc226968c22883d5d8d1e94045ce3b611cdbb643222c52eca1c0085d67a3c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b863.TMP

MD5 f38487b52ae3f82d0a340f47255980fc
SHA1 f7a7c530e92c130406a55676bb9227e04dd1ed24
SHA256 7c7b4a9f807601ab2dc855703a6a173a432606db3b00fd1e03a886c710134c70
SHA512 46a8784b9e03207ae46ff040a654022eaa9296bdb890770a5c0eab643c37cd178ae9b12028482f7350244671b8ffb22611b8a41476325b38a6de477e24466e2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 f5b4137b040ec6bd884feee514f7c176
SHA1 7897677377a9ced759be35a66fdee34b391ab0ff
SHA256 845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512 813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 beec9f0eefce0a3e3f1d6cb1242497c9
SHA1 10ffbc710120952f9df9508f9b3ad43136d89ef1
SHA256 14d229cb215793749620298c31678bd6a6b14fda3592c9fbe0e2ec846c5ead24
SHA512 f9fe8d3d1b5267c093312694b5d51b1529bd5ca77f68c7881b1345b2079d5139e064f7495377a97da2e93b8af5d939f45f061c4134336f4840977e1f2c140be3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1fdaef9088ddc36a0165f3a6592139e2
SHA1 db7e3d02ba0af5daabf14b0ed05afb53995cc723
SHA256 332eaf0f1da82e8c902efff36d713ebe240a303f91ad7a670eabca07224f6c37
SHA512 73681654e63f9b2dcda66dd0dd4e5afe6536f68731c3314b4332b392d63ff3727a54f3e6eaadbf54a8e2ba7716157dd80dce1009ac4e34a4033bbdb61383c76f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\41f5e343-e2d8-4958-ad56-7f1ffe6d4bf4.tmp

MD5 5d20696d8965773dc28cf2c695360c1e
SHA1 f8b644ca7e1899890aa033c3cfff5265b939f270
SHA256 1956769a9b729af3d8632eabc10f34769ed7788db3b38c93ba456ccc8493b17c
SHA512 eb94ff133dd50a93489c841cf057e876e8b5a0aacda46c84d74d2a3e04a28794a3a96ece2df2033f07d9c8d5b866a17e21ae079217e88ce428dc533b150135f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d994844893f80646fc59d6b5eb7f738e
SHA1 6462314e29cee096f87ae9c8c82d47e14b75f846
SHA256 ccf6cc39572dad658f3fd7d79ec6dc873ce7e68ad4d868977d7dae1717c11d7b
SHA512 888d131d5eaae6e3aaa47cfa0be628963b4a89552ce89f7d074123073168ccb79e2153f0fd1ef9f6278991170316a3cb15c00e8fdbd8cd1f814fb261ade4a81a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 87e5f8cac72ed2a231e099cacde283f6
SHA1 ac96ba1aa2c2aa4b0f6819e7716896f0754c011e
SHA256 9295399587701e32ac215c36c0d2c1475e18e25f49fde0a198a57a891ea8c820
SHA512 8a0372d42bf4a9921ae687a471235bf94fca60e8c0d3dc3c4e63b502f18a1188a000fb60d42fe586329e0c814f5ba7fdbbe535db5fce1f7aaffd036df76f9a2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a9299fd05cbeeeb1d93788c3af289097
SHA1 e832b4012f5c5d59324cb969d6416bae29ecb3cf
SHA256 ef98fc621dbb1d9af77b52fee52cd20b6d59cf3fc8e0e9886837515622ab023c
SHA512 7ec60eaebbd956b0594c4a54f2dc243a1282d422dd875b9aa0a4d4afcdd73d49109a5d309294d3dc4dca193452666514f786af83b93a1345770282cb7175b66b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6c5187aebff85b11cbf5131521f4f7e9
SHA1 656f3cfd019700a39dfe93266be8235e265f4d5f
SHA256 4e2c4590a4e5875e159664ac123d1152acf92a334e4f398ef0fff321b43d4134
SHA512 0971dcf59f48b6a934326d7e529025a954c562e2964619fabc944eae6572f0d87a9c44709f96afe349244406f8dd06d36cc03e4201e68abb4d7da237c4fd2227

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f718525e911cc3f9fc9f47313164da2c
SHA1 ec01dd531b29c08133188c15ae47ecbed1ddb5cc
SHA256 ae6f97b775489858a9d57507322f6e77fb93b991be8ca8cc7fc16fc2aea27ff5
SHA512 9142987c7fe2aa485f99390b0942a5450e4b16c5819bfb045d83687b24cb787317d51de024ba971e13381450a6eacb2d35c8e536068942cf3b58ae5f35533af7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a0c95e39b4456361e13bb1ab95a229d
SHA1 d97eeea0557e18364cf07806f9d4984e4b98183f
SHA256 e43147ec4283bebf0f9b64e98bba710aab5e56549cba3b9809744d29a978c434
SHA512 2556ea8b52fb9de5c301c96d796e08002b2981a8d22a79822ebc2c2f1452b4a074daedb81e043642e24749feecad341b9b3b5b8fe794f0df6aca9ce81e0bbf43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0876486950f2aa151ecaaefbc792bb1c
SHA1 e11f507d168c0ee3b7176c2c6244f8192d4d785e
SHA256 862690516fa5ef70035125c776fd02aa0fe4a07ede01018f2643d037982f0736
SHA512 05d0e0daa633a473729ae73dcbeab3593c62f35dabf40d7ed562e13bbed87eb65db8ed38802292c925640ca24874bb9e7a5d2c9da611682de79ff8199471742e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4dc46038e6bb6fa459b7e66f0b3bf1f7
SHA1 d97030556f9c21e77aada4ff39104321a3203cdd
SHA256 ccc7de0e4717edbc99933878a2db4f2c7980d77af7bf166e9698c884666d439c
SHA512 829cd010e63a3c9f9019282ee70300cc91fea8d2cf825616d9ce15025d8eda68de692ff538c1009df628cfbe8468d7f38c9db875033573b4c0f2e2b32dd43bb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

MD5 77a781823d1c1a1f70513ffeda9e996d
SHA1 60776ceeb79ed41e7cd49b1ee07b1e09ff846f25
SHA256 b093599957b103def2cc82ffd2d42d57a98292ace5a6596e3e4439a6cce063b2
SHA512 9aa66273ad419e1fc4ee825ec9e9fea4297139eca060572d3f59ed9bccbf2e1dbd03a006a0a35c6d37196e8297ec9a49fb787f0a31c3772b17911603eca62aac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aea488e6ec8a9508bd08cedafea3944b
SHA1 f4443dd0c41d199aa114fa9706dc36bdc9f2d976
SHA256 88d76d2d611ec51ab5dbb7b3d866a46cfbc9deb1265d1e699e0b0382728ca265
SHA512 92233010e88cd560ac7dcfbc42ac8602e238e466ff911e0d327cf1172b31f4f35c12c5257016e2b86f044fd96f347e767cee9f4b5d355272ac41de7a4077a36e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 337c282c6c28b5e242fc33d716705654
SHA1 c2ccc4023bfd6941ed7544709e3aab31826f7afc
SHA256 82e1881daf9535b3ed5ee2f380e9bf665e79736fc70c8e9673e861b2f49d1baf
SHA512 8bfb0a1f7cc0320fba2cdb2e704489c81fd48623c1e0e69203c8b9d2e5ed3afbf13ca00e1266210a8f5450b3803ecea07b0782d392c5b09a5ad23d22d9e3826b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9389baf8a7c628a2391539cb8b5c9b7
SHA1 3d7f15b6ff401c05acd87cc8f88260bd8754b7ab
SHA256 2ee6c3bad9843a8fa281773e87805a9810e2e726179e72bfe88052dbbc47c346
SHA512 e915540501cc38e235cf815d65c7bcd086fbd040c42f69d55bf5d7e78b94899984f10df16cafaaefa0cb2cea182c5c70f2f69c1e0e65218ad8d514e98a854b74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 f69a450902ae6bc96d3f5876f0484290
SHA1 ba352bed8ac9b29bccc1aef038886ce4c19b0a1a
SHA256 e530aad91db15339f6be69696c78e82cb01bb86f5ba4a98c7a76a57d66819171
SHA512 59b4baf45c6bcbab2cbcbb470f7a24b53ca8a55210f646d706fce8ede05c4e7bbd836307064623e4a441a24092069b9816968bec00bbfd98d2edd3901b1f0488

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3a74a808f53fe6db79f04c9ff4be71e4
SHA1 bd5ebbbcadeb49ab78d14d0edd52fafec90f7d5f
SHA256 86e3d6eb77648a880e996293af89ea5a5c9323b5836751f067fc162dae66d346
SHA512 0dcfa18eaf49ea3714ff4c4d0a68cb7f347e1f13391fd6be79414c2dea75e3cfe1ac250d5b3b80eba6a9a57d568c42e5451d1852e64bb4a03bf52dcbec3dc44d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 83bf03dfe10e4d7b31c28d1346317cca
SHA1 64cfd68b942db798d8be9ecdd0e1750d019e6235
SHA256 514b0596b3ef4877a958a749aab9e1cdb416eb14de71f5a48e3d09b48b36e7fc
SHA512 4e85cf126c19382c90b5d57a15d55f735b5e669641c121dd7da9380a1d43beae5be38a4504ae38334d44df55785de43657c636a710b5f453d9d971686c525e80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 043abef4d0c27b828e95dc697306ff89
SHA1 5feacb0b6dd19f1053a6ce50e102f831c66954f7
SHA256 9816f1153664435089b4396d10298f8227e263cf8c3fe0ee7f6e185138386e90
SHA512 eedec51762f3026b291d9414c4f1f083f834cec07fe9f19428a0e268e96f1a44d19092a3441479653725a627659ba796008172e16dfd87199e0eebf6218a20ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 b35351b5ac60425214192e338e4d4d68
SHA1 eb0e89036d9df66b5c5ed27a7764ea7d54718fdc
SHA256 4710030d29658f2ff4cb67cbabff6320c64669ce78ce2d37168dfcf833348a58
SHA512 1ecada87efde9d9ffe8dfae32b07aab162feabd5076879ee4b8693f297f21963cc17701bbafccee252b0e22fe1a8842aae8c8bdd806065851e5798df41108b3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3bd4f6edea028641e25eeb88eaea0993
SHA1 25dae59f1c6572328a91d33dc65ea0a0b8e2216b
SHA256 e85f0b73041c80976fe08368902f5b5cd8a7006f49c020acd5cde32358142e1f
SHA512 533b6a0e88afa918b977503be38fa6001a3a83d9dd724c15e30356c07d3ede1aea002011e7a54d9dad9c8dd75bf15956ebb1571110039365830269d77a238863

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f74018b55df78cbd6ab9ede5a1ce660c
SHA1 1f889337ebc2c8adc0375e6a858c8ae0099b5827
SHA256 4e58cfa3acdb37e9ae1161bb926bec466a23c695b9b9a102d68dadc6d2e65273
SHA512 b00aa08ae31afbb3f1e1b9e474039d806fce60d3fb5265cdccd5e87d6d6d32c8b8bc1990f3c19015f395be9d8693ede3f4817443383a1e22a8095cd4000321f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d760a7e61f9e109b936642defe43a61
SHA1 6755de0c9bbcf5d0ca181e38c9f31fe2448649b9
SHA256 49dc08771b646b0647ba722cead3a0e0feb3467bb593cb90b49e74db23c63cc0
SHA512 c4f4f7e979bb0a03e9d3089194f5da4707282b0a9cbf3223dc42180831c99f331af034758b5629b53f3a69dcfcbfc5a5516601af180a85b4f1766d101ce4dc46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68a5df69719b604e77cd57564a2fffec
SHA1 1eba24f465d113be643389ac6532fdce9004d3fb
SHA256 960b813e9976b47a2e57f95ea0e24c032ef07a15ac1b86bbb3045714b862d8da
SHA512 a1597188d078dd6422bd7b2a5780aa4fe4d40528fc45c05cb27f2c155494524d2da5e09a0f05033dc1f700a520feb43d0e59aa3885ce44960a152b7fe71bbb9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84bb9e7df442d9358aa7dbdd2e1f857c
SHA1 d13b3a8f659bda130c3670ffa0eac9bda40cbcf2
SHA256 cef9ac622c7e09a32442950c6686a8b9e1a7e0e2a5004fb1ecd71efef276d9e7
SHA512 cdfc52bc1d450686fa37fbd8c9dbe7a4f3b61d4fa5a022ccff242dee0cbfe317f393dbce7788ae0dd5ea76b3c613489f127f464ddb73188a8159fd9e19e50044

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 647eb2133e7a8886cfb46efb38b29a9f
SHA1 d32c1c40526a37d0741a48e2fe49006ea68ce498
SHA256 10bc2702822b388446f1248a17d0e3e5868ce3d72527792fa01a78d3b04d0285
SHA512 b6345efdd7f4296c1cc150e6e17862b98268be961a546477c1a8c55d7528e230954c7e88723f87218ef9a8d2905f25af6d92686ce39699c36392829086a5384d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-3-11.2140.2288.1.odl

MD5 5567d6d6f5bbd9c3aa36ed9c21f679e6
SHA1 f49f1e59ffdb87136ef58db422c81243e89e4f4e
SHA256 ecd63856576565e17bf3e5b725282505718b6bd73ff81a542644a394bf4e0e34
SHA512 1b6669722848e78a60957e249b9d81c5c4e93993455864dbf30acb1ed347e3178cb04a0bb0e3244ee61586d473ed3fc2d8af210cd849e9d3a65d900bb0abf763

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 603b08e1c7c46a8f44bf9c2ff987f284
SHA1 631a2041e75f962d3482ca0f91044e7f8d7d91c2
SHA256 0d32a52d15ab9e1170778f488a0af1c08b58abeaa88a738eff114af80d1d6ac8
SHA512 13fc801f263eacb8e7b099831fab227a7c1572429bb0913b6086decea930a67a1d5138660a9507ba5f920cfcc48221795a9ad4d6d85d910423703fcb20cbfe58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 086926b5f26cb7bb25b9d31013fa2b9e
SHA1 6b262992801b6b402bd7395a8d79ab8c868c81fa
SHA256 5179e822d0257ff665b60c17c14acbfe0f0e61f1f2b4470788705e938d17395a
SHA512 061f415aa67f1106cef79c34f1b5415149fffcd74eeb34bc834888f496d7ea090c75b19e8279fad3fd3b8549beae6d45e1a5582239b3cdfe742345467fb2c381

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8d68091185e924fdf7c89d2ec884ff0a
SHA1 fc078bcc3a58f2c9ac952494bf328ea445d6aa46
SHA256 8ea493d0a8c8f4598bd6125f7b6a5396638cc38c59b9614573092fc7eda6acb7
SHA512 6df79d630a14556d3b9292688313f90afb337b753de8c0e4a3c3d706536f9bd4643080934e55ddf5b2f555bee05cd4132b5202f10f0dbbd775f0643f6b37f2a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dde002fdff66e90ac762ff58d0f9316e
SHA1 28721eee28256be93e9caa352d55ce8bd31b049e
SHA256 b0b813c246b27c6d1a44d7c38a0b3bf25c86be3821ff0d6fbec68f19506317ce
SHA512 3ebb7d569f26c2d71fb742a7ded8c61abe9f05423b29435311101c2b07ffec1c43a0299c3b7ec1401e0854061dac41e36c86e9a6aed5641b7f6c1d80fc32eb61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 26c990b92473f7bdc2adec36c330ab50
SHA1 4d821418e64e1f0398bc53879a7a176bb543c7a8
SHA256 f2b6d96da9f2a8ce663dcc1681802ffd9b7b61d22abb40616d5fd2833c1434fd
SHA512 be62ad84d161420b79763f3edd570129565fcea6a43c5d0b0dd38aedb169dc424194f64fcda310e78e291cf670f6ba89b84e7f282211604fb456b0b8076dc11b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a6e097fda755e9988c5ee216e9ea2da
SHA1 c1a3b751f345308c43d515f114c6e5777aaa2909
SHA256 405a646f6183507352ece12f06d7835d07227726a50ef5c80c5a0535e41001fc
SHA512 e6eefffcae9fe68eab9e6fb7afe4261fd03274360df3fb61c7a6de58ef079bf3b698342c4aae18322a75eb98b299f8dd5d05c47c089018d5a25c772489fe0316

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e855cd4375e37d9fbc8db99d4f68f24
SHA1 5d513d8e27e1ef81f7ee223ceb282538bfd883bf
SHA256 0da65377dcd66cee75a916c0dd5d4cead9cd02d9b604be33a7f2b7b3fe71ea40
SHA512 69e1cb069eb4f84404b8657f4ee2b4241ccbc86dcd171bca042c89194e655a809d7a6bcf36cf193a39990bdb28057f3a1cf65e422e54b0edfa3de31c1c8a01fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 186899d6013fb40dd446feb77001e72e
SHA1 35f7e86b9ade42f2c89da5c1f73085d18f8ccc89
SHA256 433ffc1fea405da77567aba021afbdf03b5213b7ce23124f0f30ae29bc19c86b
SHA512 28cd57b266863436fe3ddb2f7d95c0bf9ec361dc690ad22527017dfcc6b511475b086dc0382545ea3215f963672672339a257cd9e74c20ecfc5d27f9b2fdaa63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 02f42c15596ce00d229b2bb79ee34765
SHA1 afbb06527d26b9856374dd5a71ef9f9899f5693f
SHA256 47627423d39f0abf7ce238d466d1f7c1ca1a663ed51c445e972d9996216146de
SHA512 524ca7208496cee603cd2dca766be2d28853a5f047b85bbf4839cf1663e077a9eed397c0322e8bb2fc724664fdbdc7ec5b344847f35aa6c6790614966303be9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d51963774e5ee0f10cf260ca0abab295
SHA1 fbeaa8f893a16b2032bc0e41fa746046ee014d78
SHA256 a3e186c458c66bf23dfd213297ecf2a71b833bc21e2df924794d5049cdfb1b1d
SHA512 eb2400dba1afb1a826231d26aedcca01e1d248d070220f2d55684b73022f18d560e9212b3c48c925cee2f07970e092cfaa8c5482c58aa136ce61890b602a66e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5e9664d2b50dcb9ccd649a575a14dd9
SHA1 bc7db852e2a16be6f3a7cd3a26612c682a05f905
SHA256 a99da6df6b2d951f0906fdae6c81fc52c599c2ec6d697f7426ef2e0526ee850c
SHA512 3d0f84193c0c884bae1814dc076a9a08fd8fe380da46bf523c9f5d28a4c41df3364ded2f22bc9a91ea8f52cd5ae293b7c7e1dfd6a02d28835a0103349b5f68c5

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main.zip

MD5 9589fa8f344bc225d4b0f43fc007ef37
SHA1 4569264e2e3d9fb8996029a427e7bcc0f698627e
SHA256 2dad42b39691ce34a97dadc7a16c943227f9c9d17bc94fb96c5b8156c931b252
SHA512 4ddb5d2a2941a022b53d8937c4df05baa44fe619c02a8d62f425256a9a22def04cee474c3e35e94167cfc1ea87c3bf9486e0fdbbeace765edcbc5a3b3b03007c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a9b8dffe7a87ba02101937644b8b82c2
SHA1 98a91a3ff4ed59d5c07bb2c530877057c2c59c1d
SHA256 18161d350d18249edf7ae6109f77e0cd0764824b6510417073c045ca05ef6ee1
SHA512 4fc53af22b00bc91a08ec2fb281ba868d1bd61f3e034ebc0dd110b8ca3afc066adc7fe6fb090dc2f96f8515540fe4df0b98bb5bb57535a7d4ab8e11bc5797ec5

memory/1796-1275-0x0000000000740000-0x0000000000982000-memory.dmp

memory/1796-1276-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/1796-1277-0x0000000005930000-0x0000000005ED6000-memory.dmp

memory/596-1280-0x0000000000700000-0x0000000000D92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

MD5 e842b72bf6cda14d9c92f31c7c2b62a3
SHA1 545c2c08d3b719791c7e397116f5a97a63784dc5
SHA256 bc79430750f08006ba0b8e57334ab23661abc80d59aff5c70e37f4d82b7e59c8
SHA512 d5e64166652c29fb384b61546c385ecaaaf6fbed2ff2fa80f2f4ed88f1b7aedd71eb6d167745ffea7cca8cbff6c2deb90f96628c94e314a96e6b1e29aee9121e

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe:Zone.Identifier

MD5 640d524e902154387c7753caa8f354cd
SHA1 f26c3bd6504c691049b70127acd4541d0bb121f5
SHA256 44343939c5c0e594f307bcb9fc79669ea0213df316d5f3b4a557afa8acf2d665
SHA512 0eab3ce3739eb6bcf5055381c6718744e743e62e0069b80afdc3710dc46c7672b469aad84c566fd48006b7e6667b5e5f223adf496052155c259126718fa1bcd7

memory/596-1291-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/596-1290-0x00000000056E0000-0x000000000577C000-memory.dmp

memory/596-1292-0x0000000005820000-0x00000000058B2000-memory.dmp

memory/596-1293-0x00000000057E0000-0x00000000057F0000-memory.dmp

memory/596-1294-0x00000000057A0000-0x00000000057AA000-memory.dmp

memory/596-1295-0x0000000005920000-0x0000000005976000-memory.dmp

memory/596-1296-0x00000000057E0000-0x00000000057F0000-memory.dmp

memory/596-1297-0x00000000095E0000-0x0000000009646000-memory.dmp

memory/1796-1298-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/596-1299-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/596-1300-0x00000000057E0000-0x00000000057F0000-memory.dmp

memory/596-1301-0x00000000057E0000-0x00000000057F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

MD5 2fa26a8c36b54c529cf30459ac1815d6
SHA1 82fb20ceebd44bc77de4081801feb0a470e1131e
SHA256 45ed2bcc6da920db055a38c9cbb9308a727b5fe570ec5e74727478b98f9b2505
SHA512 6fd6edf33f3a8a45705fb6bad80bbdd44a855640d3ac2b3bd9c866e021aa31fe4cccd4336531f0a942117dccc14ecd09483d82b6c81f1ad3bef6f9cf88ab05e8

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

MD5 12dee010915b277bb677255ad4dca089
SHA1 f8a78b351ceb3bc28b032e7e2609c2c2cb818590
SHA256 971dd7cb9d10bcded15580c707736290a028346cc23c751498cb5d2083fee100
SHA512 28ae5a2805800c9167f5871888ac2e6fdfc107c294b57babd7f9ccda47d2f3aaf9f61b27f0db3999f719618b26bed8b8c75af020ce460941db94043b8c5ce27e

memory/2448-1314-0x00007FFE8F290000-0x00007FFE8FD52000-memory.dmp

memory/2448-1313-0x000001FBB7D20000-0x000001FBB82C0000-memory.dmp

memory/1796-1312-0x0000000074720000-0x0000000074ED1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Costura\A54E036D2DCD19384E8EA53862E0DD8F\64\sqlite.interop.dll

MD5 65ccd6ecb99899083d43f7c24eb8f869
SHA1 27037a9470cc5ed177c0b6688495f3a51996a023
SHA256 aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4
SHA512 533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d

memory/2448-1320-0x000001FBD2820000-0x000001FBD2896000-memory.dmp

memory/2448-1321-0x000001FBD2970000-0x000001FBD2980000-memory.dmp

memory/2448-1322-0x000001FBB9F10000-0x000001FBB9F2E000-memory.dmp

memory/3396-1324-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/3396-1323-0x0000000000C80000-0x0000000000E6A000-memory.dmp

memory/3396-1325-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpB1F4.tmp.bat

MD5 c0dd29d031733978f90b18a83cb1b08e
SHA1 b5fea4c01839da9829b12632a5f343ddfba19724
SHA256 2375e3aef28a76feca8c2f58ac634abd117ba9b1c25f1e0b0066bc8c4c75cdad
SHA512 4c3a80fc1eac681aa2dbe417c394c05023ac47b9dda2f80fad73af39011896e50c1502cbee2224f7d6e31727733a427fbe2fdbcd3471f5ad5a03d5b1d342bb1f

memory/2448-1331-0x00007FFE8F290000-0x00007FFE8FD52000-memory.dmp

memory/3396-1332-0x00000000073C0000-0x00000000075E4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll

MD5 40cd576796a550b7e335e687a86ddd79
SHA1 d5395f3d7f80cbbfbbaeb4cfc6b4b2fa34fa6efe
SHA256 d8b711e91debae661aec98191bd7e095bdf7b7dff224dd0980e58cdb0eb885c2
SHA512 f94fcf5744a5d7402513d26a0596082bc03750b97755e36652dfbc55d3f6b335dc6e6a6e8ea90972ae7a39074e5fc2f3f1e42c40c9b8d20d861ee5f3d3a42905

C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll

MD5 65affbb21c70cbd8607495821113937e
SHA1 eaa0afc8cc6f0992717d886a5c7b0eaacff9351c
SHA256 ff12f33284904c0f6d0dc0370856508bd430eb24be54b4ede109ca4d22a18af4
SHA512 96aadfcbcd3789705d4a259601d86de45b019e7178ecb3432180aa873ec56e504e351881691dc5e8e3cd667382e79641ca325d386f9e7331c194892409fb29bf

memory/3396-1340-0x0000000073120000-0x00000000731AA000-memory.dmp

memory/3396-1341-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/3396-1342-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/3396-1343-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe

MD5 251f8c10a5b5b4df859bb6af4963074b
SHA1 68fb7d6844e9b9948d758b982cf36a6328c8f843
SHA256 9438a974194307692bc3f54ebe040ca3fff54f547644ef55f76c37bd6153922b
SHA512 8258b306b02a917b7f9c6c00ac7f5de32b2b13d3e16a483568f5b6dce82e94052d22b4d1bd25dbf285eeb8167265f60cc0647ccce7e048993b0a7aa5d36967c7

C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe

MD5 c1ae5c1a84cb9b8c9dc36c0b1d6e2742
SHA1 067802268dede65b592c87e0e4a19bb825d51208
SHA256 6d67a84b17ac492e90a19a68010b1eaf0011739f71149083469b04cee339d4e7
SHA512 23b15fbcb70511d30d595d2ffd7bab648b3df438cb1f6a40a4e3a84ce804694c5410389ecbeca61f3da6bb4dd0bae9c7b7c7c01674a9c0dc51677bdbe05834e3

memory/2564-1347-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp

memory/2564-1350-0x0000026DEB300000-0x0000026DEB310000-memory.dmp

memory/2564-1351-0x0000026DED3A0000-0x0000026DED3AA000-memory.dmp

memory/2564-1352-0x0000026DED7B0000-0x0000026DED81A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 22480a005ede97015ebd28af650fc125
SHA1 f385aeabcc13a37cd8dc3a16fcf95569edf2dbfe
SHA256 1ffb34a078f2711a257555067d0d98cd80910830482ed7259a4ec611d4fbdfd3
SHA512 5b3cf9eaa54c161f19b15049be06be6b1ced082e8ae92ab1cd11458e598191100d92a28c96703034caaa82708b030ef4a4d2a00273a3c891661d2be5cf45b6e9

memory/2564-1356-0x0000026DEDA60000-0x0000026DEDA9A000-memory.dmp

memory/2564-1357-0x0000026DEDA20000-0x0000026DEDA46000-memory.dmp

memory/2564-1358-0x0000026DEE690000-0x0000026DEE742000-memory.dmp

memory/2564-1359-0x0000026DEE790000-0x0000026DEE7E0000-memory.dmp

memory/2564-1361-0x0000026DEE7E0000-0x0000026DEE802000-memory.dmp

memory/2564-1362-0x0000026DEB300000-0x0000026DEB310000-memory.dmp

memory/2564-1363-0x0000026DEE810000-0x0000026DEEB3E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 1d618cc69202453d15ca55581fdcd49e
SHA1 10302cdf5b3ae10b1b529ff4ca636a92f2eeea6c
SHA256 afdbacdc24fa7df30d0fd61db9415636184629c329c92e67366cfcc041ea19c5
SHA512 9f36818f3bc9af15bdb7a47b3131d97dfa1db67faa8c0f15a3efc46b56960778edf2b1d5e7ce99ee235b6a176f379ac68138ff6d70b2123b7dc93486dd18344f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 8544d952b6f6dcd2596840bfb706c516
SHA1 8f18859cec5d4c955e889d15dd321f7b72536312
SHA256 ca1f01544b9a3998a37dd76870795f82d473e1ae75db14e377ee788e2bb6c627
SHA512 c187fbf156782838e8bfa627f76f6162161635845793ce9ef2e2476ec3bb9feec7825c04344b7479a242c5d5860d7cdcc737ae3604dc63e9e3e8c561fc51ae14

memory/2564-1385-0x0000026DEE760000-0x0000026DEE772000-memory.dmp

memory/3396-1393-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/3396-1394-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/3552-1395-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/3552-1397-0x0000000005670000-0x0000000005680000-memory.dmp

memory/3396-1396-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/3396-1398-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

memory/3552-1399-0x0000000005670000-0x0000000005680000-memory.dmp

memory/2564-1400-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp

memory/2564-1401-0x0000026DEB300000-0x0000026DEB310000-memory.dmp

memory/2564-1402-0x0000026DEB300000-0x0000026DEB310000-memory.dmp

memory/3552-1404-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/3552-1406-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/3396-1407-0x0000000008720000-0x0000000008840000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f100b0d46e26cb132b944dfb049a89e
SHA1 8f2dfce5d28019ec4cfc975ee94e1aba16399b85
SHA256 1cefd2967dbb27cecab7bc4e8677426c599719493c7de13faac9855cd5f1676d
SHA512 2e68bf63d5b49762fb447a5b1167f085da909935af2f2c04c1eb22d49d8e3ecae8718f537bf03c6a3142f33c008a3716ccbd98e1e698fa64f1835d194e716963

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 458cc61d466dcb898dc2406a1ba5c8df
SHA1 2ed3858d537757983f3203b556252cb78e91a97a
SHA256 fdbd16111b760f4ff8fb043276add1925f6475cafbefc4cb4c299ac6c2479f1f
SHA512 aaf3c0b19ca5fb17889ffe36458714aac6c94557e4b852d032d3bc2b7f2a5cca3e06e120e27d23200051f37452f355657bc2ecb1e0cfb52f7b73b293b518d89e

C:\Users\Admin\Desktop\XHVNC-Client.exe

MD5 df2d89d4e780492e64f1237c5fe63dd5
SHA1 eea5ace1963ae0d4a7a80341a9fa178f8c26ebbe
SHA256 43b1a0e1a4dd4bfab9bdf17b9361e8a5f949bf4fb881c35f9bb865dbc1790d1a
SHA512 c32ceae0a330e1d79deca688cd364a4383f929f46cabbb95417c5f2740f48c3e467609cdc8b4ea98171b4f487a8a68cfe7d23a6cf8705af4296ee3f1be3d689c

memory/1476-1429-0x0000000000550000-0x0000000000566000-memory.dmp

memory/1476-1431-0x000000001B240000-0x000000001B250000-memory.dmp

memory/1476-1430-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp

memory/1596-1432-0x0000000000400000-0x0000000000416000-memory.dmp

memory/1476-1434-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp

memory/1596-1435-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/1596-1436-0x0000000005830000-0x0000000005840000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 c76cb67902c45472aedc3500f45c3171
SHA1 fbb107297f5d9706fa87420214a3c0fc3ad2f234
SHA256 b29ec422d3182d0dcb7febdc87668f8ce6a00200a2125ca86746d2185f76cb74
SHA512 da1bd897eda202dcf6f214a5b6b2b51c7748754db7e18654d7c9e225b5a197880391ce0f03a063aea372fe853995581eba048a89dcede6b0c7f2f1b9cf4bbb06

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db

MD5 8c284726fadaffb937db22b784507774
SHA1 68e2ffec5708f6e78a3433cbca81f4be52ca550f
SHA256 1cbb36298dab3a37e3e8e50fba5d4e1c47a37d6fbc637ac5c3f628d73498cf43
SHA512 99600ffed89f1862f18ba0d41b4839f0163b81b812c813ddadfbc6b31efa440f78d30960d199939d8aa70bbbc2be301fba778f78bc665a96d01ef145aa73e9b1

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XHVNC-Client.exe.log

MD5 94aaadf8fa4c31d238b961fcb2a519d5
SHA1 608175ecf723861c59796d3989fee3dfdf3bb6d2
SHA256 744cf26c0641b62c0daa1d5508613d6f1417778c242d3d79220121f70f9515b5
SHA512 574d80ffabd249da41a8c4618123aa2e88595cf3ac55b9e3e4c2dd2a3c2cee52c954119f5ed54d36941da78a4bc1963cdaa7dfdd4f19d3c1e954ced86deafecf

memory/1596-1499-0x0000000074720000-0x0000000074ED1000-memory.dmp

memory/3560-1498-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp

memory/3560-1500-0x0000000000E30000-0x0000000000E40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cxxgktmr.bsf.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Temp\ResetScale.ps1

MD5 03ec52c74847ffa409903bd3db885663
SHA1 c4c5b6a497f7e6c16962d0dccc53b3c06dbee210
SHA256 c433b19dc2ed05f37ea9b310a23593aa57d8c6c36b1526f06b037e94c658667c
SHA512 1d2fb42f3a43563e4fcbc44065315c8c81f5c0ac3f1516f8910ec44820f779979e5d0ff726bb9c1f02e7342a1098ea26ea04318e90b212d1b4cfa20f2d28d3bd

\??\c:\Users\Admin\AppData\Local\Temp\w1h2cmqz\w1h2cmqz.0.cs

MD5 16ec6a1216a8b82d7bc3d0b0b4847f1d
SHA1 874a97587db13e8d55bdfcc5ef69681c759549ca
SHA256 0717362217b55ae4b8ed86790fcae2997f7dcb9d931e687566960b54297adf1e
SHA512 234e9052025e789468b08ed3c01d164afc6be21f9fb6c4fdf759fda611b5ed02a16d01dfbd0213eeca63492abd3e945704d50264f04538694487cd2b5dd121b6

\??\c:\Users\Admin\AppData\Local\Temp\w1h2cmqz\CSCBD29377745546EE98CBC47F63C9A525.TMP

MD5 4048e07e28348d8dabd2d3cfbe94580c
SHA1 2171028f626dec7563c39080b297922edfc1138a
SHA256 fb819193f17e5ed13be1aa828033bde1814da8cba0974b38f28b5812cf7a6f2b
SHA512 21df207fa9147bba1120aa78daf1d261e86a9280235aa6f4fb5baa96420056412b1f055d97bb902740304cfc725596fbfdae355cc72accdcd727dbf572a2fcbe

C:\Users\Admin\AppData\Local\Temp\w1h2cmqz\w1h2cmqz.dll

MD5 6f293a5e07630890b0cec969548f1a8a
SHA1 42e11b36fc1d32f9130f5756a4abb5c4bcdcdea0
SHA256 ec704438cf78de4413ab9c9ebc9c1a97a791829967635d6cfdf11ca7c60d56a6
SHA512 c19da5d4f0ebd8bee9f6151a44815f5f6746e804b6a6c3cffbcc4a08798385a74071a97ba268e74d1a9c37e65d2391656dab7fe1b0fbf87be7f746112afccea2

C:\Users\Admin\AppData\Local\Temp\RESC59C.tmp

MD5 77e8099d664dae434da0623a3039eab6
SHA1 d14e173704364f7e818a0026132a6d633fa939a7
SHA256 4d03747545a425fb0c3023eac6a104c5a391a7a2e972f1d3fcf0136eee5205d9
SHA512 701acf45f2b3574385f171ecbd9062abd4c250c68fc8a4cad538c6d88a014260d6699b1115a77ff5327b41967ed11ce63e47d76b407574fe7262ba88c5fcad9c

\??\c:\Users\Admin\AppData\Local\Temp\w1h2cmqz\w1h2cmqz.cmdline

MD5 83f366461b0120426ec0a45a650f7c67
SHA1 b9fd7a48a0ddd359ad339abc12200c1e2f982c5f
SHA256 c08ec336a5d16a29db80c9347e08e98b0b525e7434c1197e3944dca2263d6fb2
SHA512 0bbf756596752382cfce5602832d216d81b9fab8d319a051b4f4254681eb8dfe824b0b2e6690aa25d12045659bf606b571c9539809962840fa8b00b0bcb90515

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eb35d6eb4290a619843d43de73586ba3
SHA1 8866f7bc92add74220bd8b191b68ec3947bdf507
SHA256 11e29d86a16d53854417eae496e4efffafa9b8c24c6afdd8485245d388c85efc
SHA512 5f65d5e8f2ff2c94f037cb142b4ba76459725c797bdf34617f20c89a5fed976574e947e756c79209febd61d6f656ed8d60831b2cbf3d9f6c52ccc7eb56488b03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e435eebb-1cb2-4936-8b7d-9e49403f9c9f.tmp

MD5 85b1f0a0b2db682366c46abbf90fe52d
SHA1 32981c3cf18ddb4e2c6fe26337c77a0a22dedba7
SHA256 3bc95cefd8ef1b092827eb9292cfb863581e89a4e067b4ba86f232395db599ac
SHA512 89508e16023054559d4b1d73e5dce624cd9611b3a42946c18e722ce1d5c94dbe65fbff850fc72e15d54423758d663d7278dd59db7d95964db04bb487c68d57df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 20e92e4f6f5e7481804959d6d3b18b73
SHA1 31b27474bf259aa195065b57c29e61be246ef4a6
SHA256 c52aa36560f4f1c07190baa0b81a47aef6883933ea377de8ae667dbf4071a033
SHA512 8166b79cfd470613efedf1469c681bf7efd5a2a11c30b72eac228091727f4beff0bd9a23f0498fedc1409fda23db0f1b4dd361b2eab4bd95a6a8f16ac91a3854

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

MD5 e1d0ea16ed724f5401f034a7ca78477f
SHA1 5c8772865b3cf95943e29c932cb634ca7ed495fa
SHA256 5650502a5282f7ac060ea1c36b835ade16fba2752cc5b395e9af7c3dd342183a
SHA512 f223e0a246f2bd4b8e3d56f04f54d0468d2727dbffa56d4d39dcafa4479a9f107602888597f1be050f3383ffe59eb1ee8409312dc99e9efccc6b438fb03bb242

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 c0636f2d138baca01dbb2eedb99bf3d5
SHA1 3b927899db0f3e2cb510782592887dc02fc3e400
SHA256 10973e727e5b0eb3f12aba60a682d66e79dfd86e4b6cfc454fd8df70c6e1fa8a
SHA512 0187a6ccb6428fb24ad4bc4ca14e7ce6f40ae6ca4f352f8e86a15288deb05cb4dd317ef8e9d04dc9ffb24407ecf0924af2c7910830c79366f7e4e48cb4b82b1d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 69bdb086a25c9ca99fb082069084b637
SHA1 25d745b75237277049f019c58d64b950f15a8682
SHA256 a215682b9e5cbba5187c7648dae96c0986fa6cf04a97b01917630935aa27bf97
SHA512 153f90e164b8454422f5a515a5551f66312876b5c0ef13814aa5157ed9a8433ca5d08b8da5e5ebb6b84ac6837518827a216976f0ac8afe135154d0b0a397887f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

MD5 41bec2a721b6fdf34fa0e37bef98b055
SHA1 876bcdf6a61008ebb026f766c90624f3dd3c5b44
SHA256 992a256d277b06bcf93876b4789fc2343c99ed146f041e8b595573f729208cd1
SHA512 2c49a2592d30ae4c63bd17448c0c5c45a2c56b28feefa4d6dad78a221549c2e51b69026c0f940c3e8a1e558894381869c8112e6e2905a1e3a6f7d36b0d0fc60b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fbec81a41092bef46bcc298002a1dac8
SHA1 4337932da83d0a8fefb7e158c0447b97a6871734
SHA256 ef16360f705b46c1bbbfe6d6cc2071030849fa8d20770e51737b9d446e19179b
SHA512 b9e11995b3b0a450f30b568f60d0cbae9a3f7edf05edb47fe75e0a0d7fe0cc70a02befa475d24f66ae17843cc37a42c941d7ec8a23382a380690b92a2b371ffc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

MD5 de9ef0c5bcc012a3a1131988dee272d8
SHA1 fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA256 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512 cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 6b3d4b29c0ca2f15f5be5bc838f955b0
SHA1 c446d66e4c7a9e5a24c71412897056a863956d07
SHA256 ccbe94213ab568b5d14fb057f845042a79618e81f84dd32e1cea13c52a4d793b
SHA512 3e465615639a926926f5d58abb7a5524689b3ca3fd16665bcc28badf3a214f589dd6c57156fed66845f9fa61b99478605844b383fb19135b01dc7052b5de366b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 b72ccf74a88b62706af12d6073b1c4bf
SHA1 af09cb48102a916c3d8e8c678b6b4a3df1a817d3
SHA256 937665e0c77b99ac62eecdd3b7a0411db2e3fd4058a9ad45e6c9ae5164849c39
SHA512 b6424efd8c5e74f3fa0bc881d3ad66dc987cbdaa7d9fc6f778f7828d4d1d92db2a6bd36122f2bcc27702f3e006972acc3f4caea163f3b4b6b41158c6e4f5598b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 a725132b1b2c6a72847c1359cdee5829
SHA1 0892ac082267bc5727a61c82e339ad7a72aa40c6
SHA256 9a649bf3dfe8e3e9532ecd17346a06e9cfd831754e39e4efdb08c0687e36d922
SHA512 c212d29e8416a4a64e3b5079e234feda9446a90f78bbc34de47db27b0f0082a86e40577b0bd5a8614dcf2537b041183e2dce775290f3c09b8b926290228b981a

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000005

MD5 fb7caaf1db7064bdfab5a4211e1df3ae
SHA1 5becdd176ad0d4e7b9f0b596d1a736591aeda812
SHA256 2673bc65dc5fa9dddc3542b726a20f5866a80b89803213b6a6d3370c34f7fc25
SHA512 46e2171c941507e469d7ab60eb9f0dec90bb0510ac8eaac7aecebfe8fd38cbf94cc08a7f3f2c7624a516ef099e068d8c092818047eb8e30ba5057db8d54b2c2e

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000022

MD5 9d7fa014e6bc0ca8ab8c72609f8fc86c
SHA1 c0d965ae0e136e58062e9654773d1c091bece854
SHA256 5395e70d04656b101fc08e5b828c6a12198f67e73d0e76c28c895edcf484eb3c
SHA512 f993501eaad3411c78484da8ad5a2a932ea9398a2643139282c7b4a444d70f9f51ce28800a6a5294692c0dbf7c2a115845ef326403c8b4c5b2fd954b5915fb2a

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000028

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000043

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_00004a

MD5 8dfc532e4fb1dcd5fabb281a41b18a8b
SHA1 eeef1efed07e037188b6a88e040cef9d175e4c18
SHA256 d50c49fda5ece17150089c9b62692c9fc3816e51c0b865f70ec2284623480c4d
SHA512 70c8fa64286f7032b9047ab206453c3a38af76601dfb50c322271a6458a26bc239e483d2458ba323c4abebd39f98e97d9c6207225a3081fdfec16ad73eaa7c7a

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_00004b

MD5 b40fe3681897daf8969be1ddd709836c
SHA1 419391849295d7cf72b5b00614b6a7affb5045e6
SHA256 f1a4474530b043b092e9cf6a8aff78de1320d8598961f93daf41087412258b4e
SHA512 7a0bebab2282ab2b69d060ef4cd4560e33202d5ec91dd27e2c08b0286c9594cd75ca1aca494f57d1a03e08a4f2985c41ad8324538fffa6664e7737e21058a298

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000049

MD5 a22bba8496b44ce03e78393762962309
SHA1 e40a5c761e2752898bff478212e73423720e62e4
SHA256 cc755756eafdc0478fd311c22224aacdd9422bb756c75e134bf7ecc12340db42
SHA512 283dbb5b1091232602b9ef06e0c1246c9928407bde42d6d3d88bd95a5416aa8e49036674e401f76d8d7c074ffbdc30b1c52f6417415b54e4c07d8b314d98ad77

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000047

MD5 ce9fe310a8b8ed92ae2c8472ff3b59ca
SHA1 59b1ef50b9181ea7b2ff15c6b3aee5b5b9d1e637
SHA256 886630a4fffcd5467a13460abee5fe70b262befa51b6353ea902a02e8ce112a1
SHA512 31c68e2fd65c6bad73ec409e6ddd9b1593bd3ad92ed5af979752ab4cd41bcc2f896a9be992c6ceeb232db9687c57c0abd3e35185c1e84199e6e87aeae84d099b

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000045

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000044

MD5 aa6ffba997d9e6535da1a2c26a004749
SHA1 9ed525230c4bccae34454a71adf723fb7479b53b
SHA256 db0eecba023386f47ac57fef8a8cdab5f12e04637da91c13b81b8b60b43025d0
SHA512 ba7e79b263af9d9939059a28d7c73683f9cdb2c9a986adc54d8ad54d28e237c2b0f88010a4829392addb3be5a8d08923cd5931a71ff7558eee9e4b6007273d2b

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000042

MD5 6c0d7b869b0581b57bfa61f385c2ea91
SHA1 c26d2c58a8b6cd2843ab8db8cd48ff8960bb9daf
SHA256 5c9fa7df7f446408d1aa91e9ab4d445b0be2ba4adc316c0bfa5a19cb0376b1dc
SHA512 11f7883bf9d439c48343639fd610fb7b1015179ea434c0aa5e3282f9eab24dbd3e5aee3f4fa8d65e130bf8938c10bf790f29b4c9f4f476f2fa7cb176fc4e191d

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000041

MD5 1965b62e56b6d4757d9e0d74c86dad04
SHA1 1c1c809a61758adb130d0ced642d2d1c27840f4f
SHA256 37e4da4156be306303e3457c6a903e741bee2d8824042f941dbdfb8a1b762b8c
SHA512 228623aeaa3931d49192b2fa4eefa9fc81f04c1ffe008858801313914454b7443bb3dda2c01d8242e5e47641bfda5fb66b75067c7d789859d4f7219d35ce5fae

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000040

MD5 93ab4cf70b3aa1641a4b258c3fe03f24
SHA1 cba2ddecb8e019e6e5a91dcf867c6d6094f39b63
SHA256 d6c2f9f2bb35841cdb53abb660544e6e6f44e39d6542323992cc1c63e998fa16
SHA512 70fa907afd9b52ed54a3cf755e394c40a3ff7a83041540b435cba47d889c1c9401afc9fb23a5e879d85bed42fd5df40cd7540d428b3ee7a9cdc278a314770884

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_00003f

MD5 43dac252d21bddd2477439e023621c6c
SHA1 a7a81cd955811fd15dad91f443e0880d7aa08d79
SHA256 fedd9610bd4c2237de2d9eebba3143424967690767ba25ca7ab369f7aab3bb4a
SHA512 cc5aac6a7e47a0548ebc9a606eff04d175e1c76844160069bf4787349be6fe897cffd1444f9c00dddc214502ebd5a8ab97a1527d219679af894a28858de40fc3

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_00003e

MD5 81b85b612431424f575bc416a58c6d19
SHA1 277895db8d6791df179961b29908fc163ae765bd
SHA256 f962714c038c33a1e0fcc23fe04e53c61d1a702f843f17937b63eab06f2b2181
SHA512 d2404bbf90fcea523bbaaed1203c6b5c232961bef0b1477c5abb382372432ac53b623cf26f6aaf3c159fba9c7a5c8fc2eef859fceb798ea364e74fcd4e605c58

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\2a53739ef6bc4461_0

MD5 5bba52ad3e29a090bd61fedea90c6e64
SHA1 dc6d435f6cbaa73275df8ef57049191c4c61901f
SHA256 d194e4fb9fabe498662ceea8e880d5193ecdcb03609f523b0c7d40cd6553c4a6
SHA512 c34fc36da2370a591a83560e2b0767475ca52a97b15b1b21afdc95025f8f486599c995d30ef1c153c9ac52043c5f1422f80de13671514600051d2f8b20006a9a

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\29ee49a9e002c15f_0

MD5 c4b9bc9bed21def075c6e7120cd9a43c
SHA1 220dac21a87b9de52c6db2c83d169702a5aed47f
SHA256 f4b9fd4ac66bc97d17e90d3ac7b0b6638d2e5c158c46652db25e66e5dc59175f
SHA512 3858afa0618798e3c533011a64a36ca237756921d9480f6a88b41b8d5f020a711a5ab6345339c0d86cf481cb4a169d4954095bcfede12e27c39309d947b3a57b

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\286a1787eb6b73cf_0

MD5 26470d89647b8b13651be185a9e91f7a
SHA1 327844c35e4435929f5bb85e45c5d5e5ba879fee
SHA256 cde78e10c210bcddfb6092acf377a4fad1c0deda9d443d493ef363e68d79910d
SHA512 853cf705cfa68c1df80602b253739bd0b5e27f88a76470573e5b5514585739e75804bb5ec41da1f67d1f8fecc30ae322f03c1edc2f4475c25a8417b9814f6beb

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\3a3c8393d90e5773_0

MD5 d316dcd19efdee93e68879b62a6e9bf3
SHA1 e415a619a2b39d038e3304e9c163d500b12ed602
SHA256 5131c4becc700845017848add833f396c65b4e073c7f08bdaf88e346d15c264f
SHA512 4caad6dfa1d18ec6a18dfab1a8c57f76fa44afd09e471f53fb40f9b7fd81dd6310812931830b230f0f53c2decd63fb04c515e4ff4c29fb60d2fc7b469013c952

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\50655a90f530f43b_0

MD5 ca246665a494ff99004db2c5d368a379
SHA1 390ae8aa171eb7e1af5bd10cb6612924156c035c
SHA256 f15a6699f642d9e7facdbc9bade12f24bdda57398a1bbd5b07cdc3cda77b1a70
SHA512 f6689c085cf8d3aa1631bf9139efdb53644256c62db15026bb7d40f2f410a396bdf102e80322d981d607781ff63945a8128c340f91482b13314ac5fa5383ae67

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\84ef792e97c5476a_0

MD5 203432e25a5c8f36908195954aaddd3c
SHA1 b641112489916e7c7712fc858ea1cefc39ae977c
SHA256 68e8bc29382223486846ce679efe41f8c869a053d49f784e42926a8b6fd63dc3
SHA512 77ed92c3835010f5120b72bcd6b085cced993610dafb41cc0fd4c2e7d5938595eb00d101bfe9a6b731904529ad8338cf3b9483273dedcb3ced220da22640d48a

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\8ab58f91c3086001_0

MD5 5d3d3c57f28d28503fb7c3c82fe43e53
SHA1 ed64aa3926a37a58124d3fd048fdafa89d8f5a06
SHA256 db72293904b44beefee830e1e18e0869a21da966f406ef721c69c8441ad1b04e
SHA512 c1cd17cd02b4fd623d8218562c082350c403dd5c57e65c33b2ec0b9b3ebc0ab8800eaf34cd75f9402a2e996c74eedae07bfd6f93e150532fb5f6dea1de12fe95

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\91c0c0568eec2384_0

MD5 68e41536fd18fe74d24788b486b94ca1
SHA1 73649331a2736a65d48f26b25104703eca65f557
SHA256 ec0b6320eda3002e0cd335a548b617f373c1ef8a75efcddd0fea4d725defcde1
SHA512 ebb54c8eb823df4e0d8dd9c97c8b0def85b3ddcfc2e17f1315b32e24fe0c844deb7c51227c7a7dc87d902f9b930a18aa011fd466a8915f2653ce34fd6a42ee91

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\89911cb6f335fb55_0

MD5 965c656d82b452d9e2be8ebf4e06c3f5
SHA1 80f3accd58dc7d0d5fc99d57d043fa5c3f254bf1
SHA256 af5b8de6fb0b7148531a71a25bea5369c38099e9f67da59c5bd6ae4136b7f6b7
SHA512 d288be596be4381584f7da0ba1c77681c7dea05387e9545316d0ed493f58c964ecafda144ffccfb7effb8be4965084131180f821ea2f08c8af56eb31194acecc

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\ade44207b4253689_0

MD5 971996a1b69eb7e0bb156979d4ae0da6
SHA1 d041e02831e1ddfa5ef00aa3bb039cd62ab1d757
SHA256 721879608959443ab0e71849b31739462b20e42e2a52b4c9abc03ccb0a5b7db6
SHA512 7c0505682aed9d6a5f8b8d18e9f9cb13d0ce444b2f0f96e7f250891568b8b8853874439934093e68bbad359e1bbe86f2a92609a503c1a2dc60f4e35a949f9c16

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\b55e27f8f44d80ba_0

MD5 bbb36d2e5acc25cead424d440bf8a144
SHA1 064e3929a772f018636fffb6d954d655d4115c65
SHA256 064c4a357a4d8e0f91609b93f378acae5d349b72b074df4f842b73072b0e8348
SHA512 299c91a8152e5f3152cd1f540612bf215380bceaca5be79cb6149cb4b3866f312dd0df26bf53505a2f579d26da0a280017411db9b257aba22fbbb5052190709e

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\ebe10eab84535fd9_0

MD5 3be257b7bdd3fa1b4bf42529c3a080f2
SHA1 ce618e034f0c813274d8d3f4c05d89e484a8c892
SHA256 23e618257206b80f725bd4a67f214f64888d80f1370ef1e61401d81145d603dc
SHA512 184ffe4f3e2b88fb12e35ccad2ad409a666ab1232ebeeea18681ef333c7d354a3a2e620ec26047403ea41961f4b7ff1d8452dc30f2345de6269b220dee32bddc

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\f66233e72c393c10_0

MD5 7fc77d111b1823361f1f14281937d7c5
SHA1 8a98664402b7af97863017d9c94220ec2ccbccf3
SHA256 e663fd6511213033620deb63782c26b2978e8a2d8904eb8fe5677a36a98394d5
SHA512 97011d59a5b7be518ce6b28985dbea3025a8c4b2974dd6256f79c7071fee10ddec063966cd636895ece27cb5f2796bb8c96818de8064c3e8f99de227609eb765

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\f7f4848d5ac56948_0

MD5 8ca92925b04de69fdc3fcc3b9f725b99
SHA1 62232be6380aad91ac633b07da8171788cc275d0
SHA256 8c494518863e8b71951efaa196b51edfa557087490231a9216efb44f808f878d
SHA512 01a0f1e1cd6c1a8db9e4f3ec8a44be003253f344be65f74dfcc8599532ce1ba75823e7bb6b9bbcbcd67977823fb9c0b0c5b32c8377d26c7669435ae404a71567

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\fb9846e0ec264d61_0

MD5 9e87c9a2a91299c60e8a44f12007f8b4
SHA1 ff2c07a8784342dc1bd63befaef6c3547af01d1f
SHA256 eeb53af9734f6eb76320a26e40e296f616ea0301176774e80bd0a12ac0d1c9c5
SHA512 998210fecd9c13bdfe417b57e0c42c842f5c51c74fa6f8b7621f2d5b7ce719f887dcbbfb9462124d9f5bd5b32cd05801b3acb9aa97bcf321d0db1ffde1709558

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\d1293963-a890-4e86-9f3b-9fc3189e1392\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_1

MD5 11840c6c803c00ad31fd4890c5d16460
SHA1 0a95eed3f4f9399999df56e98fec48275c9f22ea
SHA256 089afc28695494bcd13802fcf13f4e1f9eae134fe2a41c299f2d072cbb8d1e42
SHA512 20b3e75afedf319d8adad0182f369692e45fdad3fd044b7f47fd4b3988fa78c3f1cdb4059274be10b91022e643fb31a2e5060cecb3381be1df39b2ae94bd5c59

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ec7568123e3bee98a389e115698dffeb
SHA1 1542627dbcbaf7d93fcadb771191f18c2248238c
SHA256 5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75
SHA512 4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ff680be7-50fb-408c-8ef1-233d287b4729.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73f6c3d3cd522cc27ed592ada5e274f4
SHA1 86772fe2c6020afcec8b72dc0f5cee1c1d1797d5
SHA256 f30a1dcb167269480de0b4dc9488981dd6f32d72d0306546c04a6c33d92f1c32
SHA512 2f3f541408df9e8f718b746ff09c1f396ca2fe4416a35278b125a1cbd272913f75565eccc76ab6769a4bd9a866b6c4c44e00878b328303f84f0c0c1c53a608b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a33227d6ffa49b09974706930926260
SHA1 b94e5562793fab669c777be0abd9a02ffd1daa44
SHA256 97868f1256c7dccdd67369c7772d9748a8e9c82a2b5d2818ea88121ad8cdec27
SHA512 50eb1df0e556f045786368a268ca9a873f237098fc10c98b8005656204822d657fa9131bc28cc8582df4d66f50f3c81e58faee453ec550be8a2fa0ba9ef6e852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 a1c47aa8dc34db83e2463cf7fef67c2f
SHA1 5a0c62983f89f5397a32645fd53633af31bdd59b
SHA256 69ce53123ec5f719fb68dedef909c9326db38afb9622bc592432a7f49b9a0e12
SHA512 cbe0542bb394f9ce5656f024539c7b1674e122220537d53c0c6d4da245bea95cf6e83fd83ced94b3f15eb1f39daee5faf87af3cc69c46bac756665d5e739bfd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e39bc8c9-f0a0-4808-941c-84c7cbe894d6.tmp

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bbef2fed614c8bbeb6fa52bb4ce9747b
SHA1 d278bafc1e9fef866c1201e0511e8aed1309d37f
SHA256 65a2a5bca260e94bd226080d75d4c27df8a6bac963d6d01d54a61b3f9d67fd0d
SHA512 392180a9c4d6bb97851b173e12be8603fe2eed1fabe99ad9799391d990cffb96465165bdda8e369464818a8268d62e0174686aa7527d4b4bcc34aa99158c9ec9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

MD5 dcc6e79fd97930ec02904f20acc55d0a
SHA1 e9475a1fa9743e02971d51cf0eece6fb8147fa2a
SHA256 41b56812ef0228b762fc6f810f4960241ca147c4721afa837ad0bf6044e53c57
SHA512 3d9d681b852e657d603b0d8987b107d4d4a89a55e3b8d08c39f7655b023dd20ced3b46abd4c223bd98067ec6302559a94128dbf4c2e48c2d217a1b4fd095ed57

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 bdcaaa7a19930c5ca102eb59266f69cf
SHA1 2c06d71f0ac0bce57e3cdee14d9215c10afdc08b
SHA256 4f7073841583b71a934e0c18125d79216f668eaea9ae5266a98b26f347c2882b
SHA512 9a042f3d7da86147da880997522340a09c19e43d66ad34fe11f4c507b2639db3ac0483f0a0800cbb4ec95be8680e41adfd07661263bb8f790f350abe8bc7ddba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

MD5 8ad45277688e468640daeb58e2c92612
SHA1 99023c4f1abb796cf000d5e4d7177458810bc712
SHA256 5b0d6170f5263e908912cecca94722e400f068c0187bef057ffb32fb2d3513c3
SHA512 0ab264da71d751d00531d260472030eb5c2799c37b14ea0927e1ed53e1d5f2255d0ac12a849f9bf2c2cbaea1a60ae95f9ab4ab47bc47acb45041ede6325b1395

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_EB0BA4CC3740425A8D9702F71BEE7362.dat

MD5 69f121c558b04b37ae0c8adb52c94463
SHA1 66683e11ab2a8683017447f38828a64dba598b4d
SHA256 ac8e064441854fc47efe902d7f6de9f6ffaa5c8ad133af4ccf551a678368b796
SHA512 2dbac8432dc13ab59a41f623db8cfbb40511e6b60da1b42e319efaff2977a1ca185231e164cf51564ff4fae33a1ad79e6be9606003266e818d7ff3326a08b6c7

C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\login_data_db

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac