Analysis Overview
Threat Level: Known bad
The file https://win11.blueedge.me/ was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies Installed Components in the registry
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Obfuscated with Agile.Net obfuscator
Uses the VBS compiler for execution
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Adds Run key to start application
Enumerates connected drives
Detected potential entity reuse from brand spotify.
Suspicious use of SetThreadContext
Drops file in Windows directory
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
System policy modification
Uses Volume Shadow Copy WMI provider
Suspicious use of SendNotifyMessage
Checks processor information in registry
Enumerates processes with tasklist
Suspicious use of FindShellTrayWindow
Delays execution with timeout.exe
Modifies registry class
Kills process with taskkill
Modifies registry key
NTFS ADS
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy service COM API
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-11 21:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-11 21:35
Reported
2024-03-11 21:55
Platform
win11-20240214-en
Max time kernel
1153s
Max time network
1155s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1" | C:\Users\Admin\Desktop\XWorm.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XHVNC-Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XHVNC-Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\ChromeUpdater = "C:\\Users\\Admin\\AppData\\Roaming\\GoogleChromeUpdateLogger\\Updater.exe" | C:\Windows\system32\reg.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1" | C:\Users\Admin\Desktop\XWorm.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\Desktop\XWorm.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Detected potential entity reuse from brand spotify.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1476 set thread context of 1596 | N/A | C:\Users\Admin\Desktop\XHVNC-Client.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
| PID 3560 set thread context of 2268 | N/A | C:\Users\Admin\Desktop\XHVNC-Client.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546665759204926" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "5" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000100000014000000494c200601000400280010001000ffffffff2110ffffffffffffffff424d36000000000000003600000028000000100000004000000001002000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000001000000040000001c0000000100000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000000000002000000ffffffff | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133524141059344388" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2567984660-2719943099-2683635618-1000\{02D77F9C-D5F7-4247-A118-42536E9EDA1E} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 | C:\Windows\explorer.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe\:Zone.Identifier:$DATA | C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\Desktop\XWorm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1" | C:\Users\Admin\Desktop\XWorm.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://win11.blueedge.me/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffea64e9758,0x7ffea64e9768,0x7ffea64e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5088 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5400 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4400 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5560 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5104 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5864 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4516 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4824 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5964 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6124 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3812 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1192 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3524 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:8
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpB1F4.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpB1F4.tmp.bat
C:\Windows\system32\tasklist.exe
Tasklist /fi "PID eq 2448"
C:\Windows\system32\find.exe
find ":"
C:\Windows\system32\timeout.exe
Timeout /T 1 /Nobreak
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe
"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe /f
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe /f
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Command Reciever.exe"
C:\Users\Admin\Desktop\XHVNC-Client.exe
"C:\Users\Admin\Desktop\XHVNC-Client.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" YHE42N 127.0.0.1 8000 QIJFDR
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\Desktop\XHVNC-Client.exe
"C:\Users\Admin\Desktop\XHVNC-Client.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" YHE42N 127.0.0.1 8000 QIJFDR
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c powershell.exe -exec bypass -File "C:\Users\Admin\AppData\Local\Temp\ResetScale.ps1"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -exec bypass -File "C:\Users\Admin\AppData\Local\Temp\ResetScale.ps1"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w1h2cmqz\w1h2cmqz.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC59C.tmp" "c:\Users\Admin\AppData\Local\Temp\w1h2cmqz\CSCBD29377745546EE98CBC47F63C9A525.TMP"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3156 --field-trial-handle=1804,i,16655608243011848706,17332086097439021752,131072 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" " https://mail.google.com" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-sandbox --allow-no-sandbox-job --disable-accelerated-layers --disable-accelerated-plugins --disable-audio --disable-gpu --disable-d3d11 --disable-accelerated-2d-canvas --disable-deadline-scheduling --disable-ui-deadline-scheduling --aura-no-shadows --mute-audio
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffea64e9758,0x7ffea64e9768,0x7ffea64e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1668 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1908 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1960 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2720 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2728 --field-trial-handle=1812,i,18201292028147719437,9135418854021316020,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM brave.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM chrome.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM msedge.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM firefox.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM opera.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM opera.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea64f3cb8,0x7ffea64f3cc8,0x7ffea64f3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,960671619247456799,2615402230039819298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gh30oad1\gh30oad1.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES502F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB2864CC4836140CB9E9838E489C0F15D.TMP"
C:\Users\Admin\Desktop\XWorm.exe
"C:\Users\Admin\Desktop\XWorm.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | win11.blueedge.me | udp |
| US | 185.199.108.153:443 | win11.blueedge.me | tcp |
| US | 185.199.108.153:443 | win11.blueedge.me | tcp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 104.21.72.96:443 | wintest.andrewstech.me | tcp |
| US | 104.21.72.96:443 | wintest.andrewstech.me | tcp |
| US | 185.199.108.153:443 | win11.blueedge.me | tcp |
| US | 104.21.72.96:443 | wintest.andrewstech.me | udp |
| US | 8.8.8.8:53 | 202.178.17.96.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | blueedge.me | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | open.spotify.com | udp |
| US | 8.8.8.8:53 | bluelab.blueedge.me | udp |
| US | 8.8.8.8:53 | othello.blueedge.me | udp |
| US | 8.8.8.8:53 | upload.wikimedia.org | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| US | 185.199.108.153:443 | othello.blueedge.me | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 103.224.212.214:443 | dev.saavn.me | tcp |
| US | 8.8.8.8:53 | 240.59.15.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 103.224.212.214:443 | dev.saavn.me | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| GB | 104.77.160.207:443 | open.spotify.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 104.77.160.207:443 | open.spotify.com | tcp |
| US | 185.199.111.153:443 | github.win11react.com | tcp |
| NL | 185.15.59.224:443 | en.wikipedia.org | tcp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| NL | 185.15.59.224:443 | en.wikipedia.org | tcp |
| GB | 92.123.128.152:443 | www.bing.com | tcp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | udp |
| US | 185.199.108.153:443 | github.win11react.com | tcp |
| US | 185.199.110.153:443 | github.win11react.com | tcp |
| US | 104.21.72.96:443 | wintest.andrewstech.me | udp |
| US | 34.120.195.249:443 | o575799.ingest.sentry.io | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 172.217.23.206:443 | google.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.251.36.14:443 | consent.google.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 142.251.163.94:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 94.163.251.142.in-addr.arpa | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 142.251.163.94:443 | beacons2.gvt2.com | udp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | udp |
| NL | 172.217.23.206:443 | google.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.250.179.142:443 | encrypted-vtbn0.gstatic.com | tcp |
| NL | 142.250.179.142:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | e2c15.gcp.gvt2.com | udp |
| GB | 34.105.225.79:443 | e2c15.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| SA | 34.166.9.70:443 | e2c66.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 142.251.163.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 104.208.16.90:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 2.23.92.203:443 | www.bing.com | tcp |
| GB | 2.23.92.203:443 | www.bing.com | tcp |
| GB | 2.23.92.203:443 | www.bing.com | tcp |
| GB | 2.23.92.203:443 | www.bing.com | tcp |
| GB | 2.23.92.203:443 | www.bing.com | tcp |
| GB | 2.23.92.203:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 181.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| GB | 2.20.37.224:443 | cxcs.microsoft.net | tcp |
| GB | 2.23.92.203:443 | www.bing.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 2.20.37.224:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.192:443 | www.bing.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| GB | 2.20.37.224:443 | cxcs.microsoft.net | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 4.150.240.254:443 | arm-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | s-ring.msedge.net | udp |
| US | 13.107.3.254:443 | s-ring.msedge.net | tcp |
| US | 13.107.246.64:443 | fp-afd.azureedge.net | tcp |
| US | 131.253.33.254:443 | a-ring-fallback.msedge.net | tcp |
| FR | 152.199.21.118:443 | static-ecst.licdn.com | tcp |
| US | 8.8.8.8:53 | 254.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.21.199.152.in-addr.arpa | udp |
| GB | 2.23.92.203:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| NL | 142.250.179.197:443 | mail.google.com | tcp |
| NL | 142.250.179.197:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 172.217.168.193:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 193.168.217.172.in-addr.arpa | udp |
| NL | 142.250.179.145:443 | csp.withgoogle.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| US | 204.79.197.200:443 | bing.com | tcp |
| N/A | 192.168.1.1:80 | tcp | |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 204.79.197.200:443 | bing.com | tcp |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp | |
| N/A | 192.168.1.1:80 | tcp |
Files
\??\pipe\crashpad_2176_LUJUABBSNWLGBUFS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e9370372d9e144a719a710a826ff8bdc |
| SHA1 | 8474e900ad54aafe3668b43bd70a760c41a206d7 |
| SHA256 | af5fd1c5850460d7a45047109dedef163b70fe1ee2004ae6a648e92485df4e5b |
| SHA512 | 971987973a141a0b0c03ea02278df49540fdedbe9a5df495def0414068952cbfd93e300f41e2da262de9276030ce597393187433ed1f9b8ae3929f37f86b1a94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8a139eb194d8db89a56cb59ab2200434 |
| SHA1 | 55cecb8dd2106fec0e0cc626e3e099a7944acba1 |
| SHA256 | 86df4c05afadaf18f4f86c0824dbadae208d935f4f176ce38932dd7658b938f9 |
| SHA512 | 10653514b2311aa36528fcbbc5e3f7dc34033041e1289af8d562795a1aaa3d23507a9060c416578fa1cff17f9eb189984faa1ccc9e919c172aff8dab8b2ba22c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e6bbfc5c1146edde0f5aa27753f9e6dc |
| SHA1 | 21554ffd41499dbbdc123964a5893abfd8474ef2 |
| SHA256 | d2363f0274ef89166857e34e4ee986047214d3954c2ace5588d3d9d395c770ca |
| SHA512 | 11008dfe391db8065f9e9f580099a843017d100bdd03a923cf2fcd5ecb6086a3d747146ca295a1f0fcc93002a5e29f716bdd4460dc85e01e14be605805ad5906 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 68b84661cc0a64bfddaa8e63283f6e74 |
| SHA1 | ba391fa4f4a97b477c276d98f16454095e022fea |
| SHA256 | 2b8bf3c0f8d96d5cad37d70b73a6a65605c05b27ea7a6bae2f97ec6a82d82d49 |
| SHA512 | 7b78367fb6a297b83bd304acaaf7cf1c1602308a802c99812d301e72d8ce5f6efc4b4da3d0dc8aec798ed60fb5fdd84745db47613d75501ea268b504fd8912bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d08a7ecf29fb8987922f333f68f3592 |
| SHA1 | 584b9ccc9a5431739856557ae61149ab3ba4da74 |
| SHA256 | 104340f89a4b254589d4d8179c580009f26ca60e3926c9650933b3f25c97994c |
| SHA512 | 5c5a1b73f3b7a4cf2122538aa1773aa5ff286b25408c960992229422d2f28d06e496a7d07ac38e50be44d720538806384f20232c7cd322a8bbc0ccc775428092 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ac2e.TMP
| MD5 | 786d29e219c5f190520672b6e5370788 |
| SHA1 | 02d032ffc33d8a38779cce7543a7ed6ec5c17afb |
| SHA256 | c49335b3f0c3d060f72be22b9ef5b47a825cc5a69a30669ab89a6c7f424a13f8 |
| SHA512 | ec5f0c435b5a954624ccd726a01f6f705243837e8650da591596db0a49f2475618e3bd4ca39cd25091c0e7ad29938366038962626be069726efb64c5e48881be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7923d6f5276ce35981c3c3032cf208f2 |
| SHA1 | 633af4ad7d449ac194c72ea43dec55bb7812b6ef |
| SHA256 | 35e820c32831ce374c91221205e89ceb921960b24ac4746d64116cf6a009532f |
| SHA512 | 91d06bd08015ec4f8676b4cdf341ae135db17463caea568f9d2b2f988eaf88ee326e79e8409572e11842bb600e1443992c385064bfbecde50372f61773e1d88c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\d1293963-a890-4e86-9f3b-9fc3189e1392\index-dir\the-real-index
| MD5 | a53bf73608ec0d5b5863cd0e99362fee |
| SHA1 | 4e29ae8476f7576749eaea0fdf729083e80bf35a |
| SHA256 | 32deef3b88abb562fb34ace74c5669af5ad37e1b81be69a17d5e50d91f38401d |
| SHA512 | ed32cbd1162773ce28c915635b99d24c750b548fd03560d618b0dfafec1ed0b830475177060df9147b03c4a9fba8b023c4ad51486c48bda3ce1a1a3b2201acde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\d1293963-a890-4e86-9f3b-9fc3189e1392\index-dir\the-real-index~RFe57b4e8.TMP
| MD5 | 727793c4f230b79b29bbcebeb4135a6a |
| SHA1 | 7071f8a8affac1df973ee0553a0885f24b883a73 |
| SHA256 | f4049e4bc1099404c90a5b2d79b6c47e066e80eff96361c884de299552ba52f9 |
| SHA512 | a3132e92a703d2568f392facccd789a6c47629d5c5e563a94f011335615386eff1e009efce98b255ce30b3a62197a94da52c61e3d85df3db4752b5557cd8cb86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\index.txt~RFe57b536.TMP
| MD5 | cc38ffe9dfe46037286634b022f9d600 |
| SHA1 | a9b9cd1168fb7dea05ae2decb8a1114639215e24 |
| SHA256 | 5d93c56f8b8c82de5624b28fa5b979cd630f65c17f2d64436e2a0aaefe844610 |
| SHA512 | 3dbdb981baa1ac5d6cb7049b8a9cf65282a8e9747e3a402a5f896d02b9dbdb046d1b622bc31e0f2643d7be74560ce8dad1aa966a6a69d3873a1cce04c42277bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\index.txt
| MD5 | fc9fd463f9aff5a9d4a9fed15bd8855c |
| SHA1 | 3bd25a9ebf61b6364a3ce3916a97e717a9fc1ce5 |
| SHA256 | a034f275299172227999282c694874c9e0b196ad92d60c0ce6ef15818abb4934 |
| SHA512 | de9c00f160dc1d18080208c51e9890d66a78d120f75bd428ec35618ac18259516cd627f8c9df78f78ed431c9663e5a653b8aee2cb6245dcae26927e0fb0013a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9220041a90c47f87a88d0b2088e1b2ec |
| SHA1 | 010a295cd0e79e0f985a1a7765b3d7d757d310d3 |
| SHA256 | 6e7666a4e68bdf2177af045c75ef1af86f652e69ef9b40f5e4891ded79cbe92d |
| SHA512 | 3095ea13c1b1ec7aec48c4a77f6104cbe5c8426969f0d6aeb972712cfcda93dffa2f772eebf9754e2cf4d1b97c1fbe5f5a20a9a7e9e7415dfc96d0a49310e789 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 009f27de190d4c2f2b8f3942e58137ae |
| SHA1 | a44f8661bb3c5e8cac432aba37394b5361956495 |
| SHA256 | 76234570ba83511c9a2e99ea6423439fba3b4ab9ac2d87a60016b924b45406d9 |
| SHA512 | 13d96ec2a62de5ecbeecaf81abfa7be4f243bf9af9d62191383f103a7e6ac31bf2a75976d5c32e6384eb9fa6406ba5aeba585a0eb282a1ec393042cd43439b87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 06d89b6e12b97bc606512e62f4d2078f |
| SHA1 | 30727cb9b31cbd3295ee18bd57d00aad612a72ec |
| SHA256 | d1ff98a3691107401f7329bb8183d6562bdfee6d5f5333f9efd7024ebbcea61e |
| SHA512 | 1f7b0c73dd8e10cc180b75f7fc11d32e8826f1ae315cdafbc912cadb2370a8df30f69da1482d518985deeed02ecc1700c2e67dfd1d2a804e3fae510ad5922ee3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | eac6dfb4a419ec75fe767bca8504b298 |
| SHA1 | 33c3ea31f0b8ba32603ac8b82a8d7f87f909d4bf |
| SHA256 | 2ceea6c26380c743e0c8bc4cb3352b6c1193f9661618f50b99220c05016fb982 |
| SHA512 | 80753c556b94987bfdd0dbecdf5799b62789282e641e168b25d6ccfb60c357b51dbc226968c22883d5d8d1e94045ce3b611cdbb643222c52eca1c0085d67a3c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b863.TMP
| MD5 | f38487b52ae3f82d0a340f47255980fc |
| SHA1 | f7a7c530e92c130406a55676bb9227e04dd1ed24 |
| SHA256 | 7c7b4a9f807601ab2dc855703a6a173a432606db3b00fd1e03a886c710134c70 |
| SHA512 | 46a8784b9e03207ae46ff040a654022eaa9296bdb890770a5c0eab643c37cd178ae9b12028482f7350244671b8ffb22611b8a41476325b38a6de477e24466e2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | f5b4137b040ec6bd884feee514f7c176 |
| SHA1 | 7897677377a9ced759be35a66fdee34b391ab0ff |
| SHA256 | 845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6 |
| SHA512 | 813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | beec9f0eefce0a3e3f1d6cb1242497c9 |
| SHA1 | 10ffbc710120952f9df9508f9b3ad43136d89ef1 |
| SHA256 | 14d229cb215793749620298c31678bd6a6b14fda3592c9fbe0e2ec846c5ead24 |
| SHA512 | f9fe8d3d1b5267c093312694b5d51b1529bd5ca77f68c7881b1345b2079d5139e064f7495377a97da2e93b8af5d939f45f061c4134336f4840977e1f2c140be3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1fdaef9088ddc36a0165f3a6592139e2 |
| SHA1 | db7e3d02ba0af5daabf14b0ed05afb53995cc723 |
| SHA256 | 332eaf0f1da82e8c902efff36d713ebe240a303f91ad7a670eabca07224f6c37 |
| SHA512 | 73681654e63f9b2dcda66dd0dd4e5afe6536f68731c3314b4332b392d63ff3727a54f3e6eaadbf54a8e2ba7716157dd80dce1009ac4e34a4033bbdb61383c76f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\41f5e343-e2d8-4958-ad56-7f1ffe6d4bf4.tmp
| MD5 | 5d20696d8965773dc28cf2c695360c1e |
| SHA1 | f8b644ca7e1899890aa033c3cfff5265b939f270 |
| SHA256 | 1956769a9b729af3d8632eabc10f34769ed7788db3b38c93ba456ccc8493b17c |
| SHA512 | eb94ff133dd50a93489c841cf057e876e8b5a0aacda46c84d74d2a3e04a28794a3a96ece2df2033f07d9c8d5b866a17e21ae079217e88ce428dc533b150135f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d994844893f80646fc59d6b5eb7f738e |
| SHA1 | 6462314e29cee096f87ae9c8c82d47e14b75f846 |
| SHA256 | ccf6cc39572dad658f3fd7d79ec6dc873ce7e68ad4d868977d7dae1717c11d7b |
| SHA512 | 888d131d5eaae6e3aaa47cfa0be628963b4a89552ce89f7d074123073168ccb79e2153f0fd1ef9f6278991170316a3cb15c00e8fdbd8cd1f814fb261ade4a81a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 87e5f8cac72ed2a231e099cacde283f6 |
| SHA1 | ac96ba1aa2c2aa4b0f6819e7716896f0754c011e |
| SHA256 | 9295399587701e32ac215c36c0d2c1475e18e25f49fde0a198a57a891ea8c820 |
| SHA512 | 8a0372d42bf4a9921ae687a471235bf94fca60e8c0d3dc3c4e63b502f18a1188a000fb60d42fe586329e0c814f5ba7fdbbe535db5fce1f7aaffd036df76f9a2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a9299fd05cbeeeb1d93788c3af289097 |
| SHA1 | e832b4012f5c5d59324cb969d6416bae29ecb3cf |
| SHA256 | ef98fc621dbb1d9af77b52fee52cd20b6d59cf3fc8e0e9886837515622ab023c |
| SHA512 | 7ec60eaebbd956b0594c4a54f2dc243a1282d422dd875b9aa0a4d4afcdd73d49109a5d309294d3dc4dca193452666514f786af83b93a1345770282cb7175b66b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6c5187aebff85b11cbf5131521f4f7e9 |
| SHA1 | 656f3cfd019700a39dfe93266be8235e265f4d5f |
| SHA256 | 4e2c4590a4e5875e159664ac123d1152acf92a334e4f398ef0fff321b43d4134 |
| SHA512 | 0971dcf59f48b6a934326d7e529025a954c562e2964619fabc944eae6572f0d87a9c44709f96afe349244406f8dd06d36cc03e4201e68abb4d7da237c4fd2227 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f718525e911cc3f9fc9f47313164da2c |
| SHA1 | ec01dd531b29c08133188c15ae47ecbed1ddb5cc |
| SHA256 | ae6f97b775489858a9d57507322f6e77fb93b991be8ca8cc7fc16fc2aea27ff5 |
| SHA512 | 9142987c7fe2aa485f99390b0942a5450e4b16c5819bfb045d83687b24cb787317d51de024ba971e13381450a6eacb2d35c8e536068942cf3b58ae5f35533af7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a0c95e39b4456361e13bb1ab95a229d |
| SHA1 | d97eeea0557e18364cf07806f9d4984e4b98183f |
| SHA256 | e43147ec4283bebf0f9b64e98bba710aab5e56549cba3b9809744d29a978c434 |
| SHA512 | 2556ea8b52fb9de5c301c96d796e08002b2981a8d22a79822ebc2c2f1452b4a074daedb81e043642e24749feecad341b9b3b5b8fe794f0df6aca9ce81e0bbf43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0876486950f2aa151ecaaefbc792bb1c |
| SHA1 | e11f507d168c0ee3b7176c2c6244f8192d4d785e |
| SHA256 | 862690516fa5ef70035125c776fd02aa0fe4a07ede01018f2643d037982f0736 |
| SHA512 | 05d0e0daa633a473729ae73dcbeab3593c62f35dabf40d7ed562e13bbed87eb65db8ed38802292c925640ca24874bb9e7a5d2c9da611682de79ff8199471742e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4dc46038e6bb6fa459b7e66f0b3bf1f7 |
| SHA1 | d97030556f9c21e77aada4ff39104321a3203cdd |
| SHA256 | ccc7de0e4717edbc99933878a2db4f2c7980d77af7bf166e9698c884666d439c |
| SHA512 | 829cd010e63a3c9f9019282ee70300cc91fea8d2cf825616d9ce15025d8eda68de692ff538c1009df628cfbe8468d7f38c9db875033573b4c0f2e2b32dd43bb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046
| MD5 | 77a781823d1c1a1f70513ffeda9e996d |
| SHA1 | 60776ceeb79ed41e7cd49b1ee07b1e09ff846f25 |
| SHA256 | b093599957b103def2cc82ffd2d42d57a98292ace5a6596e3e4439a6cce063b2 |
| SHA512 | 9aa66273ad419e1fc4ee825ec9e9fea4297139eca060572d3f59ed9bccbf2e1dbd03a006a0a35c6d37196e8297ec9a49fb787f0a31c3772b17911603eca62aac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aea488e6ec8a9508bd08cedafea3944b |
| SHA1 | f4443dd0c41d199aa114fa9706dc36bdc9f2d976 |
| SHA256 | 88d76d2d611ec51ab5dbb7b3d866a46cfbc9deb1265d1e699e0b0382728ca265 |
| SHA512 | 92233010e88cd560ac7dcfbc42ac8602e238e466ff911e0d327cf1172b31f4f35c12c5257016e2b86f044fd96f347e767cee9f4b5d355272ac41de7a4077a36e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 337c282c6c28b5e242fc33d716705654 |
| SHA1 | c2ccc4023bfd6941ed7544709e3aab31826f7afc |
| SHA256 | 82e1881daf9535b3ed5ee2f380e9bf665e79736fc70c8e9673e861b2f49d1baf |
| SHA512 | 8bfb0a1f7cc0320fba2cdb2e704489c81fd48623c1e0e69203c8b9d2e5ed3afbf13ca00e1266210a8f5450b3803ecea07b0782d392c5b09a5ad23d22d9e3826b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f9389baf8a7c628a2391539cb8b5c9b7 |
| SHA1 | 3d7f15b6ff401c05acd87cc8f88260bd8754b7ab |
| SHA256 | 2ee6c3bad9843a8fa281773e87805a9810e2e726179e72bfe88052dbbc47c346 |
| SHA512 | e915540501cc38e235cf815d65c7bcd086fbd040c42f69d55bf5d7e78b94899984f10df16cafaaefa0cb2cea182c5c70f2f69c1e0e65218ad8d514e98a854b74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e
| MD5 | f69a450902ae6bc96d3f5876f0484290 |
| SHA1 | ba352bed8ac9b29bccc1aef038886ce4c19b0a1a |
| SHA256 | e530aad91db15339f6be69696c78e82cb01bb86f5ba4a98c7a76a57d66819171 |
| SHA512 | 59b4baf45c6bcbab2cbcbb470f7a24b53ca8a55210f646d706fce8ede05c4e7bbd836307064623e4a441a24092069b9816968bec00bbfd98d2edd3901b1f0488 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3a74a808f53fe6db79f04c9ff4be71e4 |
| SHA1 | bd5ebbbcadeb49ab78d14d0edd52fafec90f7d5f |
| SHA256 | 86e3d6eb77648a880e996293af89ea5a5c9323b5836751f067fc162dae66d346 |
| SHA512 | 0dcfa18eaf49ea3714ff4c4d0a68cb7f347e1f13391fd6be79414c2dea75e3cfe1ac250d5b3b80eba6a9a57d568c42e5451d1852e64bb4a03bf52dcbec3dc44d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 83bf03dfe10e4d7b31c28d1346317cca |
| SHA1 | 64cfd68b942db798d8be9ecdd0e1750d019e6235 |
| SHA256 | 514b0596b3ef4877a958a749aab9e1cdb416eb14de71f5a48e3d09b48b36e7fc |
| SHA512 | 4e85cf126c19382c90b5d57a15d55f735b5e669641c121dd7da9380a1d43beae5be38a4504ae38334d44df55785de43657c636a710b5f453d9d971686c525e80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 043abef4d0c27b828e95dc697306ff89 |
| SHA1 | 5feacb0b6dd19f1053a6ce50e102f831c66954f7 |
| SHA256 | 9816f1153664435089b4396d10298f8227e263cf8c3fe0ee7f6e185138386e90 |
| SHA512 | eedec51762f3026b291d9414c4f1f083f834cec07fe9f19428a0e268e96f1a44d19092a3441479653725a627659ba796008172e16dfd87199e0eebf6218a20ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b35351b5ac60425214192e338e4d4d68 |
| SHA1 | eb0e89036d9df66b5c5ed27a7764ea7d54718fdc |
| SHA256 | 4710030d29658f2ff4cb67cbabff6320c64669ce78ce2d37168dfcf833348a58 |
| SHA512 | 1ecada87efde9d9ffe8dfae32b07aab162feabd5076879ee4b8693f297f21963cc17701bbafccee252b0e22fe1a8842aae8c8bdd806065851e5798df41108b3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3bd4f6edea028641e25eeb88eaea0993 |
| SHA1 | 25dae59f1c6572328a91d33dc65ea0a0b8e2216b |
| SHA256 | e85f0b73041c80976fe08368902f5b5cd8a7006f49c020acd5cde32358142e1f |
| SHA512 | 533b6a0e88afa918b977503be38fa6001a3a83d9dd724c15e30356c07d3ede1aea002011e7a54d9dad9c8dd75bf15956ebb1571110039365830269d77a238863 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f74018b55df78cbd6ab9ede5a1ce660c |
| SHA1 | 1f889337ebc2c8adc0375e6a858c8ae0099b5827 |
| SHA256 | 4e58cfa3acdb37e9ae1161bb926bec466a23c695b9b9a102d68dadc6d2e65273 |
| SHA512 | b00aa08ae31afbb3f1e1b9e474039d806fce60d3fb5265cdccd5e87d6d6d32c8b8bc1990f3c19015f395be9d8693ede3f4817443383a1e22a8095cd4000321f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d760a7e61f9e109b936642defe43a61 |
| SHA1 | 6755de0c9bbcf5d0ca181e38c9f31fe2448649b9 |
| SHA256 | 49dc08771b646b0647ba722cead3a0e0feb3467bb593cb90b49e74db23c63cc0 |
| SHA512 | c4f4f7e979bb0a03e9d3089194f5da4707282b0a9cbf3223dc42180831c99f331af034758b5629b53f3a69dcfcbfc5a5516601af180a85b4f1766d101ce4dc46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68a5df69719b604e77cd57564a2fffec |
| SHA1 | 1eba24f465d113be643389ac6532fdce9004d3fb |
| SHA256 | 960b813e9976b47a2e57f95ea0e24c032ef07a15ac1b86bbb3045714b862d8da |
| SHA512 | a1597188d078dd6422bd7b2a5780aa4fe4d40528fc45c05cb27f2c155494524d2da5e09a0f05033dc1f700a520feb43d0e59aa3885ce44960a152b7fe71bbb9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 84bb9e7df442d9358aa7dbdd2e1f857c |
| SHA1 | d13b3a8f659bda130c3670ffa0eac9bda40cbcf2 |
| SHA256 | cef9ac622c7e09a32442950c6686a8b9e1a7e0e2a5004fb1ecd71efef276d9e7 |
| SHA512 | cdfc52bc1d450686fa37fbd8c9dbe7a4f3b61d4fa5a022ccff242dee0cbfe317f393dbce7788ae0dd5ea76b3c613489f127f464ddb73188a8159fd9e19e50044 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 647eb2133e7a8886cfb46efb38b29a9f |
| SHA1 | d32c1c40526a37d0741a48e2fe49006ea68ce498 |
| SHA256 | 10bc2702822b388446f1248a17d0e3e5868ce3d72527792fa01a78d3b04d0285 |
| SHA512 | b6345efdd7f4296c1cc150e6e17862b98268be961a546477c1a8c55d7528e230954c7e88723f87218ef9a8d2905f25af6d92686ce39699c36392829086a5384d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-3-11.2140.2288.1.odl
| MD5 | 5567d6d6f5bbd9c3aa36ed9c21f679e6 |
| SHA1 | f49f1e59ffdb87136ef58db422c81243e89e4f4e |
| SHA256 | ecd63856576565e17bf3e5b725282505718b6bd73ff81a542644a394bf4e0e34 |
| SHA512 | 1b6669722848e78a60957e249b9d81c5c4e93993455864dbf30acb1ed347e3178cb04a0bb0e3244ee61586d473ed3fc2d8af210cd849e9d3a65d900bb0abf763 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 603b08e1c7c46a8f44bf9c2ff987f284 |
| SHA1 | 631a2041e75f962d3482ca0f91044e7f8d7d91c2 |
| SHA256 | 0d32a52d15ab9e1170778f488a0af1c08b58abeaa88a738eff114af80d1d6ac8 |
| SHA512 | 13fc801f263eacb8e7b099831fab227a7c1572429bb0913b6086decea930a67a1d5138660a9507ba5f920cfcc48221795a9ad4d6d85d910423703fcb20cbfe58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 086926b5f26cb7bb25b9d31013fa2b9e |
| SHA1 | 6b262992801b6b402bd7395a8d79ab8c868c81fa |
| SHA256 | 5179e822d0257ff665b60c17c14acbfe0f0e61f1f2b4470788705e938d17395a |
| SHA512 | 061f415aa67f1106cef79c34f1b5415149fffcd74eeb34bc834888f496d7ea090c75b19e8279fad3fd3b8549beae6d45e1a5582239b3cdfe742345467fb2c381 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8d68091185e924fdf7c89d2ec884ff0a |
| SHA1 | fc078bcc3a58f2c9ac952494bf328ea445d6aa46 |
| SHA256 | 8ea493d0a8c8f4598bd6125f7b6a5396638cc38c59b9614573092fc7eda6acb7 |
| SHA512 | 6df79d630a14556d3b9292688313f90afb337b753de8c0e4a3c3d706536f9bd4643080934e55ddf5b2f555bee05cd4132b5202f10f0dbbd775f0643f6b37f2a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dde002fdff66e90ac762ff58d0f9316e |
| SHA1 | 28721eee28256be93e9caa352d55ce8bd31b049e |
| SHA256 | b0b813c246b27c6d1a44d7c38a0b3bf25c86be3821ff0d6fbec68f19506317ce |
| SHA512 | 3ebb7d569f26c2d71fb742a7ded8c61abe9f05423b29435311101c2b07ffec1c43a0299c3b7ec1401e0854061dac41e36c86e9a6aed5641b7f6c1d80fc32eb61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 26c990b92473f7bdc2adec36c330ab50 |
| SHA1 | 4d821418e64e1f0398bc53879a7a176bb543c7a8 |
| SHA256 | f2b6d96da9f2a8ce663dcc1681802ffd9b7b61d22abb40616d5fd2833c1434fd |
| SHA512 | be62ad84d161420b79763f3edd570129565fcea6a43c5d0b0dd38aedb169dc424194f64fcda310e78e291cf670f6ba89b84e7f282211604fb456b0b8076dc11b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a6e097fda755e9988c5ee216e9ea2da |
| SHA1 | c1a3b751f345308c43d515f114c6e5777aaa2909 |
| SHA256 | 405a646f6183507352ece12f06d7835d07227726a50ef5c80c5a0535e41001fc |
| SHA512 | e6eefffcae9fe68eab9e6fb7afe4261fd03274360df3fb61c7a6de58ef079bf3b698342c4aae18322a75eb98b299f8dd5d05c47c089018d5a25c772489fe0316 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5e855cd4375e37d9fbc8db99d4f68f24 |
| SHA1 | 5d513d8e27e1ef81f7ee223ceb282538bfd883bf |
| SHA256 | 0da65377dcd66cee75a916c0dd5d4cead9cd02d9b604be33a7f2b7b3fe71ea40 |
| SHA512 | 69e1cb069eb4f84404b8657f4ee2b4241ccbc86dcd171bca042c89194e655a809d7a6bcf36cf193a39990bdb28057f3a1cf65e422e54b0edfa3de31c1c8a01fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 186899d6013fb40dd446feb77001e72e |
| SHA1 | 35f7e86b9ade42f2c89da5c1f73085d18f8ccc89 |
| SHA256 | 433ffc1fea405da77567aba021afbdf03b5213b7ce23124f0f30ae29bc19c86b |
| SHA512 | 28cd57b266863436fe3ddb2f7d95c0bf9ec361dc690ad22527017dfcc6b511475b086dc0382545ea3215f963672672339a257cd9e74c20ecfc5d27f9b2fdaa63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 02f42c15596ce00d229b2bb79ee34765 |
| SHA1 | afbb06527d26b9856374dd5a71ef9f9899f5693f |
| SHA256 | 47627423d39f0abf7ce238d466d1f7c1ca1a663ed51c445e972d9996216146de |
| SHA512 | 524ca7208496cee603cd2dca766be2d28853a5f047b85bbf4839cf1663e077a9eed397c0322e8bb2fc724664fdbdc7ec5b344847f35aa6c6790614966303be9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d51963774e5ee0f10cf260ca0abab295 |
| SHA1 | fbeaa8f893a16b2032bc0e41fa746046ee014d78 |
| SHA256 | a3e186c458c66bf23dfd213297ecf2a71b833bc21e2df924794d5049cdfb1b1d |
| SHA512 | eb2400dba1afb1a826231d26aedcca01e1d248d070220f2d55684b73022f18d560e9212b3c48c925cee2f07970e092cfaa8c5482c58aa136ce61890b602a66e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5e9664d2b50dcb9ccd649a575a14dd9 |
| SHA1 | bc7db852e2a16be6f3a7cd3a26612c682a05f905 |
| SHA256 | a99da6df6b2d951f0906fdae6c81fc52c599c2ec6d697f7426ef2e0526ee850c |
| SHA512 | 3d0f84193c0c884bae1814dc076a9a08fd8fe380da46bf523c9f5d28a4c41df3364ded2f22bc9a91ea8f52cd5ae293b7c7e1dfd6a02d28835a0103349b5f68c5 |
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main.zip
| MD5 | 9589fa8f344bc225d4b0f43fc007ef37 |
| SHA1 | 4569264e2e3d9fb8996029a427e7bcc0f698627e |
| SHA256 | 2dad42b39691ce34a97dadc7a16c943227f9c9d17bc94fb96c5b8156c931b252 |
| SHA512 | 4ddb5d2a2941a022b53d8937c4df05baa44fe619c02a8d62f425256a9a22def04cee474c3e35e94167cfc1ea87c3bf9486e0fdbbeace765edcbc5a3b3b03007c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a9b8dffe7a87ba02101937644b8b82c2 |
| SHA1 | 98a91a3ff4ed59d5c07bb2c530877057c2c59c1d |
| SHA256 | 18161d350d18249edf7ae6109f77e0cd0764824b6510417073c045ca05ef6ee1 |
| SHA512 | 4fc53af22b00bc91a08ec2fb281ba868d1bd61f3e034ebc0dd110b8ca3afc066adc7fe6fb090dc2f96f8515540fe4df0b98bb5bb57535a7d4ab8e11bc5797ec5 |
memory/1796-1275-0x0000000000740000-0x0000000000982000-memory.dmp
memory/1796-1276-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/1796-1277-0x0000000005930000-0x0000000005ED6000-memory.dmp
memory/596-1280-0x0000000000700000-0x0000000000D92000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
| MD5 | e842b72bf6cda14d9c92f31c7c2b62a3 |
| SHA1 | 545c2c08d3b719791c7e397116f5a97a63784dc5 |
| SHA256 | bc79430750f08006ba0b8e57334ab23661abc80d59aff5c70e37f4d82b7e59c8 |
| SHA512 | d5e64166652c29fb384b61546c385ecaaaf6fbed2ff2fa80f2f4ed88f1b7aedd71eb6d167745ffea7cca8cbff6c2deb90f96628c94e314a96e6b1e29aee9121e |
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe:Zone.Identifier
| MD5 | 640d524e902154387c7753caa8f354cd |
| SHA1 | f26c3bd6504c691049b70127acd4541d0bb121f5 |
| SHA256 | 44343939c5c0e594f307bcb9fc79669ea0213df316d5f3b4a557afa8acf2d665 |
| SHA512 | 0eab3ce3739eb6bcf5055381c6718744e743e62e0069b80afdc3710dc46c7672b469aad84c566fd48006b7e6667b5e5f223adf496052155c259126718fa1bcd7 |
memory/596-1291-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/596-1290-0x00000000056E0000-0x000000000577C000-memory.dmp
memory/596-1292-0x0000000005820000-0x00000000058B2000-memory.dmp
memory/596-1293-0x00000000057E0000-0x00000000057F0000-memory.dmp
memory/596-1294-0x00000000057A0000-0x00000000057AA000-memory.dmp
memory/596-1295-0x0000000005920000-0x0000000005976000-memory.dmp
memory/596-1296-0x00000000057E0000-0x00000000057F0000-memory.dmp
memory/596-1297-0x00000000095E0000-0x0000000009646000-memory.dmp
memory/1796-1298-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/596-1299-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/596-1300-0x00000000057E0000-0x00000000057F0000-memory.dmp
memory/596-1301-0x00000000057E0000-0x00000000057F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
| MD5 | 2fa26a8c36b54c529cf30459ac1815d6 |
| SHA1 | 82fb20ceebd44bc77de4081801feb0a470e1131e |
| SHA256 | 45ed2bcc6da920db055a38c9cbb9308a727b5fe570ec5e74727478b98f9b2505 |
| SHA512 | 6fd6edf33f3a8a45705fb6bad80bbdd44a855640d3ac2b3bd9c866e021aa31fe4cccd4336531f0a942117dccc14ecd09483d82b6c81f1ad3bef6f9cf88ab05e8 |
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
| MD5 | 12dee010915b277bb677255ad4dca089 |
| SHA1 | f8a78b351ceb3bc28b032e7e2609c2c2cb818590 |
| SHA256 | 971dd7cb9d10bcded15580c707736290a028346cc23c751498cb5d2083fee100 |
| SHA512 | 28ae5a2805800c9167f5871888ac2e6fdfc107c294b57babd7f9ccda47d2f3aaf9f61b27f0db3999f719618b26bed8b8c75af020ce460941db94043b8c5ce27e |
memory/2448-1314-0x00007FFE8F290000-0x00007FFE8FD52000-memory.dmp
memory/2448-1313-0x000001FBB7D20000-0x000001FBB82C0000-memory.dmp
memory/1796-1312-0x0000000074720000-0x0000000074ED1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\A54E036D2DCD19384E8EA53862E0DD8F\64\sqlite.interop.dll
| MD5 | 65ccd6ecb99899083d43f7c24eb8f869 |
| SHA1 | 27037a9470cc5ed177c0b6688495f3a51996a023 |
| SHA256 | aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4 |
| SHA512 | 533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d |
memory/2448-1320-0x000001FBD2820000-0x000001FBD2896000-memory.dmp
memory/2448-1321-0x000001FBD2970000-0x000001FBD2980000-memory.dmp
memory/2448-1322-0x000001FBB9F10000-0x000001FBB9F2E000-memory.dmp
memory/3396-1324-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/3396-1323-0x0000000000C80000-0x0000000000E6A000-memory.dmp
memory/3396-1325-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpB1F4.tmp.bat
| MD5 | c0dd29d031733978f90b18a83cb1b08e |
| SHA1 | b5fea4c01839da9829b12632a5f343ddfba19724 |
| SHA256 | 2375e3aef28a76feca8c2f58ac634abd117ba9b1c25f1e0b0066bc8c4c75cdad |
| SHA512 | 4c3a80fc1eac681aa2dbe417c394c05023ac47b9dda2f80fad73af39011896e50c1502cbee2224f7d6e31727733a427fbe2fdbcd3471f5ad5a03d5b1d342bb1f |
memory/2448-1331-0x00007FFE8F290000-0x00007FFE8FD52000-memory.dmp
memory/3396-1332-0x00000000073C0000-0x00000000075E4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll
| MD5 | 40cd576796a550b7e335e687a86ddd79 |
| SHA1 | d5395f3d7f80cbbfbbaeb4cfc6b4b2fa34fa6efe |
| SHA256 | d8b711e91debae661aec98191bd7e095bdf7b7dff224dd0980e58cdb0eb885c2 |
| SHA512 | f94fcf5744a5d7402513d26a0596082bc03750b97755e36652dfbc55d3f6b335dc6e6a6e8ea90972ae7a39074e5fc2f3f1e42c40c9b8d20d861ee5f3d3a42905 |
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll
| MD5 | 65affbb21c70cbd8607495821113937e |
| SHA1 | eaa0afc8cc6f0992717d886a5c7b0eaacff9351c |
| SHA256 | ff12f33284904c0f6d0dc0370856508bd430eb24be54b4ede109ca4d22a18af4 |
| SHA512 | 96aadfcbcd3789705d4a259601d86de45b019e7178ecb3432180aa873ec56e504e351881691dc5e8e3cd667382e79641ca325d386f9e7331c194892409fb29bf |
memory/3396-1340-0x0000000073120000-0x00000000731AA000-memory.dmp
memory/3396-1341-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/3396-1342-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/3396-1343-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe
| MD5 | 251f8c10a5b5b4df859bb6af4963074b |
| SHA1 | 68fb7d6844e9b9948d758b982cf36a6328c8f843 |
| SHA256 | 9438a974194307692bc3f54ebe040ca3fff54f547644ef55f76c37bd6153922b |
| SHA512 | 8258b306b02a917b7f9c6c00ac7f5de32b2b13d3e16a483568f5b6dce82e94052d22b4d1bd25dbf285eeb8167265f60cc0647ccce7e048993b0a7aa5d36967c7 |
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Updater.exe
| MD5 | c1ae5c1a84cb9b8c9dc36c0b1d6e2742 |
| SHA1 | 067802268dede65b592c87e0e4a19bb825d51208 |
| SHA256 | 6d67a84b17ac492e90a19a68010b1eaf0011739f71149083469b04cee339d4e7 |
| SHA512 | 23b15fbcb70511d30d595d2ffd7bab648b3df438cb1f6a40a4e3a84ce804694c5410389ecbeca61f3da6bb4dd0bae9c7b7c7c01674a9c0dc51677bdbe05834e3 |
memory/2564-1347-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp
memory/2564-1350-0x0000026DEB300000-0x0000026DEB310000-memory.dmp
memory/2564-1351-0x0000026DED3A0000-0x0000026DED3AA000-memory.dmp
memory/2564-1352-0x0000026DED7B0000-0x0000026DED81A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 22480a005ede97015ebd28af650fc125 |
| SHA1 | f385aeabcc13a37cd8dc3a16fcf95569edf2dbfe |
| SHA256 | 1ffb34a078f2711a257555067d0d98cd80910830482ed7259a4ec611d4fbdfd3 |
| SHA512 | 5b3cf9eaa54c161f19b15049be06be6b1ced082e8ae92ab1cd11458e598191100d92a28c96703034caaa82708b030ef4a4d2a00273a3c891661d2be5cf45b6e9 |
memory/2564-1356-0x0000026DEDA60000-0x0000026DEDA9A000-memory.dmp
memory/2564-1357-0x0000026DEDA20000-0x0000026DEDA46000-memory.dmp
memory/2564-1358-0x0000026DEE690000-0x0000026DEE742000-memory.dmp
memory/2564-1359-0x0000026DEE790000-0x0000026DEE7E0000-memory.dmp
memory/2564-1361-0x0000026DEE7E0000-0x0000026DEE802000-memory.dmp
memory/2564-1362-0x0000026DEB300000-0x0000026DEB310000-memory.dmp
memory/2564-1363-0x0000026DEE810000-0x0000026DEEB3E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 1d618cc69202453d15ca55581fdcd49e |
| SHA1 | 10302cdf5b3ae10b1b529ff4ca636a92f2eeea6c |
| SHA256 | afdbacdc24fa7df30d0fd61db9415636184629c329c92e67366cfcc041ea19c5 |
| SHA512 | 9f36818f3bc9af15bdb7a47b3131d97dfa1db67faa8c0f15a3efc46b56960778edf2b1d5e7ce99ee235b6a176f379ac68138ff6d70b2123b7dc93486dd18344f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | 8544d952b6f6dcd2596840bfb706c516 |
| SHA1 | 8f18859cec5d4c955e889d15dd321f7b72536312 |
| SHA256 | ca1f01544b9a3998a37dd76870795f82d473e1ae75db14e377ee788e2bb6c627 |
| SHA512 | c187fbf156782838e8bfa627f76f6162161635845793ce9ef2e2476ec3bb9feec7825c04344b7479a242c5d5860d7cdcc737ae3604dc63e9e3e8c561fc51ae14 |
memory/2564-1385-0x0000026DEE760000-0x0000026DEE772000-memory.dmp
memory/3396-1393-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/3396-1394-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/3552-1395-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/3552-1397-0x0000000005670000-0x0000000005680000-memory.dmp
memory/3396-1396-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/3396-1398-0x0000000005AD0000-0x0000000005AE0000-memory.dmp
memory/3552-1399-0x0000000005670000-0x0000000005680000-memory.dmp
memory/2564-1400-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp
memory/2564-1401-0x0000026DEB300000-0x0000026DEB310000-memory.dmp
memory/2564-1402-0x0000026DEB300000-0x0000026DEB310000-memory.dmp
memory/3552-1404-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/3552-1406-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/3396-1407-0x0000000008720000-0x0000000008840000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7f100b0d46e26cb132b944dfb049a89e |
| SHA1 | 8f2dfce5d28019ec4cfc975ee94e1aba16399b85 |
| SHA256 | 1cefd2967dbb27cecab7bc4e8677426c599719493c7de13faac9855cd5f1676d |
| SHA512 | 2e68bf63d5b49762fb447a5b1167f085da909935af2f2c04c1eb22d49d8e3ecae8718f537bf03c6a3142f33c008a3716ccbd98e1e698fa64f1835d194e716963 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 458cc61d466dcb898dc2406a1ba5c8df |
| SHA1 | 2ed3858d537757983f3203b556252cb78e91a97a |
| SHA256 | fdbd16111b760f4ff8fb043276add1925f6475cafbefc4cb4c299ac6c2479f1f |
| SHA512 | aaf3c0b19ca5fb17889ffe36458714aac6c94557e4b852d032d3bc2b7f2a5cca3e06e120e27d23200051f37452f355657bc2ecb1e0cfb52f7b73b293b518d89e |
C:\Users\Admin\Desktop\XHVNC-Client.exe
| MD5 | df2d89d4e780492e64f1237c5fe63dd5 |
| SHA1 | eea5ace1963ae0d4a7a80341a9fa178f8c26ebbe |
| SHA256 | 43b1a0e1a4dd4bfab9bdf17b9361e8a5f949bf4fb881c35f9bb865dbc1790d1a |
| SHA512 | c32ceae0a330e1d79deca688cd364a4383f929f46cabbb95417c5f2740f48c3e467609cdc8b4ea98171b4f487a8a68cfe7d23a6cf8705af4296ee3f1be3d689c |
memory/1476-1429-0x0000000000550000-0x0000000000566000-memory.dmp
memory/1476-1431-0x000000001B240000-0x000000001B250000-memory.dmp
memory/1476-1430-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp
memory/1596-1432-0x0000000000400000-0x0000000000416000-memory.dmp
memory/1476-1434-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp
memory/1596-1435-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/1596-1436-0x0000000005830000-0x0000000005840000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | c76cb67902c45472aedc3500f45c3171 |
| SHA1 | fbb107297f5d9706fa87420214a3c0fc3ad2f234 |
| SHA256 | b29ec422d3182d0dcb7febdc87668f8ce6a00200a2125ca86746d2185f76cb74 |
| SHA512 | da1bd897eda202dcf6f214a5b6b2b51c7748754db7e18654d7c9e225b5a197880391ce0f03a063aea372fe853995581eba048a89dcede6b0c7f2f1b9cf4bbb06 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
| MD5 | 8c284726fadaffb937db22b784507774 |
| SHA1 | 68e2ffec5708f6e78a3433cbca81f4be52ca550f |
| SHA256 | 1cbb36298dab3a37e3e8e50fba5d4e1c47a37d6fbc637ac5c3f628d73498cf43 |
| SHA512 | 99600ffed89f1862f18ba0d41b4839f0163b81b812c813ddadfbc6b31efa440f78d30960d199939d8aa70bbbc2be301fba778f78bc665a96d01ef145aa73e9b1 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XHVNC-Client.exe.log
| MD5 | 94aaadf8fa4c31d238b961fcb2a519d5 |
| SHA1 | 608175ecf723861c59796d3989fee3dfdf3bb6d2 |
| SHA256 | 744cf26c0641b62c0daa1d5508613d6f1417778c242d3d79220121f70f9515b5 |
| SHA512 | 574d80ffabd249da41a8c4618123aa2e88595cf3ac55b9e3e4c2dd2a3c2cee52c954119f5ed54d36941da78a4bc1963cdaa7dfdd4f19d3c1e954ced86deafecf |
memory/1596-1499-0x0000000074720000-0x0000000074ED1000-memory.dmp
memory/3560-1498-0x00007FFE8F340000-0x00007FFE8FE02000-memory.dmp
memory/3560-1500-0x0000000000E30000-0x0000000000E40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cxxgktmr.bsf.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\ResetScale.ps1
| MD5 | 03ec52c74847ffa409903bd3db885663 |
| SHA1 | c4c5b6a497f7e6c16962d0dccc53b3c06dbee210 |
| SHA256 | c433b19dc2ed05f37ea9b310a23593aa57d8c6c36b1526f06b037e94c658667c |
| SHA512 | 1d2fb42f3a43563e4fcbc44065315c8c81f5c0ac3f1516f8910ec44820f779979e5d0ff726bb9c1f02e7342a1098ea26ea04318e90b212d1b4cfa20f2d28d3bd |
\??\c:\Users\Admin\AppData\Local\Temp\w1h2cmqz\w1h2cmqz.0.cs
| MD5 | 16ec6a1216a8b82d7bc3d0b0b4847f1d |
| SHA1 | 874a97587db13e8d55bdfcc5ef69681c759549ca |
| SHA256 | 0717362217b55ae4b8ed86790fcae2997f7dcb9d931e687566960b54297adf1e |
| SHA512 | 234e9052025e789468b08ed3c01d164afc6be21f9fb6c4fdf759fda611b5ed02a16d01dfbd0213eeca63492abd3e945704d50264f04538694487cd2b5dd121b6 |
\??\c:\Users\Admin\AppData\Local\Temp\w1h2cmqz\CSCBD29377745546EE98CBC47F63C9A525.TMP
| MD5 | 4048e07e28348d8dabd2d3cfbe94580c |
| SHA1 | 2171028f626dec7563c39080b297922edfc1138a |
| SHA256 | fb819193f17e5ed13be1aa828033bde1814da8cba0974b38f28b5812cf7a6f2b |
| SHA512 | 21df207fa9147bba1120aa78daf1d261e86a9280235aa6f4fb5baa96420056412b1f055d97bb902740304cfc725596fbfdae355cc72accdcd727dbf572a2fcbe |
C:\Users\Admin\AppData\Local\Temp\w1h2cmqz\w1h2cmqz.dll
| MD5 | 6f293a5e07630890b0cec969548f1a8a |
| SHA1 | 42e11b36fc1d32f9130f5756a4abb5c4bcdcdea0 |
| SHA256 | ec704438cf78de4413ab9c9ebc9c1a97a791829967635d6cfdf11ca7c60d56a6 |
| SHA512 | c19da5d4f0ebd8bee9f6151a44815f5f6746e804b6a6c3cffbcc4a08798385a74071a97ba268e74d1a9c37e65d2391656dab7fe1b0fbf87be7f746112afccea2 |
C:\Users\Admin\AppData\Local\Temp\RESC59C.tmp
| MD5 | 77e8099d664dae434da0623a3039eab6 |
| SHA1 | d14e173704364f7e818a0026132a6d633fa939a7 |
| SHA256 | 4d03747545a425fb0c3023eac6a104c5a391a7a2e972f1d3fcf0136eee5205d9 |
| SHA512 | 701acf45f2b3574385f171ecbd9062abd4c250c68fc8a4cad538c6d88a014260d6699b1115a77ff5327b41967ed11ce63e47d76b407574fe7262ba88c5fcad9c |
\??\c:\Users\Admin\AppData\Local\Temp\w1h2cmqz\w1h2cmqz.cmdline
| MD5 | 83f366461b0120426ec0a45a650f7c67 |
| SHA1 | b9fd7a48a0ddd359ad339abc12200c1e2f982c5f |
| SHA256 | c08ec336a5d16a29db80c9347e08e98b0b525e7434c1197e3944dca2263d6fb2 |
| SHA512 | 0bbf756596752382cfce5602832d216d81b9fab8d319a051b4f4254681eb8dfe824b0b2e6690aa25d12045659bf606b571c9539809962840fa8b00b0bcb90515 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb35d6eb4290a619843d43de73586ba3 |
| SHA1 | 8866f7bc92add74220bd8b191b68ec3947bdf507 |
| SHA256 | 11e29d86a16d53854417eae496e4efffafa9b8c24c6afdd8485245d388c85efc |
| SHA512 | 5f65d5e8f2ff2c94f037cb142b4ba76459725c797bdf34617f20c89a5fed976574e947e756c79209febd61d6f656ed8d60831b2cbf3d9f6c52ccc7eb56488b03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e435eebb-1cb2-4936-8b7d-9e49403f9c9f.tmp
| MD5 | 85b1f0a0b2db682366c46abbf90fe52d |
| SHA1 | 32981c3cf18ddb4e2c6fe26337c77a0a22dedba7 |
| SHA256 | 3bc95cefd8ef1b092827eb9292cfb863581e89a4e067b4ba86f232395db599ac |
| SHA512 | 89508e16023054559d4b1d73e5dce624cd9611b3a42946c18e722ce1d5c94dbe65fbff850fc72e15d54423758d663d7278dd59db7d95964db04bb487c68d57df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 20e92e4f6f5e7481804959d6d3b18b73 |
| SHA1 | 31b27474bf259aa195065b57c29e61be246ef4a6 |
| SHA256 | c52aa36560f4f1c07190baa0b81a47aef6883933ea377de8ae667dbf4071a033 |
| SHA512 | 8166b79cfd470613efedf1469c681bf7efd5a2a11c30b72eac228091727f4beff0bd9a23f0498fedc1409fda23db0f1b4dd361b2eab4bd95a6a8f16ac91a3854 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
| MD5 | e1d0ea16ed724f5401f034a7ca78477f |
| SHA1 | 5c8772865b3cf95943e29c932cb634ca7ed495fa |
| SHA256 | 5650502a5282f7ac060ea1c36b835ade16fba2752cc5b395e9af7c3dd342183a |
| SHA512 | f223e0a246f2bd4b8e3d56f04f54d0468d2727dbffa56d4d39dcafa4479a9f107602888597f1be050f3383ffe59eb1ee8409312dc99e9efccc6b438fb03bb242 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | c0636f2d138baca01dbb2eedb99bf3d5 |
| SHA1 | 3b927899db0f3e2cb510782592887dc02fc3e400 |
| SHA256 | 10973e727e5b0eb3f12aba60a682d66e79dfd86e4b6cfc454fd8df70c6e1fa8a |
| SHA512 | 0187a6ccb6428fb24ad4bc4ca14e7ce6f40ae6ca4f352f8e86a15288deb05cb4dd317ef8e9d04dc9ffb24407ecf0924af2c7910830c79366f7e4e48cb4b82b1d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 69bdb086a25c9ca99fb082069084b637 |
| SHA1 | 25d745b75237277049f019c58d64b950f15a8682 |
| SHA256 | a215682b9e5cbba5187c7648dae96c0986fa6cf04a97b01917630935aa27bf97 |
| SHA512 | 153f90e164b8454422f5a515a5551f66312876b5c0ef13814aa5157ed9a8433ca5d08b8da5e5ebb6b84ac6837518827a216976f0ac8afe135154d0b0a397887f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
| MD5 | 41bec2a721b6fdf34fa0e37bef98b055 |
| SHA1 | 876bcdf6a61008ebb026f766c90624f3dd3c5b44 |
| SHA256 | 992a256d277b06bcf93876b4789fc2343c99ed146f041e8b595573f729208cd1 |
| SHA512 | 2c49a2592d30ae4c63bd17448c0c5c45a2c56b28feefa4d6dad78a221549c2e51b69026c0f940c3e8a1e558894381869c8112e6e2905a1e3a6f7d36b0d0fc60b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fbec81a41092bef46bcc298002a1dac8 |
| SHA1 | 4337932da83d0a8fefb7e158c0447b97a6871734 |
| SHA256 | ef16360f705b46c1bbbfe6d6cc2071030849fa8d20770e51737b9d446e19179b |
| SHA512 | b9e11995b3b0a450f30b568f60d0cbae9a3f7edf05edb47fe75e0a0d7fe0cc70a02befa475d24f66ae17843cc37a42c941d7ec8a23382a380690b92a2b371ffc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | de9ef0c5bcc012a3a1131988dee272d8 |
| SHA1 | fa9ccbdc969ac9e1474fce773234b28d50951cd8 |
| SHA256 | 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590 |
| SHA512 | cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | 6b3d4b29c0ca2f15f5be5bc838f955b0 |
| SHA1 | c446d66e4c7a9e5a24c71412897056a863956d07 |
| SHA256 | ccbe94213ab568b5d14fb057f845042a79618e81f84dd32e1cea13c52a4d793b |
| SHA512 | 3e465615639a926926f5d58abb7a5524689b3ca3fd16665bcc28badf3a214f589dd6c57156fed66845f9fa61b99478605844b383fb19135b01dc7052b5de366b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | b72ccf74a88b62706af12d6073b1c4bf |
| SHA1 | af09cb48102a916c3d8e8c678b6b4a3df1a817d3 |
| SHA256 | 937665e0c77b99ac62eecdd3b7a0411db2e3fd4058a9ad45e6c9ae5164849c39 |
| SHA512 | b6424efd8c5e74f3fa0bc881d3ad66dc987cbdaa7d9fc6f778f7828d4d1d92db2a6bd36122f2bcc27702f3e006972acc3f4caea163f3b4b6b41158c6e4f5598b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | a725132b1b2c6a72847c1359cdee5829 |
| SHA1 | 0892ac082267bc5727a61c82e339ad7a72aa40c6 |
| SHA256 | 9a649bf3dfe8e3e9532ecd17346a06e9cfd831754e39e4efdb08c0687e36d922 |
| SHA512 | c212d29e8416a4a64e3b5079e234feda9446a90f78bbc34de47db27b0f0082a86e40577b0bd5a8614dcf2537b041183e2dce775290f3c09b8b926290228b981a |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000005
| MD5 | fb7caaf1db7064bdfab5a4211e1df3ae |
| SHA1 | 5becdd176ad0d4e7b9f0b596d1a736591aeda812 |
| SHA256 | 2673bc65dc5fa9dddc3542b726a20f5866a80b89803213b6a6d3370c34f7fc25 |
| SHA512 | 46e2171c941507e469d7ab60eb9f0dec90bb0510ac8eaac7aecebfe8fd38cbf94cc08a7f3f2c7624a516ef099e068d8c092818047eb8e30ba5057db8d54b2c2e |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000022
| MD5 | 9d7fa014e6bc0ca8ab8c72609f8fc86c |
| SHA1 | c0d965ae0e136e58062e9654773d1c091bece854 |
| SHA256 | 5395e70d04656b101fc08e5b828c6a12198f67e73d0e76c28c895edcf484eb3c |
| SHA512 | f993501eaad3411c78484da8ad5a2a932ea9398a2643139282c7b4a444d70f9f51ce28800a6a5294692c0dbf7c2a115845ef326403c8b4c5b2fd954b5915fb2a |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000028
| MD5 | b82ca47ee5d42100e589bdd94e57936e |
| SHA1 | 0dad0cd7d0472248b9b409b02122d13bab513b4c |
| SHA256 | d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d |
| SHA512 | 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000043
| MD5 | 8b2813296f6e3577e9ac2eb518ac437e |
| SHA1 | 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86 |
| SHA256 | befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d |
| SHA512 | a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_00004a
| MD5 | 8dfc532e4fb1dcd5fabb281a41b18a8b |
| SHA1 | eeef1efed07e037188b6a88e040cef9d175e4c18 |
| SHA256 | d50c49fda5ece17150089c9b62692c9fc3816e51c0b865f70ec2284623480c4d |
| SHA512 | 70c8fa64286f7032b9047ab206453c3a38af76601dfb50c322271a6458a26bc239e483d2458ba323c4abebd39f98e97d9c6207225a3081fdfec16ad73eaa7c7a |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_00004b
| MD5 | b40fe3681897daf8969be1ddd709836c |
| SHA1 | 419391849295d7cf72b5b00614b6a7affb5045e6 |
| SHA256 | f1a4474530b043b092e9cf6a8aff78de1320d8598961f93daf41087412258b4e |
| SHA512 | 7a0bebab2282ab2b69d060ef4cd4560e33202d5ec91dd27e2c08b0286c9594cd75ca1aca494f57d1a03e08a4f2985c41ad8324538fffa6664e7737e21058a298 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000049
| MD5 | a22bba8496b44ce03e78393762962309 |
| SHA1 | e40a5c761e2752898bff478212e73423720e62e4 |
| SHA256 | cc755756eafdc0478fd311c22224aacdd9422bb756c75e134bf7ecc12340db42 |
| SHA512 | 283dbb5b1091232602b9ef06e0c1246c9928407bde42d6d3d88bd95a5416aa8e49036674e401f76d8d7c074ffbdc30b1c52f6417415b54e4c07d8b314d98ad77 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000047
| MD5 | ce9fe310a8b8ed92ae2c8472ff3b59ca |
| SHA1 | 59b1ef50b9181ea7b2ff15c6b3aee5b5b9d1e637 |
| SHA256 | 886630a4fffcd5467a13460abee5fe70b262befa51b6353ea902a02e8ce112a1 |
| SHA512 | 31c68e2fd65c6bad73ec409e6ddd9b1593bd3ad92ed5af979752ab4cd41bcc2f896a9be992c6ceeb232db9687c57c0abd3e35185c1e84199e6e87aeae84d099b |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000045
| MD5 | 063fe934b18300c766e7279114db4b67 |
| SHA1 | d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd |
| SHA256 | 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e |
| SHA512 | 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000044
| MD5 | aa6ffba997d9e6535da1a2c26a004749 |
| SHA1 | 9ed525230c4bccae34454a71adf723fb7479b53b |
| SHA256 | db0eecba023386f47ac57fef8a8cdab5f12e04637da91c13b81b8b60b43025d0 |
| SHA512 | ba7e79b263af9d9939059a28d7c73683f9cdb2c9a986adc54d8ad54d28e237c2b0f88010a4829392addb3be5a8d08923cd5931a71ff7558eee9e4b6007273d2b |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000042
| MD5 | 6c0d7b869b0581b57bfa61f385c2ea91 |
| SHA1 | c26d2c58a8b6cd2843ab8db8cd48ff8960bb9daf |
| SHA256 | 5c9fa7df7f446408d1aa91e9ab4d445b0be2ba4adc316c0bfa5a19cb0376b1dc |
| SHA512 | 11f7883bf9d439c48343639fd610fb7b1015179ea434c0aa5e3282f9eab24dbd3e5aee3f4fa8d65e130bf8938c10bf790f29b4c9f4f476f2fa7cb176fc4e191d |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000041
| MD5 | 1965b62e56b6d4757d9e0d74c86dad04 |
| SHA1 | 1c1c809a61758adb130d0ced642d2d1c27840f4f |
| SHA256 | 37e4da4156be306303e3457c6a903e741bee2d8824042f941dbdfb8a1b762b8c |
| SHA512 | 228623aeaa3931d49192b2fa4eefa9fc81f04c1ffe008858801313914454b7443bb3dda2c01d8242e5e47641bfda5fb66b75067c7d789859d4f7219d35ce5fae |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_000040
| MD5 | 93ab4cf70b3aa1641a4b258c3fe03f24 |
| SHA1 | cba2ddecb8e019e6e5a91dcf867c6d6094f39b63 |
| SHA256 | d6c2f9f2bb35841cdb53abb660544e6e6f44e39d6542323992cc1c63e998fa16 |
| SHA512 | 70fa907afd9b52ed54a3cf755e394c40a3ff7a83041540b435cba47d889c1c9401afc9fb23a5e879d85bed42fd5df40cd7540d428b3ee7a9cdc278a314770884 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_00003f
| MD5 | 43dac252d21bddd2477439e023621c6c |
| SHA1 | a7a81cd955811fd15dad91f443e0880d7aa08d79 |
| SHA256 | fedd9610bd4c2237de2d9eebba3143424967690767ba25ca7ab369f7aab3bb4a |
| SHA512 | cc5aac6a7e47a0548ebc9a606eff04d175e1c76844160069bf4787349be6fe897cffd1444f9c00dddc214502ebd5a8ab97a1527d219679af894a28858de40fc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Cache\Cache_Data\f_00003e
| MD5 | 81b85b612431424f575bc416a58c6d19 |
| SHA1 | 277895db8d6791df179961b29908fc163ae765bd |
| SHA256 | f962714c038c33a1e0fcc23fe04e53c61d1a702f843f17937b63eab06f2b2181 |
| SHA512 | d2404bbf90fcea523bbaaed1203c6b5c232961bef0b1477c5abb382372432ac53b623cf26f6aaf3c159fba9c7a5c8fc2eef859fceb798ea364e74fcd4e605c58 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\2a53739ef6bc4461_0
| MD5 | 5bba52ad3e29a090bd61fedea90c6e64 |
| SHA1 | dc6d435f6cbaa73275df8ef57049191c4c61901f |
| SHA256 | d194e4fb9fabe498662ceea8e880d5193ecdcb03609f523b0c7d40cd6553c4a6 |
| SHA512 | c34fc36da2370a591a83560e2b0767475ca52a97b15b1b21afdc95025f8f486599c995d30ef1c153c9ac52043c5f1422f80de13671514600051d2f8b20006a9a |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\29ee49a9e002c15f_0
| MD5 | c4b9bc9bed21def075c6e7120cd9a43c |
| SHA1 | 220dac21a87b9de52c6db2c83d169702a5aed47f |
| SHA256 | f4b9fd4ac66bc97d17e90d3ac7b0b6638d2e5c158c46652db25e66e5dc59175f |
| SHA512 | 3858afa0618798e3c533011a64a36ca237756921d9480f6a88b41b8d5f020a711a5ab6345339c0d86cf481cb4a169d4954095bcfede12e27c39309d947b3a57b |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\286a1787eb6b73cf_0
| MD5 | 26470d89647b8b13651be185a9e91f7a |
| SHA1 | 327844c35e4435929f5bb85e45c5d5e5ba879fee |
| SHA256 | cde78e10c210bcddfb6092acf377a4fad1c0deda9d443d493ef363e68d79910d |
| SHA512 | 853cf705cfa68c1df80602b253739bd0b5e27f88a76470573e5b5514585739e75804bb5ec41da1f67d1f8fecc30ae322f03c1edc2f4475c25a8417b9814f6beb |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\3a3c8393d90e5773_0
| MD5 | d316dcd19efdee93e68879b62a6e9bf3 |
| SHA1 | e415a619a2b39d038e3304e9c163d500b12ed602 |
| SHA256 | 5131c4becc700845017848add833f396c65b4e073c7f08bdaf88e346d15c264f |
| SHA512 | 4caad6dfa1d18ec6a18dfab1a8c57f76fa44afd09e471f53fb40f9b7fd81dd6310812931830b230f0f53c2decd63fb04c515e4ff4c29fb60d2fc7b469013c952 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\50655a90f530f43b_0
| MD5 | ca246665a494ff99004db2c5d368a379 |
| SHA1 | 390ae8aa171eb7e1af5bd10cb6612924156c035c |
| SHA256 | f15a6699f642d9e7facdbc9bade12f24bdda57398a1bbd5b07cdc3cda77b1a70 |
| SHA512 | f6689c085cf8d3aa1631bf9139efdb53644256c62db15026bb7d40f2f410a396bdf102e80322d981d607781ff63945a8128c340f91482b13314ac5fa5383ae67 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\84ef792e97c5476a_0
| MD5 | 203432e25a5c8f36908195954aaddd3c |
| SHA1 | b641112489916e7c7712fc858ea1cefc39ae977c |
| SHA256 | 68e8bc29382223486846ce679efe41f8c869a053d49f784e42926a8b6fd63dc3 |
| SHA512 | 77ed92c3835010f5120b72bcd6b085cced993610dafb41cc0fd4c2e7d5938595eb00d101bfe9a6b731904529ad8338cf3b9483273dedcb3ced220da22640d48a |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\8ab58f91c3086001_0
| MD5 | 5d3d3c57f28d28503fb7c3c82fe43e53 |
| SHA1 | ed64aa3926a37a58124d3fd048fdafa89d8f5a06 |
| SHA256 | db72293904b44beefee830e1e18e0869a21da966f406ef721c69c8441ad1b04e |
| SHA512 | c1cd17cd02b4fd623d8218562c082350c403dd5c57e65c33b2ec0b9b3ebc0ab8800eaf34cd75f9402a2e996c74eedae07bfd6f93e150532fb5f6dea1de12fe95 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\91c0c0568eec2384_0
| MD5 | 68e41536fd18fe74d24788b486b94ca1 |
| SHA1 | 73649331a2736a65d48f26b25104703eca65f557 |
| SHA256 | ec0b6320eda3002e0cd335a548b617f373c1ef8a75efcddd0fea4d725defcde1 |
| SHA512 | ebb54c8eb823df4e0d8dd9c97c8b0def85b3ddcfc2e17f1315b32e24fe0c844deb7c51227c7a7dc87d902f9b930a18aa011fd466a8915f2653ce34fd6a42ee91 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\89911cb6f335fb55_0
| MD5 | 965c656d82b452d9e2be8ebf4e06c3f5 |
| SHA1 | 80f3accd58dc7d0d5fc99d57d043fa5c3f254bf1 |
| SHA256 | af5b8de6fb0b7148531a71a25bea5369c38099e9f67da59c5bd6ae4136b7f6b7 |
| SHA512 | d288be596be4381584f7da0ba1c77681c7dea05387e9545316d0ed493f58c964ecafda144ffccfb7effb8be4965084131180f821ea2f08c8af56eb31194acecc |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\ade44207b4253689_0
| MD5 | 971996a1b69eb7e0bb156979d4ae0da6 |
| SHA1 | d041e02831e1ddfa5ef00aa3bb039cd62ab1d757 |
| SHA256 | 721879608959443ab0e71849b31739462b20e42e2a52b4c9abc03ccb0a5b7db6 |
| SHA512 | 7c0505682aed9d6a5f8b8d18e9f9cb13d0ce444b2f0f96e7f250891568b8b8853874439934093e68bbad359e1bbe86f2a92609a503c1a2dc60f4e35a949f9c16 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\b55e27f8f44d80ba_0
| MD5 | bbb36d2e5acc25cead424d440bf8a144 |
| SHA1 | 064e3929a772f018636fffb6d954d655d4115c65 |
| SHA256 | 064c4a357a4d8e0f91609b93f378acae5d349b72b074df4f842b73072b0e8348 |
| SHA512 | 299c91a8152e5f3152cd1f540612bf215380bceaca5be79cb6149cb4b3866f312dd0df26bf53505a2f579d26da0a280017411db9b257aba22fbbb5052190709e |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\ebe10eab84535fd9_0
| MD5 | 3be257b7bdd3fa1b4bf42529c3a080f2 |
| SHA1 | ce618e034f0c813274d8d3f4c05d89e484a8c892 |
| SHA256 | 23e618257206b80f725bd4a67f214f64888d80f1370ef1e61401d81145d603dc |
| SHA512 | 184ffe4f3e2b88fb12e35ccad2ad409a666ab1232ebeeea18681ef333c7d354a3a2e620ec26047403ea41961f4b7ff1d8452dc30f2345de6269b220dee32bddc |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\f66233e72c393c10_0
| MD5 | 7fc77d111b1823361f1f14281937d7c5 |
| SHA1 | 8a98664402b7af97863017d9c94220ec2ccbccf3 |
| SHA256 | e663fd6511213033620deb63782c26b2978e8a2d8904eb8fe5677a36a98394d5 |
| SHA512 | 97011d59a5b7be518ce6b28985dbea3025a8c4b2974dd6256f79c7071fee10ddec063966cd636895ece27cb5f2796bb8c96818de8064c3e8f99de227609eb765 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\f7f4848d5ac56948_0
| MD5 | 8ca92925b04de69fdc3fcc3b9f725b99 |
| SHA1 | 62232be6380aad91ac633b07da8171788cc275d0 |
| SHA256 | 8c494518863e8b71951efaa196b51edfa557087490231a9216efb44f808f878d |
| SHA512 | 01a0f1e1cd6c1a8db9e4f3ec8a44be003253f344be65f74dfcc8599532ce1ba75823e7bb6b9bbcbcd67977823fb9c0b0c5b32c8377d26c7669435ae404a71567 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\fb9846e0ec264d61_0
| MD5 | 9e87c9a2a91299c60e8a44f12007f8b4 |
| SHA1 | ff2c07a8784342dc1bd63befaef6c3547af01d1f |
| SHA256 | eeb53af9734f6eb76320a26e40e296f616ea0301176774e80bd0a12ac0d1c9c5 |
| SHA512 | 998210fecd9c13bdfe417b57e0c42c842f5c51c74fa6f8b7621f2d5b7ce719f887dcbbfb9462124d9f5bd5b32cd05801b3acb9aa97bcf321d0db1ffde1709558 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Extension State\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Service Worker\CacheStorage\8df60a66d15fa45372a51dad7bb44d513b0038b8\d1293963-a890-4e86-9f3b-9fc3189e1392\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_1
| MD5 | 11840c6c803c00ad31fd4890c5d16460 |
| SHA1 | 0a95eed3f4f9399999df56e98fec48275c9f22ea |
| SHA256 | 089afc28695494bcd13802fcf13f4e1f9eae134fe2a41c299f2d072cbb8d1e42 |
| SHA512 | 20b3e75afedf319d8adad0182f369692e45fdad3fd044b7f47fd4b3988fa78c3f1cdb4059274be10b91022e643fb31a2e5060cecb3381be1df39b2ae94bd5c59 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ec7568123e3bee98a389e115698dffeb |
| SHA1 | 1542627dbcbaf7d93fcadb771191f18c2248238c |
| SHA256 | 5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75 |
| SHA512 | 4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ff680be7-50fb-408c-8ef1-233d287b4729.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73f6c3d3cd522cc27ed592ada5e274f4 |
| SHA1 | 86772fe2c6020afcec8b72dc0f5cee1c1d1797d5 |
| SHA256 | f30a1dcb167269480de0b4dc9488981dd6f32d72d0306546c04a6c33d92f1c32 |
| SHA512 | 2f3f541408df9e8f718b746ff09c1f396ca2fe4416a35278b125a1cbd272913f75565eccc76ab6769a4bd9a866b6c4c44e00878b328303f84f0c0c1c53a608b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4a33227d6ffa49b09974706930926260 |
| SHA1 | b94e5562793fab669c777be0abd9a02ffd1daa44 |
| SHA256 | 97868f1256c7dccdd67369c7772d9748a8e9c82a2b5d2818ea88121ad8cdec27 |
| SHA512 | 50eb1df0e556f045786368a268ca9a873f237098fc10c98b8005656204822d657fa9131bc28cc8582df4d66f50f3c81e58faee453ec550be8a2fa0ba9ef6e852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | a1c47aa8dc34db83e2463cf7fef67c2f |
| SHA1 | 5a0c62983f89f5397a32645fd53633af31bdd59b |
| SHA256 | 69ce53123ec5f719fb68dedef909c9326db38afb9622bc592432a7f49b9a0e12 |
| SHA512 | cbe0542bb394f9ce5656f024539c7b1674e122220537d53c0c6d4da245bea95cf6e83fd83ced94b3f15eb1f39daee5faf87af3cc69c46bac756665d5e739bfd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e39bc8c9-f0a0-4808-941c-84c7cbe894d6.tmp
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbef2fed614c8bbeb6fa52bb4ce9747b |
| SHA1 | d278bafc1e9fef866c1201e0511e8aed1309d37f |
| SHA256 | 65a2a5bca260e94bd226080d75d4c27df8a6bac963d6d01d54a61b3f9d67fd0d |
| SHA512 | 392180a9c4d6bb97851b173e12be8603fe2eed1fabe99ad9799391d990cffb96465165bdda8e369464818a8268d62e0174686aa7527d4b4bcc34aa99158c9ec9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
| MD5 | dcc6e79fd97930ec02904f20acc55d0a |
| SHA1 | e9475a1fa9743e02971d51cf0eece6fb8147fa2a |
| SHA256 | 41b56812ef0228b762fc6f810f4960241ca147c4721afa837ad0bf6044e53c57 |
| SHA512 | 3d9d681b852e657d603b0d8987b107d4d4a89a55e3b8d08c39f7655b023dd20ced3b46abd4c223bd98067ec6302559a94128dbf4c2e48c2d217a1b4fd095ed57 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | bdcaaa7a19930c5ca102eb59266f69cf |
| SHA1 | 2c06d71f0ac0bce57e3cdee14d9215c10afdc08b |
| SHA256 | 4f7073841583b71a934e0c18125d79216f668eaea9ae5266a98b26f347c2882b |
| SHA512 | 9a042f3d7da86147da880997522340a09c19e43d66ad34fe11f4c507b2639db3ac0483f0a0800cbb4ec95be8680e41adfd07661263bb8f790f350abe8bc7ddba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
| MD5 | 8ad45277688e468640daeb58e2c92612 |
| SHA1 | 99023c4f1abb796cf000d5e4d7177458810bc712 |
| SHA256 | 5b0d6170f5263e908912cecca94722e400f068c0187bef057ffb32fb2d3513c3 |
| SHA512 | 0ab264da71d751d00531d260472030eb5c2799c37b14ea0927e1ed53e1d5f2255d0ac12a849f9bf2c2cbaea1a60ae95f9ab4ab47bc47acb45041ede6325b1395 |
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_EB0BA4CC3740425A8D9702F71BEE7362.dat
| MD5 | 69f121c558b04b37ae0c8adb52c94463 |
| SHA1 | 66683e11ab2a8683017447f38828a64dba598b4d |
| SHA256 | ac8e064441854fc47efe902d7f6de9f6ffaa5c8ad133af4ccf551a678368b796 |
| SHA512 | 2dbac8432dc13ab59a41f623db8cfbb40511e6b60da1b42e319efaff2977a1ca185231e164cf51564ff4fae33a1ad79e6be9606003266e818d7ff3326a08b6c7 |
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\login_data_db
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |