Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.upload.e...

windows11-21h2-x64

10

Analysis

  • max time kernel
    908s
  • max time network
    913s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-04-2024 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.upload.ee/files/16472471/XWorm_V5.6.rar.html

Score
10/10
xenarmorxwormcollectionpasswordpersistenceransomwareratrecoveryspywarestealertrojanupx

Malware Config

Signatures

  • Detect Xworm Payload 35 IoCs
  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Downloads MZ/PE file
  • .NET Reactor proctector 35 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • ACProtect 1.3x - 1.4x DLL software 5 IoCs

    Detects file using ACProtect software.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 35 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

    spywarestealer
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Uses the VBS compiler for execution 1 TTPs
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 2 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 4 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Delays execution with timeout.exe 7 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 7 IoCs
  • Suspicious behavior: AddClipboardFormatListener 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs
  • Suspicious use of AdjustPrivilegeToken 47 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 31 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/files/16472471/XWorm_V5.6.rar.html
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa9103cb8,0x7ffaa9103cc8,0x7ffaa9103cd8
      2⤵
        PID:2640
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
        2⤵
          PID:1880
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2080
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
          2⤵
            PID:1828
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:2288
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
              2⤵
                PID:3108
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                2⤵
                  PID:2444
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
                  2⤵
                    PID:1560
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
                    2⤵
                      PID:1940
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
                      2⤵
                        PID:1012
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
                        2⤵
                          PID:1208
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
                          2⤵
                            PID:2740
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                            2⤵
                              PID:788
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
                              2⤵
                                PID:476
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                                2⤵
                                  PID:3892
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                                  2⤵
                                    PID:2384
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                                    2⤵
                                      PID:1420
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7188 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:5000
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:720
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                                      2⤵
                                        PID:4848
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
                                        2⤵
                                          PID:1088
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
                                          2⤵
                                            PID:3316
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
                                            2⤵
                                              PID:1524
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                                              2⤵
                                                PID:2484
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
                                                2⤵
                                                  PID:4112
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
                                                  2⤵
                                                    PID:2968
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                                                    2⤵
                                                      PID:3300
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
                                                      2⤵
                                                        PID:1992
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
                                                        2⤵
                                                          PID:652
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
                                                          2⤵
                                                            PID:3504
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 /prefetch:8
                                                            2⤵
                                                            • NTFS ADS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:4112
                                                          • C:\Program Files\7-Zip\7zFM.exe
                                                            "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm_V5.6.rar"
                                                            2⤵
                                                            • NTFS ADS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:1268
                                                            • C:\Users\Admin\AppData\Local\Temp\7zO4F438528\XwormLoader.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\7zO4F438528\XwormLoader.exe"
                                                              3⤵
                                                              • Executes dropped EXE
                                                              PID:4760
                                                              • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Drops file in Windows directory
                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:3240
                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\svchost.exe'
                                                                  5⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:4704
                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                  5⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:476
                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\svchost.exe'
                                                                  5⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:4532
                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                  5⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:1336
                                                                • C:\Windows\System32\schtasks.exe
                                                                  "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\ProgramData\svchost.exe"
                                                                  5⤵
                                                                  • Creates scheduled task(s)
                                                                  PID:5028
                                                                • C:\Windows\svchost.exe
                                                                  "C:\Windows\svchost.exe"
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Adds Run key to start application
                                                                  • Suspicious use of SetThreadContext
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:3932
                                                                  • C:\Windows\svchost.exe
                                                                    "C:\Windows\svchost.exe"
                                                                    6⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious behavior: AddClipboardFormatListener
                                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:3000
                                                                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Windows\svchost.exe'
                                                                      7⤵
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:3108
                                                                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                      7⤵
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:3760
                                                                    • C:\Users\Admin\AppData\Local\Temp\jsdilr.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\jsdilr.exe"
                                                                      7⤵
                                                                      • Executes dropped EXE
                                                                      • Adds Run key to start application
                                                                      • Suspicious use of SetThreadContext
                                                                      PID:4364
                                                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\MSBuild.exe"
                                                                        8⤵
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:244
                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                          "C:\Windows\System32\cmd.exe" /c Cd %temp% && All-In-One.exe OutPut.json
                                                                          9⤵
                                                                            PID:2868
                                                                            • C:\Users\Admin\AppData\Local\Temp\All-In-One.exe
                                                                              All-In-One.exe OutPut.json
                                                                              10⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Accesses Microsoft Outlook accounts
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:2292
                                                                  • C:\Windows\System32\schtasks.exe
                                                                    "C:\Windows\System32\schtasks.exe" /delete /f /tn "svchost"
                                                                    5⤵
                                                                      PID:2084
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp1DDB.tmp.bat""
                                                                      5⤵
                                                                        PID:328
                                                                        • C:\Windows\system32\timeout.exe
                                                                          timeout 3
                                                                          6⤵
                                                                          • Delays execution with timeout.exe
                                                                          PID:3176
                                                                    • C:\Users\Admin\AppData\Local\Temp\7zO4F438528\Xworm V5.6.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\7zO4F438528\Xworm V5.6.exe"
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      PID:4796
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp80D3.tmp.bat""
                                                                      4⤵
                                                                        PID:2208
                                                                        • C:\Windows\system32\timeout.exe
                                                                          timeout 3
                                                                          5⤵
                                                                          • Delays execution with timeout.exe
                                                                          PID:2580
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9990385180260435208,14557995677096729982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6300 /prefetch:2
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:2748
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:3608
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:1360
                                                                    • C:\ProgramData\svchost.exe
                                                                      C:\ProgramData\svchost.exe
                                                                      1⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:4880
                                                                    • C:\Windows\System32\rundll32.exe
                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                      1⤵
                                                                        PID:1668
                                                                      • C:\Users\Admin\Downloads\XwormLoader.exe
                                                                        "C:\Users\Admin\Downloads\XwormLoader.exe"
                                                                        1⤵
                                                                        • Executes dropped EXE
                                                                        PID:1012
                                                                        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                                          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:4128
                                                                        • C:\Users\Admin\Downloads\Xworm V5.6.exe
                                                                          "C:\Users\Admin\Downloads\Xworm V5.6.exe"
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          PID:2448
                                                                        • C:\Windows\system32\cmd.exe
                                                                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpE27B.tmp.bat""
                                                                          2⤵
                                                                            PID:4828
                                                                            • C:\Windows\system32\timeout.exe
                                                                              timeout 3
                                                                              3⤵
                                                                              • Delays execution with timeout.exe
                                                                              PID:3200
                                                                        • C:\Users\Admin\Downloads\Xworm V5.6.exe
                                                                          "C:\Users\Admin\Downloads\Xworm V5.6.exe"
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          PID:4960
                                                                        • C:\Users\Admin\Downloads\Xworm V5.6.exe
                                                                          "C:\Users\Admin\Downloads\Xworm V5.6.exe"
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          PID:3968
                                                                        • C:\Users\Admin\Downloads\Xworm V5.6.exe
                                                                          "C:\Users\Admin\Downloads\Xworm V5.6.exe"
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          PID:1528
                                                                        • C:\Users\Admin\Downloads\Xworm V5.6.exe
                                                                          "C:\Users\Admin\Downloads\Xworm V5.6.exe"
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          PID:496
                                                                        • C:\Users\Admin\Downloads\Xworm V5.6.exe
                                                                          "C:\Users\Admin\Downloads\Xworm V5.6.exe"
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          PID:4300
                                                                        • C:\ProgramData\svchost.exe
                                                                          C:\ProgramData\svchost.exe
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:2300
                                                                        • C:\Users\Admin\Downloads\Xworm V5.6.exe
                                                                          "C:\Users\Admin\Downloads\Xworm V5.6.exe"
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          PID:4656
                                                                        • C:\ProgramData\svchost.exe
                                                                          C:\ProgramData\svchost.exe
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:4388
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                          1⤵
                                                                          • Enumerates system info in registry
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                          PID:1008
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa9103cb8,0x7ffaa9103cc8,0x7ffaa9103cd8
                                                                            2⤵
                                                                              PID:4608
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2
                                                                              2⤵
                                                                                PID:2672
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:1084
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
                                                                                2⤵
                                                                                  PID:4660
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                                                                                  2⤵
                                                                                    PID:696
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
                                                                                    2⤵
                                                                                      PID:4444
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
                                                                                      2⤵
                                                                                        PID:1560
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
                                                                                        2⤵
                                                                                          PID:1644
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
                                                                                          2⤵
                                                                                            PID:4524
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                                                                                            2⤵
                                                                                              PID:3144
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
                                                                                              2⤵
                                                                                                PID:3216
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:1224
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3992 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:2184
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3468 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:1736
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:3136
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:840
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:2092
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:2456
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:4944
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:4908
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6256 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:3372
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:3892
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:4052
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:4580
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
                                                                                                                          2⤵
                                                                                                                          • NTFS ADS
                                                                                                                          PID:4104
                                                                                                                        • C:\Users\Admin\Downloads\winrar-x64-700.exe
                                                                                                                          "C:\Users\Admin\Downloads\winrar-x64-700.exe"
                                                                                                                          2⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                          PID:3136
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:4528
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:3208
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:4948
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:3428
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6844 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:2308
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:3464
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7216 /prefetch:2
                                                                                                                                      2⤵
                                                                                                                                        PID:864
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6769768557029599477,1471844175606750816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:1536
                                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                        1⤵
                                                                                                                                          PID:2704
                                                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                          1⤵
                                                                                                                                            PID:3368
                                                                                                                                          • C:\Users\Admin\Downloads\Xworm V5.6.exe
                                                                                                                                            "C:\Users\Admin\Downloads\Xworm V5.6.exe"
                                                                                                                                            1⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            PID:3220
                                                                                                                                          • C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                            "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm_V5.6.rar"
                                                                                                                                            1⤵
                                                                                                                                            • NTFS ADS
                                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                                            PID:1500
                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zOCD5A604B\Fixer.bat" "
                                                                                                                                              2⤵
                                                                                                                                                PID:1240
                                                                                                                                                • C:\Windows\system32\lodctr.exe
                                                                                                                                                  lodctr /r
                                                                                                                                                  3⤵
                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                  PID:328
                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\7zOCD581F9B\XwormLoader.exe
                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\7zOCD581F9B\XwormLoader.exe"
                                                                                                                                                2⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                PID:3196
                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                                                                                                                  3⤵
                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                  PID:2600
                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\7zOCD581F9B\Xworm V5.6.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\7zOCD581F9B\Xworm V5.6.exe"
                                                                                                                                                  3⤵
                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                  PID:3460
                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpB7F2.tmp.bat""
                                                                                                                                                  3⤵
                                                                                                                                                    PID:4632
                                                                                                                                                    • C:\Windows\system32\timeout.exe
                                                                                                                                                      timeout 3
                                                                                                                                                      4⤵
                                                                                                                                                      • Delays execution with timeout.exe
                                                                                                                                                      PID:4376
                                                                                                                                              • C:\ProgramData\svchost.exe
                                                                                                                                                C:\ProgramData\svchost.exe
                                                                                                                                                1⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                PID:3032
                                                                                                                                              • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
                                                                                                                                                1⤵
                                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                PID:4380
                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                1⤵
                                                                                                                                                  PID:1020
                                                                                                                                                • C:\ProgramData\svchost.exe
                                                                                                                                                  C:\ProgramData\svchost.exe
                                                                                                                                                  1⤵
                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                  PID:332
                                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                                                                                                  1⤵
                                                                                                                                                    PID:332
                                                                                                                                                  • C:\Windows\system32\werfault.exe
                                                                                                                                                    werfault.exe /h /shared Global\7d7a7ea3e3d3425faa954516f5491cfd /t 5020 /p 3136
                                                                                                                                                    1⤵
                                                                                                                                                      PID:2316
                                                                                                                                                    • C:\Users\Admin\Downloads\Xworm V5.6.exe
                                                                                                                                                      "C:\Users\Admin\Downloads\Xworm V5.6.exe"
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      PID:2132
                                                                                                                                                    • C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                                      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm_V5.6.zip\XWorm_V5.6.rar"
                                                                                                                                                      1⤵
                                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                      PID:3644
                                                                                                                                                    • C:\Users\Admin\Desktop\XWorm V5.6\XwormLoader.exe
                                                                                                                                                      "C:\Users\Admin\Desktop\XWorm V5.6\XwormLoader.exe"
                                                                                                                                                      1⤵
                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                      PID:2260
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                        PID:3776
                                                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\svchost.exe'
                                                                                                                                                          3⤵
                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                          PID:2128
                                                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                                                                                                          3⤵
                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                          PID:1244
                                                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\svchost.exe'
                                                                                                                                                          3⤵
                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                          PID:1712
                                                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                                                                                                          3⤵
                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                          PID:3984
                                                                                                                                                        • C:\Windows\System32\schtasks.exe
                                                                                                                                                          "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\ProgramData\svchost.exe"
                                                                                                                                                          3⤵
                                                                                                                                                          • Creates scheduled task(s)
                                                                                                                                                          PID:2736
                                                                                                                                                        • C:\Windows\System32\schtasks.exe
                                                                                                                                                          "C:\Windows\System32\schtasks.exe" /delete /f /tn "svchost"
                                                                                                                                                          3⤵
                                                                                                                                                            PID:2524
                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp490D.tmp.bat""
                                                                                                                                                            3⤵
                                                                                                                                                              PID:4492
                                                                                                                                                              • C:\Windows\system32\timeout.exe
                                                                                                                                                                timeout 3
                                                                                                                                                                4⤵
                                                                                                                                                                • Delays execution with timeout.exe
                                                                                                                                                                PID:424
                                                                                                                                                          • C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe
                                                                                                                                                            "C:\Users\Admin\Desktop\XWorm V5.6\Xworm V5.6.exe"
                                                                                                                                                            2⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                            • Modifies registry class
                                                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                            PID:3200
                                                                                                                                                            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                                                                                                                                                              "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xgcxmriq\xgcxmriq.cmdline"
                                                                                                                                                              3⤵
                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                              PID:1952
                                                                                                                                                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8224.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc349136A9F82B477E9737A5132D94B36D.TMP"
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:2384
                                                                                                                                                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                                                                                                                                                                "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nedjtgp1\nedjtgp1.cmdline"
                                                                                                                                                                3⤵
                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                PID:1280
                                                                                                                                                                • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES66B8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2176616E33674006A58C433F493EE497.TMP"
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:3456
                                                                                                                                                                • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                                                                                                                                                                  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nourm0l5\nourm0l5.cmdline"
                                                                                                                                                                  3⤵
                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                  PID:1252
                                                                                                                                                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCEF3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc413A5C9DD4F24F8F9C4CE1E137EC68BB.TMP"
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:4644
                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpEB9B.tmp.bat""
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:5000
                                                                                                                                                                    • C:\Windows\system32\timeout.exe
                                                                                                                                                                      timeout 3
                                                                                                                                                                      3⤵
                                                                                                                                                                      • Delays execution with timeout.exe
                                                                                                                                                                      PID:432
                                                                                                                                                                • C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                                                                                                  C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:5020
                                                                                                                                                                  • C:\ProgramData\svchost.exe
                                                                                                                                                                    C:\ProgramData\svchost.exe
                                                                                                                                                                    1⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                    PID:3904
                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\svchost.exe'
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                      PID:3948
                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                      PID:3452
                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\svchost.exe'
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                      PID:1764
                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                      PID:4300
                                                                                                                                                                    • C:\Windows\System32\schtasks.exe
                                                                                                                                                                      "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\ProgramData\svchost.exe"
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Creates scheduled task(s)
                                                                                                                                                                      PID:3368
                                                                                                                                                                    • C:\Windows\System32\schtasks.exe
                                                                                                                                                                      "C:\Windows\System32\schtasks.exe" /delete /f /tn "svchost"
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:2128
                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp88C5.tmp.bat""
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:3416
                                                                                                                                                                          • C:\Windows\system32\timeout.exe
                                                                                                                                                                            timeout 3
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Delays execution with timeout.exe
                                                                                                                                                                            PID:1876
                                                                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                                                                        C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:3424
                                                                                                                                                                        • C:\Users\Admin\Downloads\XClient.exe
                                                                                                                                                                          "C:\Users\Admin\Downloads\XClient.exe"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Drops startup file
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                          • Sets desktop wallpaper using registry
                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                          PID:4076
                                                                                                                                                                          • C:\Windows\System32\schtasks.exe
                                                                                                                                                                            "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "b3ddoser" /tr "C:\Users\Admin\AppData\Roaming\b3ddoser"
                                                                                                                                                                            2⤵
                                                                                                                                                                            • Creates scheduled task(s)
                                                                                                                                                                            PID:4528
                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:4780
                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffaa9103cb8,0x7ffaa9103cc8,0x7ffaa9103cd8
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:1224
                                                                                                                                                                            • C:\Users\Admin\Downloads\XClient.exe
                                                                                                                                                                              "C:\Users\Admin\Downloads\XClient.exe"
                                                                                                                                                                              1⤵
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                              PID:2292
                                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\b3ddoser
                                                                                                                                                                              C:\Users\Admin\AppData\Roaming\b3ddoser
                                                                                                                                                                              1⤵
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                              PID:3300
                                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\b3ddoser
                                                                                                                                                                              C:\Users\Admin\AppData\Roaming\b3ddoser
                                                                                                                                                                              1⤵
                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                              PID:3632

                                                                                                                                                                            Network

                                                                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                                                                            Replay Monitor

                                                                                                                                                                            Loading Replay Monitor...

                                                                                                                                                                            Downloads

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\XwormLoader.exe.log
                                                                                                                                                                              Filesize

                                                                                                                                                                              319B

                                                                                                                                                                              MD5

                                                                                                                                                                              82c1bb763e0f5d2b70f5a2a9ac82eb91

                                                                                                                                                                              SHA1

                                                                                                                                                                              5ac7452517917fff3fc88ea302e539696ac8e61c

                                                                                                                                                                              SHA256

                                                                                                                                                                              fcc4f091cbe230c3546b92443fc83002101bb8d46b393ea61c7f3633832f15fa

                                                                                                                                                                              SHA512

                                                                                                                                                                              b6808ad459c9b3580bc2b61bc2b71186916a2de34691c97e432cd9716aa3ae67871ac015a2299d8b825b79155d8d714cf7f2260fdbb709d76bca37942c627bf0

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              627073ee3ca9676911bee35548eff2b8

                                                                                                                                                                              SHA1

                                                                                                                                                                              4c4b68c65e2cab9864b51167d710aa29ebdcff2e

                                                                                                                                                                              SHA256

                                                                                                                                                                              85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

                                                                                                                                                                              SHA512

                                                                                                                                                                              3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svchost.exe.log
                                                                                                                                                                              Filesize

                                                                                                                                                                              654B

                                                                                                                                                                              MD5

                                                                                                                                                                              2cbbb74b7da1f720b48ed31085cbd5b8

                                                                                                                                                                              SHA1

                                                                                                                                                                              79caa9a3ea8abe1b9c4326c3633da64a5f724964

                                                                                                                                                                              SHA256

                                                                                                                                                                              e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3

                                                                                                                                                                              SHA512

                                                                                                                                                                              ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                              Filesize

                                                                                                                                                                              152B

                                                                                                                                                                              MD5

                                                                                                                                                                              7bea0f508971405600ec62102b0b821b

                                                                                                                                                                              SHA1

                                                                                                                                                                              087fe4520987f512364cec5c523b6b29d9c36bbb

                                                                                                                                                                              SHA256

                                                                                                                                                                              fee6ee1b1f8e741dbad62add0bdf396dc4acbd0c486be12382b0c065579e6b70

                                                                                                                                                                              SHA512

                                                                                                                                                                              6208ff0ca29b7b747b7d82c5c4deb43f0a2ebf539d2c58987ab18382eff21b706c5bb2aa597ee617716310c6e648456d3f151d9d3ed78a1dd2be13a54b364c1d

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                              Filesize

                                                                                                                                                                              152B

                                                                                                                                                                              MD5

                                                                                                                                                                              c9a6fb74aa1d29cfb0033c26d1b8e146

                                                                                                                                                                              SHA1

                                                                                                                                                                              0d821bba1975da8fbad900dea0a43960643f9a44

                                                                                                                                                                              SHA256

                                                                                                                                                                              7bd56093477f1e17114eafd35288dbe76d410616cb09fad47e8d6a3ad35d806a

                                                                                                                                                                              SHA512

                                                                                                                                                                              6db04f427ada78642e5918b355ea73f1aa504d2735073d26d2bf588cece0daf1118fe0d3b892689598c45c7223a53e0467cbba5f0f5e4858187b28f956aaece2

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                              Filesize

                                                                                                                                                                              152B

                                                                                                                                                                              MD5

                                                                                                                                                                              ec7568123e3bee98a389e115698dffeb

                                                                                                                                                                              SHA1

                                                                                                                                                                              1542627dbcbaf7d93fcadb771191f18c2248238c

                                                                                                                                                                              SHA256

                                                                                                                                                                              5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

                                                                                                                                                                              SHA512

                                                                                                                                                                              4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
                                                                                                                                                                              Filesize

                                                                                                                                                                              67KB

                                                                                                                                                                              MD5

                                                                                                                                                                              d2d55f8057f8b03c94a81f3839b348b9

                                                                                                                                                                              SHA1

                                                                                                                                                                              37c399584539734ff679e3c66309498c8b2dd4d9

                                                                                                                                                                              SHA256

                                                                                                                                                                              6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

                                                                                                                                                                              SHA512

                                                                                                                                                                              7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              MD5

                                                                                                                                                                              d6b36c7d4b06f140f860ddc91a4c659c

                                                                                                                                                                              SHA1

                                                                                                                                                                              ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                                                                                                                              SHA256

                                                                                                                                                                              34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                                                                                                                              SHA512

                                                                                                                                                                              2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
                                                                                                                                                                              Filesize

                                                                                                                                                                              35KB

                                                                                                                                                                              MD5

                                                                                                                                                                              786d29ac69180555a37e07c36b4504e7

                                                                                                                                                                              SHA1

                                                                                                                                                                              a1950b38546c4d5582715058d2b523580ab75a71

                                                                                                                                                                              SHA256

                                                                                                                                                                              ac07d7137b93ab08baac4eba722210a729ce4ce6600c5c7eb5c5049bd341e117

                                                                                                                                                                              SHA512

                                                                                                                                                                              53b3bd579afac1fc271d21b2ec5369642410004163662d96a562a4b1be95ed8fa189c675fdea12912d1904d7693444f4f5f1df72c7b2cb08ebbe9e74ca1678dc

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
                                                                                                                                                                              Filesize

                                                                                                                                                                              63KB

                                                                                                                                                                              MD5

                                                                                                                                                                              710d7637cc7e21b62fd3efe6aba1fd27

                                                                                                                                                                              SHA1

                                                                                                                                                                              8645d6b137064c7b38e10c736724e17787db6cf3

                                                                                                                                                                              SHA256

                                                                                                                                                                              c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

                                                                                                                                                                              SHA512

                                                                                                                                                                              19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
                                                                                                                                                                              Filesize

                                                                                                                                                                              19KB

                                                                                                                                                                              MD5

                                                                                                                                                                              2e86a72f4e82614cd4842950d2e0a716

                                                                                                                                                                              SHA1

                                                                                                                                                                              d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                                                                                                              SHA256

                                                                                                                                                                              c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                                                                                                              SHA512

                                                                                                                                                                              7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
                                                                                                                                                                              Filesize

                                                                                                                                                                              88KB

                                                                                                                                                                              MD5

                                                                                                                                                                              b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                                                                                                              SHA1

                                                                                                                                                                              386ba241790252df01a6a028b3238de2f995a559

                                                                                                                                                                              SHA256

                                                                                                                                                                              b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                                                                                                              SHA512

                                                                                                                                                                              546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a
                                                                                                                                                                              Filesize

                                                                                                                                                                              1.1MB

                                                                                                                                                                              MD5

                                                                                                                                                                              4aa32374606cca47f1cc7f0c9f4afa93

                                                                                                                                                                              SHA1

                                                                                                                                                                              7d7dedb3e23b5c5d8608ee9fea570806873f3538

                                                                                                                                                                              SHA256

                                                                                                                                                                              667571588960cbdca04cf7842cc1e06ae0abbb73fc3e4bf1f501ce6d01920519

                                                                                                                                                                              SHA512

                                                                                                                                                                              68309d5c866c958ef8d490e9e00876eada4b4b6bebac22147b245140893b989a4fe85f71d3bac06c57dca3767116478ddc02f74ec6068271d27393c650874380

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
                                                                                                                                                                              Filesize

                                                                                                                                                                              217KB

                                                                                                                                                                              MD5

                                                                                                                                                                              876a8491f9caeebd660bdd7c9522ea70

                                                                                                                                                                              SHA1

                                                                                                                                                                              7acaf6272f9e65ba0b691047184e16d89de10baf

                                                                                                                                                                              SHA256

                                                                                                                                                                              e08a8ae9e345c9cb60b7d0d12e47dae88fa3363d9ed44105bd2dd20096d174e9

                                                                                                                                                                              SHA512

                                                                                                                                                                              3f2d1297c007ccfd2d81c5b06798d59d4c5a3c6d7ddd69fb846c1a64dfbcf6ec623e62442f74c9e0b8388544154e60590b33381abec1ce26a231dae4c9c8795e

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b
                                                                                                                                                                              Filesize

                                                                                                                                                                              47KB

                                                                                                                                                                              MD5

                                                                                                                                                                              045937268a2acced894a9996af39f816

                                                                                                                                                                              SHA1

                                                                                                                                                                              dfbdbd744565fdc5722a2e5a96a55c881b659ed4

                                                                                                                                                                              SHA256

                                                                                                                                                                              cc05f08525e5eaf762d1c1c66bef78dec5f3517cf6f7e86e89368c6d4a1ef0cf

                                                                                                                                                                              SHA512

                                                                                                                                                                              71a025a421384ed1e88d0c5ffadc6450a9e1efd827fe929f5ef447d2901cd87572fccf13dfa8b2706c9fab8160163e3a0c80bfe1ab49d63ffbbcb0e4e591a84f

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c
                                                                                                                                                                              Filesize

                                                                                                                                                                              789KB

                                                                                                                                                                              MD5

                                                                                                                                                                              0f49bb1b91100dfca4aa9527f09cb7fd

                                                                                                                                                                              SHA1

                                                                                                                                                                              1a9d1c5eeda4abcaa18694e5f0694e69ed13d147

                                                                                                                                                                              SHA256

                                                                                                                                                                              a8fc1cc23aaf6985814a81e2dc22ceb156cdaefc038374fafac1969b24e73c78

                                                                                                                                                                              SHA512

                                                                                                                                                                              7315d44ab0de3824fc228a9cc9b5249a548782872cc563db561a9a818d52a5f38293cd351f536984a2170cdcefafe8a0d6969ed1b6a8e3fbafd20c6bd363b628

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d
                                                                                                                                                                              Filesize

                                                                                                                                                                              33KB

                                                                                                                                                                              MD5

                                                                                                                                                                              b54a39d6949bfe6bae0d402cd2d80dc5

                                                                                                                                                                              SHA1

                                                                                                                                                                              9ac1ce7c7c0caec4e371059ac428068ce8376339

                                                                                                                                                                              SHA256

                                                                                                                                                                              6d26dfbcb723f0af3c891e9e45186deccb0f7e710106a379464c6f153792f792

                                                                                                                                                                              SHA512

                                                                                                                                                                              d86ac61ccc0a23d18594a8a7e8e444de4838fe1b7cfeea01ace66c91da139bedf811f5d1d5732c7da88a352af6b845f25bb87fc5a130ddf7450fd6d6b4146b6e

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
                                                                                                                                                                              Filesize

                                                                                                                                                                              32KB

                                                                                                                                                                              MD5

                                                                                                                                                                              551ade422b4afa7edad7ba0bc04f1dc6

                                                                                                                                                                              SHA1

                                                                                                                                                                              c32ae39cedb7e9e32f22c50b324a75fda421782b

                                                                                                                                                                              SHA256

                                                                                                                                                                              5b6abbd8e50b39c120fdaa80ee860e7a60170d9879a0438ade6a590da7493f63

                                                                                                                                                                              SHA512

                                                                                                                                                                              cbca8af71ad839c482ab0ff29eb9e2f0f67dba13af46023aeed9c81f0831eba342a8f026eac92665310c9b73d21c266be79f2c8b00cbe895cac33c6dc65f411e

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              6f67e5c9b3406488064d66f0228e7b20

                                                                                                                                                                              SHA1

                                                                                                                                                                              759546632ce9355d3bae9d73866ce141ba83cb49

                                                                                                                                                                              SHA256

                                                                                                                                                                              95c7ea572e84619881eb9f34b01680c7969b432d8322bbe9ed57ac12be69f70f

                                                                                                                                                                              SHA512

                                                                                                                                                                              9c03742bc5640b257dcee3df6f13a51732bdce82905b7e5b7f3d98516b3ba2c36404d6d88118ee08ef57e143387e7984ed4497b5ea2c766fbfcce9701be66662

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                              Filesize

                                                                                                                                                                              1KB

                                                                                                                                                                              MD5

                                                                                                                                                                              b14ca4b97aaf0b22f90cd37945f71cca

                                                                                                                                                                              SHA1

                                                                                                                                                                              360a1ddd0ace854bfecc339d5fca9cd98e9c7d1f

                                                                                                                                                                              SHA256

                                                                                                                                                                              177487a6ec3d619e9b5f317949284ab19245c3a6d95b401459995c4c7ac5c51f

                                                                                                                                                                              SHA512

                                                                                                                                                                              32d799dea036c5988b5516832ef3a7e8760ec31a27295fb5525741aec4a45ba570c340d32a3a8d77aaf2d974efe889da0d13ad42ff7929fb9dfb1fcb253068e5

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                              Filesize

                                                                                                                                                                              1KB

                                                                                                                                                                              MD5

                                                                                                                                                                              f28127736efe10b2120ad152b6b79332

                                                                                                                                                                              SHA1

                                                                                                                                                                              dfa6135924ba56ae188b442e429017424e45976a

                                                                                                                                                                              SHA256

                                                                                                                                                                              4e25ecb3ca6f64137a9826a8b1b45283b6e895b6af87cf92fde4a18230774fc0

                                                                                                                                                                              SHA512

                                                                                                                                                                              d9d84b96a55e200c661450338f39485670e41b71679224f374ab915e7e07803bcc7b0821b4016493da11f662de2bb8cd7b7b6ad663dfa3748c866627877cdc02

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                              Filesize

                                                                                                                                                                              3KB

                                                                                                                                                                              MD5

                                                                                                                                                                              1335ef06e57d7f9ae2a5ee1e54a28ff6

                                                                                                                                                                              SHA1

                                                                                                                                                                              c13802d1970c871606e661299f509420c4ddb268

                                                                                                                                                                              SHA256

                                                                                                                                                                              c50838c3359b0b78cd03331e539b0e339d0f87d2fdf4389d1d0e83a27b0d2744

                                                                                                                                                                              SHA512

                                                                                                                                                                              9d6715d40d6fee258c3815e92a69760a9d93ef0ff816521fbb3ed3712615d7da9cbeaea3fa42b808f203226ea14127f4b3868402ad639f03abc14a35f8d72507

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT
                                                                                                                                                                              Filesize

                                                                                                                                                                              16B

                                                                                                                                                                              MD5

                                                                                                                                                                              46295cac801e5d4857d09837238a6394

                                                                                                                                                                              SHA1

                                                                                                                                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                              SHA256

                                                                                                                                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                              SHA512

                                                                                                                                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                              Filesize

                                                                                                                                                                              6KB

                                                                                                                                                                              MD5

                                                                                                                                                                              560dce05d52e01a4d3723c0423d58659

                                                                                                                                                                              SHA1

                                                                                                                                                                              971e49d862eb58535acebc937eed22ce2604b7e0

                                                                                                                                                                              SHA256

                                                                                                                                                                              47db9bfd484e872b8072e9ac80071104f61236902b82bba7fd7393b07133131b

                                                                                                                                                                              SHA512

                                                                                                                                                                              ffad147c2ab1ed2af422fd2c6daecbd1b3935aec0374d12ad5a4d6365c052f887cfc94808ad3ddb6c9123fdd31708eeea0272f16db632b436ef4e4dde6d25377

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                              Filesize

                                                                                                                                                                              3KB

                                                                                                                                                                              MD5

                                                                                                                                                                              09e0fdd0589c1a877e2e27ea91bf8d35

                                                                                                                                                                              SHA1

                                                                                                                                                                              4c225c8984fc5360be0132b6896abdc02061a997

                                                                                                                                                                              SHA256

                                                                                                                                                                              f40f2f206e586c31683054c89299c162b13461019e8d27e14bb4e176229f56e1

                                                                                                                                                                              SHA512

                                                                                                                                                                              e6893f00fd33eeb03075a1ed1f7a9b57ec23cf5d7dfaeeb9564201c30431b280a074854c50466972ce46b1fe4b2251d344257cc757f464ac45fce5866af1bb85

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                              Filesize

                                                                                                                                                                              111B

                                                                                                                                                                              MD5

                                                                                                                                                                              285252a2f6327d41eab203dc2f402c67

                                                                                                                                                                              SHA1

                                                                                                                                                                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                                                                              SHA256

                                                                                                                                                                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                                                                              SHA512

                                                                                                                                                                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                              Filesize

                                                                                                                                                                              3KB

                                                                                                                                                                              MD5

                                                                                                                                                                              d73efb644559534e89a7ae24d72290ad

                                                                                                                                                                              SHA1

                                                                                                                                                                              e69a53807f7c4b7ba6f66dbcbc05911de9ca5958

                                                                                                                                                                              SHA256

                                                                                                                                                                              58674a780a2ce8e5031a426cf76f07c9930dec45d616e1972835b9e66d5e0ba3

                                                                                                                                                                              SHA512

                                                                                                                                                                              30e98429c93cb15b2a5d99d90936a4d9e82200e071c06f3258024f80f948097ed1e42fe0975e04d2b22adf7fc8b1d99fbba589b03d65a140f8d8d4fb77623a10

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                              Filesize

                                                                                                                                                                              6KB

                                                                                                                                                                              MD5

                                                                                                                                                                              4c2057f691af89aad31f0e664855690f

                                                                                                                                                                              SHA1

                                                                                                                                                                              2acde4f4382dfaeae604e291dcc775cf17426fc4

                                                                                                                                                                              SHA256

                                                                                                                                                                              59fb919b4450d0d10dc9d02fe4f7fd2a76c609520b50678fc0f6622f99d1ff8a

                                                                                                                                                                              SHA512

                                                                                                                                                                              785d775c15dd5d6bdcfe67defdcd6ba68ea1993b7d4775636cbc4c8401a2d828b96953baf5f5f867bb1f541ba778aa4ab31a37ce8ff2e0203311e01f1b2c8ffa

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                              Filesize

                                                                                                                                                                              3KB

                                                                                                                                                                              MD5

                                                                                                                                                                              9f7d781dba323732ea4cb26bda9f9ee9

                                                                                                                                                                              SHA1

                                                                                                                                                                              65c79f060ea7141fc293e763792cd33978dd0177

                                                                                                                                                                              SHA256

                                                                                                                                                                              90aba805e1517342e1b1940aa3463c900e5176af4f8eefdc473ab677e5f72836

                                                                                                                                                                              SHA512

                                                                                                                                                                              9d9584f483a0874d15fdbd7749a993f638ba7bdbe46e1457f42c56fd6525fa48344d94eb64169fe912c49832c888db990a7e692394ccddc3efadce2ea7002e53

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001
                                                                                                                                                                              Filesize

                                                                                                                                                                              41B

                                                                                                                                                                              MD5

                                                                                                                                                                              5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                                                              SHA1

                                                                                                                                                                              d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                                                              SHA256

                                                                                                                                                                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                                                              SHA512

                                                                                                                                                                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              4KB

                                                                                                                                                                              MD5

                                                                                                                                                                              caa352aaf36d236cdc0c6a565fa2a60e

                                                                                                                                                                              SHA1

                                                                                                                                                                              ff131f9a4d6cac3e270e9af2fd8c2d18d7860630

                                                                                                                                                                              SHA256

                                                                                                                                                                              3d295c0ab013b7cb1eb06c2b571144e16637a66b266a8e15de592798b845d61d

                                                                                                                                                                              SHA512

                                                                                                                                                                              5f7005e041917897afc65d9a9d21568850a7df1c89fe9098d349fa1a43d0d398d691ddd4f6efa5f3df583390c9b173b3b24aae732bd4f1522c83e7a2d260cf54

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              7KB

                                                                                                                                                                              MD5

                                                                                                                                                                              bcf09e05fb770119b383c5bb7fef4da7

                                                                                                                                                                              SHA1

                                                                                                                                                                              c07832abe8d807f58ba120b220d7b5acabd83b94

                                                                                                                                                                              SHA256

                                                                                                                                                                              008686bcc71adcbac1d0f0033e7a5233f3b4716382fcbd385bf90e4f1844c281

                                                                                                                                                                              SHA512

                                                                                                                                                                              36246c9b6d87e22084ddac94a2cd2f224c61a26ee24801f39935868bc108e629c1a2d993e034a6d87485dff799a9dcfb0b02536eb8e16ed6650bfcd4727bd55d

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              9KB

                                                                                                                                                                              MD5

                                                                                                                                                                              bd4feaa157367ee2e489d8512bcae81d

                                                                                                                                                                              SHA1

                                                                                                                                                                              564124f1d55ccac1fb2911d05480d2d863d03d41

                                                                                                                                                                              SHA256

                                                                                                                                                                              95253a722d9e27086a7f835fad35bfb850660b1b4bf83ef4098052de3ef599d9

                                                                                                                                                                              SHA512

                                                                                                                                                                              6cae0338265890ad0169b61ef336f0210ba4b6d36384e2eb9c2b85b599289c06a74ba1c6d60baf2cb1f55594b5f2092232399a86250abbc913030179e9baeb96

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              8KB

                                                                                                                                                                              MD5

                                                                                                                                                                              7e26a0a4c760409239bcb2ac7d2ac309

                                                                                                                                                                              SHA1

                                                                                                                                                                              3239f6222e0b2476e19dbaca4c0986b6f93d5a79

                                                                                                                                                                              SHA256

                                                                                                                                                                              741099adf31331048dcfe5db0267e2c4ee67521dfe0f11d14adc7138bf8eb262

                                                                                                                                                                              SHA512

                                                                                                                                                                              f453b2157d845511f1ff6dbfc698bca3909ace777e7f4bae5714388cee5817b572bbcdaead6bd7f6d48a6da0a6a5f73832e1993a583f2a7fbf8cd385fb27d471

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              7KB

                                                                                                                                                                              MD5

                                                                                                                                                                              e39eecb6bedb24e9c870a4f7c2395056

                                                                                                                                                                              SHA1

                                                                                                                                                                              198947e80a0f92aec19ece8bcbf4f1e1c5951091

                                                                                                                                                                              SHA256

                                                                                                                                                                              b667817b95576e4a966b6d5988060726bbd27122ec4b03b9faec3e4fcdfedf51

                                                                                                                                                                              SHA512

                                                                                                                                                                              664b0f6ce353967e2fb1a548933ba93282459b002a5318bdc458926f34d32bce0c1751e03719c4240dc573891922ad417cfc17cc875aa74d6d22d094635e956d

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              7KB

                                                                                                                                                                              MD5

                                                                                                                                                                              c928e247aa31631892a2c525d9096c0f

                                                                                                                                                                              SHA1

                                                                                                                                                                              0e9aae2494d4712d33358480af1b75b613e9b071

                                                                                                                                                                              SHA256

                                                                                                                                                                              587ce2b1e8849d6425eb9da05aa120f1cb14281ad2cb457ac81cef20c1f37e1d

                                                                                                                                                                              SHA512

                                                                                                                                                                              d97616a1ba9b8083f8e70bb05b159e84f320f3171b01f4f2e428a3d4ac902548bbe3c197d9cbb8070a09305d74061b192b958f9746f45be4641d4887b272cfb0

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              9KB

                                                                                                                                                                              MD5

                                                                                                                                                                              b2fed2705599bb5b9b12c27f906e4232

                                                                                                                                                                              SHA1

                                                                                                                                                                              9685be388e18e09b69ed140b415f0ea48121e7b1

                                                                                                                                                                              SHA256

                                                                                                                                                                              65903c68337225f53562a573f1376fc16ef2961c2a022bfac1d1a78c8e858826

                                                                                                                                                                              SHA512

                                                                                                                                                                              2b7ab5deca81a8a58b9149a672ede6ee9770d4afe23dcf2f23f32e510b44cd6e6eaea0dd5866a59067006725b0492fa182864f192c5224c9080b4a7e62a693b4

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              7KB

                                                                                                                                                                              MD5

                                                                                                                                                                              b39d09494fe3333bd44c253523404204

                                                                                                                                                                              SHA1

                                                                                                                                                                              9d3f2e4009ce29cdb08bf5c59cf43339b1006d80

                                                                                                                                                                              SHA256

                                                                                                                                                                              935a1551b8231c6e0ff04dae28ab766e5cd1cb6b8272a152090a0f8f8b6be1d1

                                                                                                                                                                              SHA512

                                                                                                                                                                              8afe059b44398eee9aea5dba95aafcdb13b65c12fb57d45237ba1b4bacdc01c0e1f2ee30266fefb8bdd0cdfc6046dea73a1d9405bcab20a17fbad24ba73ac6fb

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              9KB

                                                                                                                                                                              MD5

                                                                                                                                                                              da09f0b8870e38b84f1128b8f902d826

                                                                                                                                                                              SHA1

                                                                                                                                                                              38496ec63d79e8c3f029e6fff0df8bc33ee73772

                                                                                                                                                                              SHA256

                                                                                                                                                                              52eda84557928977782a8e35a55194d9a86866a9377b4cd6a2ac732a27d3d3c7

                                                                                                                                                                              SHA512

                                                                                                                                                                              b25c50ec32c5c2a830ea8bd3d66a95da656a5374d0c63d91dfada4fd8e5f7fcf57e08156b9065686bb17d926546dde63862065d6622fb702c99b2a01b131ecee

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              8KB

                                                                                                                                                                              MD5

                                                                                                                                                                              19e9c93efd5f38b92418464db5f6b2ea

                                                                                                                                                                              SHA1

                                                                                                                                                                              842037b318bae9d67032ad4f6d9d091281a5de5d

                                                                                                                                                                              SHA256

                                                                                                                                                                              c6d5e3acb3f032add85732a7b6b65081617391d27cb8f5d96fa94ecf24b2efbc

                                                                                                                                                                              SHA512

                                                                                                                                                                              9efbaf8ecba6f7e3241aa6cb3d7f266aef366b868328e91ffa67e6a5bac1a0d1a2b91fba6fdaeb3c24482d0ae7c0625c0ede42ea19f21f9d6466016c149615a1

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              8KB

                                                                                                                                                                              MD5

                                                                                                                                                                              79469a6bdd81c59570727e53abc8c6db

                                                                                                                                                                              SHA1

                                                                                                                                                                              697f61843f6d9a307d10807007dfc4a831c8fe49

                                                                                                                                                                              SHA256

                                                                                                                                                                              9a957b9384b85a66eef24c52c87ef6f05a42fe481630a4e387f67a1b4e093cb3

                                                                                                                                                                              SHA512

                                                                                                                                                                              abdd08a4e1a94b24e888356da66155297cb92e07e3db47a7abe840905e6564e46df1cea608457d74a2e0984259a1c1160be63cf03c24e1d5bc4db9b1286b5660

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              8KB

                                                                                                                                                                              MD5

                                                                                                                                                                              aad05cc01bfa3c63136bfd6095d9a47a

                                                                                                                                                                              SHA1

                                                                                                                                                                              76f90f87c1c480cd07457c8eb51ebe6e6fb92dd2

                                                                                                                                                                              SHA256

                                                                                                                                                                              e174a124c20c61b1b2940b5e5d6b0f863423bc32c2b7d83560ac999b5ffc23ac

                                                                                                                                                                              SHA512

                                                                                                                                                                              8562c5c442c159cd20fcb19925b42956050b03617041b1a167664c1523e1104d068f6e8eb382f2d31c636bc49102817bfab895f36f1c12ad094d8884bf7badde

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                                                              Filesize

                                                                                                                                                                              25KB

                                                                                                                                                                              MD5

                                                                                                                                                                              0ba15f72ffb0a37243558588d3e78221

                                                                                                                                                                              SHA1

                                                                                                                                                                              814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

                                                                                                                                                                              SHA256

                                                                                                                                                                              3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

                                                                                                                                                                              SHA512

                                                                                                                                                                              02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2b5bd7c8-0179-473c-afcb-af9259fdfbe4\index
                                                                                                                                                                              Filesize

                                                                                                                                                                              24B

                                                                                                                                                                              MD5

                                                                                                                                                                              54cb446f628b2ea4a5bce5769910512e

                                                                                                                                                                              SHA1

                                                                                                                                                                              c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                                                                                                                              SHA256

                                                                                                                                                                              fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                                                                                                                              SHA512

                                                                                                                                                                              8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\af84e67c-b86a-48e2-8a98-f2d8b4c3f72b\index-dir\the-real-index
                                                                                                                                                                              Filesize

                                                                                                                                                                              624B

                                                                                                                                                                              MD5

                                                                                                                                                                              44759cf7a3cdc4dc03f4327e4e27a209

                                                                                                                                                                              SHA1

                                                                                                                                                                              3fff16cb91c899122ecd4a2ccaa90c14bd9964ed

                                                                                                                                                                              SHA256

                                                                                                                                                                              1ad86e37050a6f0e75f0793febb092f553e47d75ddb8a65973644ff549cdb620

                                                                                                                                                                              SHA512

                                                                                                                                                                              a583ed7113726e20b3a8bf8921d858f0b02144af60a584a0e2eb29dc438438eb3a3c2589caf38ad2724b317508df76f8810472990450164ffafc699cf87d3254

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\af84e67c-b86a-48e2-8a98-f2d8b4c3f72b\index-dir\the-real-index~RFe5cc7bc.TMP
                                                                                                                                                                              Filesize

                                                                                                                                                                              48B

                                                                                                                                                                              MD5

                                                                                                                                                                              98fe942f44f5d2aa02727ab4b86a5d41

                                                                                                                                                                              SHA1

                                                                                                                                                                              b52068771f8a450503cda81946187568f0bb8d64

                                                                                                                                                                              SHA256

                                                                                                                                                                              bca685132745080616a88a8c759ff7711335b368e2a694bde008d42db30a4381

                                                                                                                                                                              SHA512

                                                                                                                                                                              e435e5ba41aa103f0b34821503a40a1122682663a138b580fb5d7065c286b5a0a45d4708fbcd106c9e1597c8ff2a5e40b83e6902cb92c3f164414f266f51965f

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eb80da78-8ee9-4ff0-9987-653c7641c4fb\index-dir\the-real-index
                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              222fa89d358b80287dc7726587be50c0

                                                                                                                                                                              SHA1

                                                                                                                                                                              6f8a130f7055096127fe9bbc52e354e962ee4ec6

                                                                                                                                                                              SHA256

                                                                                                                                                                              6af040857282e40f778a07c687641a3a96389bfb2a30b2ce12e33e0269982cad

                                                                                                                                                                              SHA512

                                                                                                                                                                              ea76f8cbadd6a8746b49499ffa2fb512e9177768e8320bc8fd0447e560ab563b7163390424093f30ea11c19860437500e5a92df51bd77bbd3cac0bbfc4f457d5

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eb80da78-8ee9-4ff0-9987-653c7641c4fb\index-dir\the-real-index
                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              f52536b7a966a4234ece465e7ba21a6a

                                                                                                                                                                              SHA1

                                                                                                                                                                              f857fc70143ff7f87dae956baa965a43df8f72fd

                                                                                                                                                                              SHA256

                                                                                                                                                                              5eb76eb2bdf936db42b1ad42547fc5e38c0e90cdbcddab5d6c0b033bed5899ac

                                                                                                                                                                              SHA512

                                                                                                                                                                              548910645133d0f57226a964804e715c41189dc50abd866e5c2aae09c5375e21df14ab84603fcedff5c671c8b286ea127d19a602c1d50256eb8c48800c0b96fe

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eb80da78-8ee9-4ff0-9987-653c7641c4fb\index-dir\the-real-index~RFe5c6bb2.TMP
                                                                                                                                                                              Filesize

                                                                                                                                                                              48B

                                                                                                                                                                              MD5

                                                                                                                                                                              9d13cbaed96a1dfd81d9103f6eb23bdc

                                                                                                                                                                              SHA1

                                                                                                                                                                              932d345a8cf7e73899d7f02afa3bbb5585840790

                                                                                                                                                                              SHA256

                                                                                                                                                                              dd1428e1e08c9622b3d8256ffc133b8954917b2afb4addf0a9efffeec486a407

                                                                                                                                                                              SHA512

                                                                                                                                                                              f05fb551a5fbfe32be4d1cb57561b9a515458cdd0bed71183cfd70232e55bc45d470f9ccd59f056a7ab0eb6982222b4ba90ba50b3f59b8b30f1e074a05631eaf

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                              Filesize

                                                                                                                                                                              146B

                                                                                                                                                                              MD5

                                                                                                                                                                              79fe3b1c9631c5c5b7e0a646566ebe07

                                                                                                                                                                              SHA1

                                                                                                                                                                              d0ebed00af71411fd99618a8f4dc0fd75b65812b

                                                                                                                                                                              SHA256

                                                                                                                                                                              4314779d508045b58459b4a81e7003ed160d7034c0d4e4efd15cbb624ec5a96f

                                                                                                                                                                              SHA512

                                                                                                                                                                              4d5c2c2f414d8dd19fae3a28372e35de25b848300c4dcf801797cb086b78b89d0722bfe63ba44c67a4b9ec0856a0d57de53ee758f9cc8fcd5f4ca97dc22352b3

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                              Filesize

                                                                                                                                                                              148B

                                                                                                                                                                              MD5

                                                                                                                                                                              aa52773a28f45e9c69823b68793048fe

                                                                                                                                                                              SHA1

                                                                                                                                                                              7629877d6557a6b95358ae0bc578b682e48dd739

                                                                                                                                                                              SHA256

                                                                                                                                                                              b3e3509772d7df07c87074e92562e46a78b98594555f3f544d4f13a33607b5bd

                                                                                                                                                                              SHA512

                                                                                                                                                                              d47cc1b55b4c819eac73a10db1a23f56cce46f47c16455fa95b996d7ad530d827fb728c870464cb6c2ef7d7c38aafc1c92bf0fe0ae98d7b9506808f3ee665898

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                              Filesize

                                                                                                                                                                              157B

                                                                                                                                                                              MD5

                                                                                                                                                                              7b49273500734861d23f3bd7910d9096

                                                                                                                                                                              SHA1

                                                                                                                                                                              6601fd9994468148952cbfb388b8f798f9d2e6c3

                                                                                                                                                                              SHA256

                                                                                                                                                                              3644f78f38b243e911424f2916e955300e950e4aa6615ef480fe85d61ecb07e6

                                                                                                                                                                              SHA512

                                                                                                                                                                              04841523602211affb9149956b508c04a95c1c205a6ae7d8d151cc91db296429791e676efee4ef2237603d787215b48b13d39783459a931325b418204a01c547

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                              Filesize

                                                                                                                                                                              82B

                                                                                                                                                                              MD5

                                                                                                                                                                              c1c4a027629b615f5d320b9d1b3570ea

                                                                                                                                                                              SHA1

                                                                                                                                                                              80d09dd20ecfb75ccd9390dc909abef4acc004a4

                                                                                                                                                                              SHA256

                                                                                                                                                                              2377aecc020e0fe9dd2de6feaf67a83773bea4fdb8ae2d88304e2d8bc2cd7948

                                                                                                                                                                              SHA512

                                                                                                                                                                              934dea8024ed5fef772f512d3e034cbce3ac40083e77e5584d63010b7ecfd9cad948738fe56c2b44213e828c2c2bdb6da5815f4b79b74e6e2daa3ebdb6d79651

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                              Filesize

                                                                                                                                                                              153B

                                                                                                                                                                              MD5

                                                                                                                                                                              55bbb54d3863d31c2f589feb968182e8

                                                                                                                                                                              SHA1

                                                                                                                                                                              af0936788cfe37e123fb1b29bbd212ffefe44590

                                                                                                                                                                              SHA256

                                                                                                                                                                              a9b541f5fc5f0283f41aab99b775540a0fa8a38446ef1584fedc7368781f1d46

                                                                                                                                                                              SHA512

                                                                                                                                                                              7a2e549708990af0803d7c630fc8c199491bb4e003283ec56cfd0227db12915009ac3ab0a6e69e76653efcc1031661cf0a9f02024ca2fad7ada67225950f7edd

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                              Filesize

                                                                                                                                                                              84B

                                                                                                                                                                              MD5

                                                                                                                                                                              a468d54b440656c8bf16b68fd70c95ba

                                                                                                                                                                              SHA1

                                                                                                                                                                              11f86c2cdeae032b690656855fb8c323acff4019

                                                                                                                                                                              SHA256

                                                                                                                                                                              986d46d36c311eeed19ec777aabe4ed0e11388c8fa6cd8419a72ccf700f1741e

                                                                                                                                                                              SHA512

                                                                                                                                                                              78081e1408b51572e0aa6c9efa5e098a9ac53c704bc45d0cfef5c58d46ac7e1f4a8d341e161abab75c1bab6aff8cc826202037098e3c2c9c9fd8647e24947c61

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c3a9f.TMP
                                                                                                                                                                              Filesize

                                                                                                                                                                              89B

                                                                                                                                                                              MD5

                                                                                                                                                                              56969fceab00c5fd0579baa63f5c3a19

                                                                                                                                                                              SHA1

                                                                                                                                                                              8e5e601be1dab2376d5b1096c88dbb197ef6cc2a

                                                                                                                                                                              SHA256

                                                                                                                                                                              6ffb79ad1cdfae101cac430778743177d37b51a7c9fa4a74b0dfe8ebe4c90089

                                                                                                                                                                              SHA512

                                                                                                                                                                              a770e7d63f9daab31cd8800594e98e43659c7904adfef75e21a31fa80fb2b4388aa8374187ff865f43caebdd5443be7ff86b05ce07c4ceeec5dfe67f6c108ef7

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                                                              Filesize

                                                                                                                                                                              240B

                                                                                                                                                                              MD5

                                                                                                                                                                              d14aa0a7e0741bcc0b180ad6cf1e75f2

                                                                                                                                                                              SHA1

                                                                                                                                                                              b1b391932e130167e3f913bb7f373c18e1126147

                                                                                                                                                                              SHA256

                                                                                                                                                                              63310cc37a845b720e8abd6e5c5bf94849511fffd33a139225d8437f2d6bacda

                                                                                                                                                                              SHA512

                                                                                                                                                                              71efeccafe19aee68d13959348bfae4c69a71e17c456dfbd3bf67b63bffa291a7ec2d846b9356d95837f5de9972bfece30fc98eda289f852c3e107ad372bd9d0

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                                                              Filesize

                                                                                                                                                                              288B

                                                                                                                                                                              MD5

                                                                                                                                                                              9b97180b447d83061f40df4942dbfbdf

                                                                                                                                                                              SHA1

                                                                                                                                                                              dc47a7c746b01921e5909c668c64d511df05c6dc

                                                                                                                                                                              SHA256

                                                                                                                                                                              b40cbed6d03aea0d92385ac0cf0130a6d73b30a6dab92bfac4c750203fe10685

                                                                                                                                                                              SHA512

                                                                                                                                                                              31105007b73c53591d5784b8534c7a32d5bca72527d6e629fbae164257cb39cfe3144031fe2ea469839e8a9c7d8698e02fc7cf553180611b512887532d6b1eca

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fe17.TMP
                                                                                                                                                                              Filesize

                                                                                                                                                                              48B

                                                                                                                                                                              MD5

                                                                                                                                                                              cf863f93ca83c2cbad5520c4a05e36f8

                                                                                                                                                                              SHA1

                                                                                                                                                                              c0c2c7c1018ae22a829b4b5cf0eab196c710d747

                                                                                                                                                                              SHA256

                                                                                                                                                                              6d5237f9149a3fe21dd36230046713a2caf7dc6db1d7b1a37c5c09fc6677666e

                                                                                                                                                                              SHA512

                                                                                                                                                                              53459de8861cea5aba3964e228fb9a8882b5615fe428ee2f6a5f21ff7d264f1904c5eb88973fa38047793efaa35fcbc34daebb8cb0eb02611b23fa396b1d4a65

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              64fd5fb11114a34821c18e36b0e90fbb

                                                                                                                                                                              SHA1

                                                                                                                                                                              7a26b86bf1eccffbed805084ece50384910aba80

                                                                                                                                                                              SHA256

                                                                                                                                                                              dbaa8742ee91e29fd98790148822c27b30c4c52c82c0e92adc26cdad90419e24

                                                                                                                                                                              SHA512

                                                                                                                                                                              cae75ca4d992d6703da545d6782841436fde5b2c2e64ade5de865ef0f0efc4790d31d1cd1cddb5fe9c047fab54cedac18aaa919db512deacdc16b120bdec6fa7

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                              Filesize

                                                                                                                                                                              3KB

                                                                                                                                                                              MD5

                                                                                                                                                                              2d3f14b805eb439948b5e028530c7916

                                                                                                                                                                              SHA1

                                                                                                                                                                              3a7a2c840fe16cdaad0fd9e3bd5bfa8c54e5075b

                                                                                                                                                                              SHA256

                                                                                                                                                                              93efad1ff7e128eb140e3006582b6e1ffb24ffa62468fbc4ba58a76bc9487d9e

                                                                                                                                                                              SHA512

                                                                                                                                                                              605b14b76489b256ac9f3af6f695a85904b83d1f1054fb3ede59d1a1307d18fd89de99a579577a8b369a75852af87dbf1a7ec336d872f45dfe4d17f48b38c7de

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                              Filesize

                                                                                                                                                                              3KB

                                                                                                                                                                              MD5

                                                                                                                                                                              545874f8c3823acaa93bb643d87428fc

                                                                                                                                                                              SHA1

                                                                                                                                                                              a64772acc06199c73644c19ce0a7774db8564a13

                                                                                                                                                                              SHA256

                                                                                                                                                                              40716cb43c555bc44fc9abe0b2159507238a0cfea8ff7fe2790e74a8fea64dc1

                                                                                                                                                                              SHA512

                                                                                                                                                                              3d5ec0de2752390136d915ed3eb9982e2300a2f1fe936af73cb4fcb5cc62af0881e8181c78052ed6c23e57fd0b9bf76e588b121ce6722f750e55a66090c5023a

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                              Filesize

                                                                                                                                                                              2KB

                                                                                                                                                                              MD5

                                                                                                                                                                              22ea213aa1caec0bde1b85a5756ff69c

                                                                                                                                                                              SHA1

                                                                                                                                                                              5e168faba5f2335fe698e0aa33e61a812fb12781

                                                                                                                                                                              SHA256

                                                                                                                                                                              a39294b7cab37ac8cae254386335be6432b123d9b93fb8cd0d9051cb6c5ff488

                                                                                                                                                                              SHA512

                                                                                                                                                                              c960e418af5cff50f5f1c4dd48e053f287780f33a54c18d8592df5a162774124d387950ad2521a9bebbdd61da14c17448afd5b4aa5e9fc1737e5728212abefa6

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                              Filesize

                                                                                                                                                                              3KB

                                                                                                                                                                              MD5

                                                                                                                                                                              014476c558d2e1fd1753e74664148de0

                                                                                                                                                                              SHA1

                                                                                                                                                                              17c72a509542c5073b52a309f299dfbce3d23031

                                                                                                                                                                              SHA256

                                                                                                                                                                              5d156dfba24e5165e9010e48e428ee55846ab6bdfb65268900cabc8ef0ee0931

                                                                                                                                                                              SHA512

                                                                                                                                                                              a9b5369a70aba8a9dcda10e15a04d0d39b397a5d8852b8a9054a325f44fa9bf1782dc2b14263837451efe4837b03caa5169a3478ff8e725c59c858b9471a2674

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                              Filesize

                                                                                                                                                                              3KB

                                                                                                                                                                              MD5

                                                                                                                                                                              bbf8a534994b0764d2eb6212587ec46c

                                                                                                                                                                              SHA1

                                                                                                                                                                              37bfbd2c7ed6fda77e70fcc1c2b91cba74d2e2d9

                                                                                                                                                                              SHA256

                                                                                                                                                                              06bfaf01e5988ec97dddbd7299b7167537aecd9a1fc70691905481f8839501f7

                                                                                                                                                                              SHA512

                                                                                                                                                                              5a9572982ef4bd4b7bae9358edb7d2ae835dfe3f61dbe7b5963f8f4d0c77eff33fcbd719b3a9039d2523ed78388df49aefef0c5dcf67dfcba37ebdcb9b2e313c

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cbfb.TMP
                                                                                                                                                                              Filesize

                                                                                                                                                                              1KB

                                                                                                                                                                              MD5

                                                                                                                                                                              48ffadbb5c059d2710bbd987995b6b92

                                                                                                                                                                              SHA1

                                                                                                                                                                              29d9bf2be83295252bdad38e39fa3818b37ba021

                                                                                                                                                                              SHA256

                                                                                                                                                                              8f42fcbcbecc22aec2e530247fa50e00dfb4c9324eeed3a85f83286e0292e395

                                                                                                                                                                              SHA512

                                                                                                                                                                              477931ad82db25159a7404b424379ea9ede0ed43f038ac35214259bc7e13cd08e87a8f500f12450f3b045c86e5641070091e58c05a7b7099d7eebd5d47390375

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                              Filesize

                                                                                                                                                                              16B

                                                                                                                                                                              MD5

                                                                                                                                                                              aefd77f47fb84fae5ea194496b44c67a

                                                                                                                                                                              SHA1

                                                                                                                                                                              dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                                                                              SHA256

                                                                                                                                                                              4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                                                                              SHA512

                                                                                                                                                                              b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                              Filesize

                                                                                                                                                                              16B

                                                                                                                                                                              MD5

                                                                                                                                                                              6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                              SHA1

                                                                                                                                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                              SHA256

                                                                                                                                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                              SHA512

                                                                                                                                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                              Filesize

                                                                                                                                                                              10KB

                                                                                                                                                                              MD5

                                                                                                                                                                              8b60c8910aa5cb0a59c3ae61ece80881

                                                                                                                                                                              SHA1

                                                                                                                                                                              9a9d0a39613509c9208f9b9ebd320622f0c5017c

                                                                                                                                                                              SHA256

                                                                                                                                                                              c14459a494ecb7932912a9ba163e43c3d15debfba067101c62bd3e6f3be4448e

                                                                                                                                                                              SHA512

                                                                                                                                                                              b98eeac2b15f19610ea1b4964d74da9bc0b5a36dd1aa6cf7f788eda34cbcf2728846bafde98a8cd52d69848f7419b046866b5c3f3689d7b254e48d6ab59fc97a

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                              Filesize

                                                                                                                                                                              11KB

                                                                                                                                                                              MD5

                                                                                                                                                                              8c07d62775869967874978ab31f76282

                                                                                                                                                                              SHA1

                                                                                                                                                                              2deeeff2e87ceb6ac1903f92cb538f942887411e

                                                                                                                                                                              SHA256

                                                                                                                                                                              c770b62b2aab2f0dc745ad2ef2f9398736c71492faf77a29a4d1baa187803fff

                                                                                                                                                                              SHA512

                                                                                                                                                                              c554af94503adf282ad95f799c80c651e1b19bc3e287e0f86580ccc510d34af3b92c01d9f384aceedd1162328066a369c65303969877d37e3f6f989faf4e7b5b

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                              Filesize

                                                                                                                                                                              11KB

                                                                                                                                                                              MD5

                                                                                                                                                                              c84e02aa5da2786793724c612642f5df

                                                                                                                                                                              SHA1

                                                                                                                                                                              9b7687d687b2435525dab3669d93f14ad77bac11

                                                                                                                                                                              SHA256

                                                                                                                                                                              14492482e3cf0232292e4fe171b433af4a42a96474917a26dad97d75e229d9fe

                                                                                                                                                                              SHA512

                                                                                                                                                                              f0aacc722f0886f46474024691d8e00b4f55e9708a93595305a2b53a73107fc47419d2db3ee9de3d8222deed2080018d6f7324559b5cc5fb2cb25ec1bac542a2

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                              Filesize

                                                                                                                                                                              11KB

                                                                                                                                                                              MD5

                                                                                                                                                                              9c0775920bc1e120fb36b7332f2b5cb4

                                                                                                                                                                              SHA1

                                                                                                                                                                              a91c7d3c89e2e66660533e52564ddab824fc27d2

                                                                                                                                                                              SHA256

                                                                                                                                                                              f57ea4d95ac0f16f10e9f5bc4b8a2f92b8503c6f00321c46bfc382c7d397e33d

                                                                                                                                                                              SHA512

                                                                                                                                                                              0671d4aff19f04b5d710de16b7b1925d4ec3e4ab10c59fa8455b75006910dd5eece882705183c5055af2c04355dbcb6a184a464a8882ee9e237d375a69579b2c

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                              Filesize

                                                                                                                                                                              10KB

                                                                                                                                                                              MD5

                                                                                                                                                                              2baeb159f2ba73674aa7730bf52cc685

                                                                                                                                                                              SHA1

                                                                                                                                                                              a8790ed315a2ff888346f6aa27711597b8e5c6ab

                                                                                                                                                                              SHA256

                                                                                                                                                                              6d334f986da92cea31333a1d99db7dae2fba288711c9e51204bfcedd39df1f59

                                                                                                                                                                              SHA512

                                                                                                                                                                              43158ef61520534867306025b17e99166050e0958aaaab6c49a51a5081b2c7c0713942afcff488a4cadb529c43b15e1bb36cc1c97b99b1f111a62c7d48c7a8bf

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                              Filesize

                                                                                                                                                                              10KB

                                                                                                                                                                              MD5

                                                                                                                                                                              324488ae2818c9c2741ea3e56b3645c8

                                                                                                                                                                              SHA1

                                                                                                                                                                              55c33a238a175813af7ac57783c6073a1b56df15

                                                                                                                                                                              SHA256

                                                                                                                                                                              8a7df369996b034a183bf3cd667744470cd5a0b0fe7847cdac2e2bd7b8a60cf6

                                                                                                                                                                              SHA512

                                                                                                                                                                              eaf0fcdb1f04584c0132d04784a465e29c253bd07b01de10bbfa9c7eacf09becf86fa223e8b6fd2dc4bf97079e8660e84bdfe7b5ae1d6bdec057e114248fae5e

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                              Filesize

                                                                                                                                                                              11KB

                                                                                                                                                                              MD5

                                                                                                                                                                              7bec6a4c1c1be00e32d5631067d929e1

                                                                                                                                                                              SHA1

                                                                                                                                                                              477f9e5618b12e49edced8faf32368f2a02266dd

                                                                                                                                                                              SHA256

                                                                                                                                                                              3d841234a7a88b4bc2102c51602f5a30f735b92bcc81b5fe33e94741b05ed235

                                                                                                                                                                              SHA512

                                                                                                                                                                              7fe7f8ff99ab84965cf4a3bf818447b84c790e335d85fbe89171d6a323b8b8812832bd2af9bc6ed15f280f3d82462f95d9551c888095fddd508359d5b5339e6a

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                              Filesize

                                                                                                                                                                              11KB

                                                                                                                                                                              MD5

                                                                                                                                                                              3fdf13ad39730771c2043963e38b30bf

                                                                                                                                                                              SHA1

                                                                                                                                                                              0aa999ee742fe736da576fcf5c3edf7e4b68dedd

                                                                                                                                                                              SHA256

                                                                                                                                                                              072abc01f8a8c430d1f08aca2a787bd2a025a3f744af5872a8dd3ffe7a1858de

                                                                                                                                                                              SHA512

                                                                                                                                                                              9a4055030ff30bc5aa1be7f63ddf915d16782e68c18be170510993d11f91efa9f3aa44744ff3ca1b4331cf337fcd298c605fc45ae6cb5df85709132530bdfa13

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                              Filesize

                                                                                                                                                                              944B

                                                                                                                                                                              MD5

                                                                                                                                                                              e3840d9bcedfe7017e49ee5d05bd1c46

                                                                                                                                                                              SHA1

                                                                                                                                                                              272620fb2605bd196df471d62db4b2d280a363c6

                                                                                                                                                                              SHA256

                                                                                                                                                                              3ac83e70415b9701ee71a4560232d7998e00c3db020fde669eb01b8821d2746f

                                                                                                                                                                              SHA512

                                                                                                                                                                              76adc88ab3930acc6b8b7668e2de797b8c00edcfc41660ee4485259c72a8adf162db62c2621ead5a9950f12bfe8a76ccab79d02fda11860afb0e217812cac376

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                              Filesize

                                                                                                                                                                              944B

                                                                                                                                                                              MD5

                                                                                                                                                                              21017c68eaf9461301de459f4f07e888

                                                                                                                                                                              SHA1

                                                                                                                                                                              41ff30fc8446508d4c3407c79e798cf6eaa5bb73

                                                                                                                                                                              SHA256

                                                                                                                                                                              03b321e48ff3328d9c230308914961fe110c4c7bc96c0a85a296745437bcb888

                                                                                                                                                                              SHA512

                                                                                                                                                                              956990c11c6c1baa3665ef7ef23ef6073e0a7fcff77a93b5e605a83ff1e60b916d80d45dafb06977aed90868a273569a865cf2c623e295b5157bfff0fb2be35d

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zEC3E15F9D\XWorm V5.6\Icons\icon (15).ico
                                                                                                                                                                              Filesize

                                                                                                                                                                              361KB

                                                                                                                                                                              MD5

                                                                                                                                                                              e3143e8c70427a56dac73a808cba0c79

                                                                                                                                                                              SHA1

                                                                                                                                                                              63556c7ad9e778d5bd9092f834b5cc751e419d16

                                                                                                                                                                              SHA256

                                                                                                                                                                              b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

                                                                                                                                                                              SHA512

                                                                                                                                                                              74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zO4F438528\Xworm V5.6.exe
                                                                                                                                                                              Filesize

                                                                                                                                                                              14.9MB

                                                                                                                                                                              MD5

                                                                                                                                                                              db51a102eab752762748a2dec8f7f67a

                                                                                                                                                                              SHA1

                                                                                                                                                                              194688ec1511b83063f7b0167ae250764b7591d1

                                                                                                                                                                              SHA256

                                                                                                                                                                              93e5e7f018053c445c521b010caff89e61f61743635db3500aad32d6e495abb2

                                                                                                                                                                              SHA512

                                                                                                                                                                              fb2fb6605a17fedb65e636cf3716568e85b8ea423c23e0513eb87f3a3441e2cabc4c3e6346225a9bf7b81e97470f3ab516feea649a7afb5cdf02faff8d7f09a5

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zO4F438528\XwormLoader.exe
                                                                                                                                                                              Filesize

                                                                                                                                                                              7.8MB

                                                                                                                                                                              MD5

                                                                                                                                                                              f194b7e7fdbfe0fbf70673937337dc05

                                                                                                                                                                              SHA1

                                                                                                                                                                              ca1fb45e83d267ce039a4639181b5f790f5b3241

                                                                                                                                                                              SHA256

                                                                                                                                                                              3e4cbe1810496aff2ef544d0aa0b5f8d1c69e2a4e86c21921348ede7a9db3967

                                                                                                                                                                              SHA512

                                                                                                                                                                              d63a5d2c84b42944820622fae2bc1cb681ea1e709b9972c35bfca28e198bc18f86f63718b62e50aafa59005df13f2d0f6edd017947133a2cd53688a7cd5844e2

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zO4F438528\XwormLoader.exe:Zone.Identifier
                                                                                                                                                                              Filesize

                                                                                                                                                                              181B

                                                                                                                                                                              MD5

                                                                                                                                                                              7e4f2c57b4529e25500cc7abe31a83dd

                                                                                                                                                                              SHA1

                                                                                                                                                                              87bea931b64743880ef0a7df8a1f175a41ed3b4a

                                                                                                                                                                              SHA256

                                                                                                                                                                              c3278c7498610f8487c5b8833b490f5a011761e51cc5a73caf5cc2281902184a

                                                                                                                                                                              SHA512

                                                                                                                                                                              845da560a0e1c107453859db7aa25d43de9c9afe10d51f727806a798da3d8e416f10279fdef7dfa73a00d2d1d2651be2b927c5500925ffe6f2e0cafae0c19458

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zOCD5A604B\Fixer.bat
                                                                                                                                                                              Filesize

                                                                                                                                                                              122B

                                                                                                                                                                              MD5

                                                                                                                                                                              2dabc46ce85aaff29f22cd74ec074f86

                                                                                                                                                                              SHA1

                                                                                                                                                                              208ae3e48d67b94cc8be7bbfd9341d373fa8a730

                                                                                                                                                                              SHA256

                                                                                                                                                                              a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55

                                                                                                                                                                              SHA512

                                                                                                                                                                              6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\All-In-One.exe
                                                                                                                                                                              Filesize

                                                                                                                                                                              5.1MB

                                                                                                                                                                              MD5

                                                                                                                                                                              a48e3197ab0f64c4684f0828f742165c

                                                                                                                                                                              SHA1

                                                                                                                                                                              f935c3d6f9601c795f2211e34b3778fad14442b4

                                                                                                                                                                              SHA256

                                                                                                                                                                              baecc747370a4c396ef5403a3a2b286465d8fe4677bf1bfd23b8164ef5c22bbb

                                                                                                                                                                              SHA512

                                                                                                                                                                              e0b0b73c39850a30aac89f84f721c79f863612f596d6ff3df0860a9faf743a81364656773c99708e9c0656c74b6a278b6bf7e648f7ff1b9080f9a21e10515a59

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-conio-l1-1-0_not.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              18KB

                                                                                                                                                                              MD5

                                                                                                                                                                              6ea692f862bdeb446e649e4b2893e36f

                                                                                                                                                                              SHA1

                                                                                                                                                                              84fceae03d28ff1907048acee7eae7e45baaf2bd

                                                                                                                                                                              SHA256

                                                                                                                                                                              9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2

                                                                                                                                                                              SHA512

                                                                                                                                                                              9661c135f50000e0018b3e5c119515cfe977b2f5f88b0f5715e29df10517b196c81694d074398c99a572a971ec843b3676d6a831714ab632645ed25959d5e3e7

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-convert-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              21KB

                                                                                                                                                                              MD5

                                                                                                                                                                              72e28c902cd947f9a3425b19ac5a64bd

                                                                                                                                                                              SHA1

                                                                                                                                                                              9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7

                                                                                                                                                                              SHA256

                                                                                                                                                                              3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1

                                                                                                                                                                              SHA512

                                                                                                                                                                              58ab6fedce2f8ee0970894273886cb20b10d92979b21cda97ae0c41d0676cc0cd90691c58b223bce5f338e0718d1716e6ce59a106901fe9706f85c3acf7855ff

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-environment-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              18KB

                                                                                                                                                                              MD5

                                                                                                                                                                              ac290dad7cb4ca2d93516580452eda1c

                                                                                                                                                                              SHA1

                                                                                                                                                                              fa949453557d0049d723f9615e4f390010520eda

                                                                                                                                                                              SHA256

                                                                                                                                                                              c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382

                                                                                                                                                                              SHA512

                                                                                                                                                                              b5e2b9f5a9dd8a482169c7fc05f018ad8fe6ae27cb6540e67679272698bfca24b2ca5a377fa61897f328b3deac10237cafbd73bc965bf9055765923aba9478f8

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-filesystem-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              19KB

                                                                                                                                                                              MD5

                                                                                                                                                                              aec2268601470050e62cb8066dd41a59

                                                                                                                                                                              SHA1

                                                                                                                                                                              363ed259905442c4e3b89901bfd8a43b96bf25e4

                                                                                                                                                                              SHA256

                                                                                                                                                                              7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2

                                                                                                                                                                              SHA512

                                                                                                                                                                              0c14d160bfa3ac52c35ff2f2813b85f8212c5f3afbcfe71a60ccc2b9e61e51736f0bf37ca1f9975b28968790ea62ed5924fae4654182f67114bd20d8466c4b8f

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-heap-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              18KB

                                                                                                                                                                              MD5

                                                                                                                                                                              93d3da06bf894f4fa21007bee06b5e7d

                                                                                                                                                                              SHA1

                                                                                                                                                                              1e47230a7ebcfaf643087a1929a385e0d554ad15

                                                                                                                                                                              SHA256

                                                                                                                                                                              f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d

                                                                                                                                                                              SHA512

                                                                                                                                                                              72bd6d46a464de74a8dac4c346c52d068116910587b1c7b97978df888925216958ce77be1ae049c3dccf5bf3fffb21bc41a0ac329622bc9bbc190df63abb25c6

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-locale-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              18KB

                                                                                                                                                                              MD5

                                                                                                                                                                              a2f2258c32e3ba9abf9e9e38ef7da8c9

                                                                                                                                                                              SHA1

                                                                                                                                                                              116846ca871114b7c54148ab2d968f364da6142f

                                                                                                                                                                              SHA256

                                                                                                                                                                              565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33

                                                                                                                                                                              SHA512

                                                                                                                                                                              e98cbc8d958e604effa614a3964b3d66b6fc646bdca9aa679ea5e4eb92ec0497b91485a40742f3471f4ff10de83122331699edc56a50f06ae86f21fad70953fe

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-math-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              28KB

                                                                                                                                                                              MD5

                                                                                                                                                                              8b0ba750e7b15300482ce6c961a932f0

                                                                                                                                                                              SHA1

                                                                                                                                                                              71a2f5d76d23e48cef8f258eaad63e586cfc0e19

                                                                                                                                                                              SHA256

                                                                                                                                                                              bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed

                                                                                                                                                                              SHA512

                                                                                                                                                                              fb646cdcdb462a347ed843312418f037f3212b2481f3897a16c22446824149ee96eb4a4b47a903ca27b1f4d7a352605d4930df73092c380e3d4d77ce4e972c5a

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-multibyte-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              25KB

                                                                                                                                                                              MD5

                                                                                                                                                                              35fc66bd813d0f126883e695664e7b83

                                                                                                                                                                              SHA1

                                                                                                                                                                              2fd63c18cc5dc4defc7ea82f421050e668f68548

                                                                                                                                                                              SHA256

                                                                                                                                                                              66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735

                                                                                                                                                                              SHA512

                                                                                                                                                                              65f8397de5c48d3df8ad79baf46c1d3a0761f727e918ae63612ea37d96adf16cc76d70d454a599f37f9ba9b4e2e38ebc845df4c74fc1e1131720fd0dcb881431

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-runtime-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              22KB

                                                                                                                                                                              MD5

                                                                                                                                                                              41a348f9bedc8681fb30fa78e45edb24

                                                                                                                                                                              SHA1

                                                                                                                                                                              66e76c0574a549f293323dd6f863a8a5b54f3f9b

                                                                                                                                                                              SHA256

                                                                                                                                                                              c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b

                                                                                                                                                                              SHA512

                                                                                                                                                                              8c2cb53ccf9719de87ee65ed2e1947e266ec7e8343246def6429c6df0dc514079f5171acd1aa637276256c607f1063144494b992d4635b01e09ddea6f5eef204

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-stdio-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              23KB

                                                                                                                                                                              MD5

                                                                                                                                                                              fefb98394cb9ef4368da798deab00e21

                                                                                                                                                                              SHA1

                                                                                                                                                                              316d86926b558c9f3f6133739c1a8477b9e60740

                                                                                                                                                                              SHA256

                                                                                                                                                                              b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7

                                                                                                                                                                              SHA512

                                                                                                                                                                              57476fe9b546e4cafb1ef4fd1cbd757385ba2d445d1785987afb46298acbe4b05266a0c4325868bc4245c2f41e7e2553585bfb5c70910e687f57dac6a8e911e8

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-string-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              22KB

                                                                                                                                                                              MD5

                                                                                                                                                                              404604cd100a1e60dfdaf6ecf5ba14c0

                                                                                                                                                                              SHA1

                                                                                                                                                                              58469835ab4b916927b3cabf54aee4f380ff6748

                                                                                                                                                                              SHA256

                                                                                                                                                                              73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c

                                                                                                                                                                              SHA512

                                                                                                                                                                              da024ccb50d4a2a5355b7712ba896df850cee57aa4ada33aad0bae6960bcd1e5e3cee9488371ab6e19a2073508fbb3f0b257382713a31bc0947a4bf1f7a20be4

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-time-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              20KB

                                                                                                                                                                              MD5

                                                                                                                                                                              849f2c3ebf1fcba33d16153692d5810f

                                                                                                                                                                              SHA1

                                                                                                                                                                              1f8eda52d31512ebfdd546be60990b95c8e28bfb

                                                                                                                                                                              SHA256

                                                                                                                                                                              69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d

                                                                                                                                                                              SHA512

                                                                                                                                                                              44dc4200a653363c9a1cb2bdd3da5f371f7d1fb644d1ce2ff5fe57d939b35130ac8ae27a3f07b82b3428233f07f974628027b0e6b6f70f7b2a8d259be95222f5

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-utility-l1-1-0.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              18KB

                                                                                                                                                                              MD5

                                                                                                                                                                              b52a0ca52c9c207874639b62b6082242

                                                                                                                                                                              SHA1

                                                                                                                                                                              6fb845d6a82102ff74bd35f42a2844d8c450413b

                                                                                                                                                                              SHA256

                                                                                                                                                                              a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0

                                                                                                                                                                              SHA512

                                                                                                                                                                              18834d89376d703bd461edf7738eb723ad8d54cb92acc9b6f10cbb55d63db22c2a0f2f3067fe2cc6feb775db397030606608ff791a46bf048016a1333028d0a4

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\freebl3.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              324KB

                                                                                                                                                                              MD5

                                                                                                                                                                              04a2ba08eb17206b7426cb941f39250b

                                                                                                                                                                              SHA1

                                                                                                                                                                              731ac2b533724d9f540759d84b3e36910278edba

                                                                                                                                                                              SHA256

                                                                                                                                                                              8e5110ce03826f680f30013985be49ebd8fc672de113fc1d9a566eced149b8c4

                                                                                                                                                                              SHA512

                                                                                                                                                                              e6e90b4becf472b2e8f716dbb962cd7de61676fcce342c735fccdc01268b5a221139bc9be0e0c9722e9978aefaae79c10bc49c43392aa05dd12244b3147aeffc

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\mozglue.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              135KB

                                                                                                                                                                              MD5

                                                                                                                                                                              591533ca4655646981f759d95f75ae3d

                                                                                                                                                                              SHA1

                                                                                                                                                                              b4a02f18e505a1273f7090a9d246bc953a2cb792

                                                                                                                                                                              SHA256

                                                                                                                                                                              4434f4223d24fb6e2f5840dd6c1eedef2875e11abe24e4b0e9bc1507f8f6fd47

                                                                                                                                                                              SHA512

                                                                                                                                                                              915b124ad595ee78feab8f3c9be7e80155445e58ed4c88b89665df5fb7e0a04e973374a01f97bb67aaa733a8ce2e91a9f92605ec96251906e0fb2750a719b579

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\msvcp140.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              429KB

                                                                                                                                                                              MD5

                                                                                                                                                                              109f0f02fd37c84bfc7508d4227d7ed5

                                                                                                                                                                              SHA1

                                                                                                                                                                              ef7420141bb15ac334d3964082361a460bfdb975

                                                                                                                                                                              SHA256

                                                                                                                                                                              334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4

                                                                                                                                                                              SHA512

                                                                                                                                                                              46eb62b65817365c249b48863d894b4669e20fcb3992e747cd5c9fdd57968e1b2cf7418d1c9340a89865eadda362b8db51947eb4427412eb83b35994f932fd39

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\nss3.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              1.2MB

                                                                                                                                                                              MD5

                                                                                                                                                                              fc57d044bfd635997415c5f655b5fffa

                                                                                                                                                                              SHA1

                                                                                                                                                                              1b5162443d985648ef64e4aab42089ad4c25f856

                                                                                                                                                                              SHA256

                                                                                                                                                                              17f8c55eba797bbc80c8c32ca1a3a7588415984386be56f4b4cdefd4176fb4c3

                                                                                                                                                                              SHA512

                                                                                                                                                                              f5a944230000730bc0aad10e6607e3389d9d82a0a4ab1b72a19d32e94e8572789d46fb4acd75ad48f17e2bbc27389d432086696f2ccc899850ff9177d6823efb

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\softokn3.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              140KB

                                                                                                                                                                              MD5

                                                                                                                                                                              1b304dad157edc24e397629c0b688a3e

                                                                                                                                                                              SHA1

                                                                                                                                                                              ae151af384675125dfbdc96147094cff7179b7da

                                                                                                                                                                              SHA256

                                                                                                                                                                              8f0c9ac7134773d11d402e49daa90958fe00205e83a7389f7a58da03892d20cb

                                                                                                                                                                              SHA512

                                                                                                                                                                              2dc625dbdf2aae4ade600cca688eb5280200e8d7c2dfc359590435afe0926b3a7446cc56a66023ee834366132a68ae68da51a5079e4f107201e2050f5c5512ad

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\vcruntime140.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              81KB

                                                                                                                                                                              MD5

                                                                                                                                                                              7587bf9cb4147022cd5681b015183046

                                                                                                                                                                              SHA1

                                                                                                                                                                              f2106306a8f6f0da5afb7fc765cfa0757ad5a628

                                                                                                                                                                              SHA256

                                                                                                                                                                              c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d

                                                                                                                                                                              SHA512

                                                                                                                                                                              0b63e4979846ceba1b1ed8470432ea6aa18cca66b5f5322d17b14bc0dfa4b2ee09ca300a016e16a01db5123e4e022820698f46d9bad1078bd24675b4b181e91f

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\Components\nspr4.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              72KB

                                                                                                                                                                              MD5

                                                                                                                                                                              72414dfb0b112c664d2c8d1215674e09

                                                                                                                                                                              SHA1

                                                                                                                                                                              50a1e61309741e92fe3931d8eb606f8ada582c0a

                                                                                                                                                                              SHA256

                                                                                                                                                                              69e73fea2210adc2ae0837ac98b46980a09fe91c07f181a28fda195e2b9e6b71

                                                                                                                                                                              SHA512

                                                                                                                                                                              41428624573b4a191b33657ed9ad760b500c5640f3d62b758869a17857edc68f90bc10d7a5e720029519c0d49b5ca0fa8579743e80b200ef331e41efde1dc8c9

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\Components\nss3.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              172KB

                                                                                                                                                                              MD5

                                                                                                                                                                              7ddbd64d87c94fd0b5914688093dd5c2

                                                                                                                                                                              SHA1

                                                                                                                                                                              d49d1f79efae8a5f58e6f713e43360117589efeb

                                                                                                                                                                              SHA256

                                                                                                                                                                              769703fb1ba6c95fb6c889e8a9baaea309e62d0f3ca444d01cc6b495c0f722d1

                                                                                                                                                                              SHA512

                                                                                                                                                                              60eaad58c3c4894f1673723eb28ddb42b681ff7aafe7a29ff8bf87a2da6595c16d1f8449096accdb89bd6cda6454eb90470e71dde7c5bd16abd0f80e115cfa2d

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\Components\plc4.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              8KB

                                                                                                                                                                              MD5

                                                                                                                                                                              c73ec58b42e66443fafc03f3a84dcef9

                                                                                                                                                                              SHA1

                                                                                                                                                                              5e91f467fe853da2c437f887162bccc6fd9d9dbe

                                                                                                                                                                              SHA256

                                                                                                                                                                              2dc0171b83c406db6ec9389b438828246b282862d2b8bdf2f5b75aec932a69f7

                                                                                                                                                                              SHA512

                                                                                                                                                                              6318e831d8f38525e2e49b5a1661440cd8b1f3d2afc6813bb862c21d88d213c4675a8ec2a413b14fbdca896c63b65a7da6ec9595893b352ade8979e7e86a7fcf

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\Components\plds4.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              6KB

                                                                                                                                                                              MD5

                                                                                                                                                                              ee44d5d780521816c906568a8798ed2f

                                                                                                                                                                              SHA1

                                                                                                                                                                              2da1b06d5de378cbfc7f2614a0f280f59f2b1224

                                                                                                                                                                              SHA256

                                                                                                                                                                              50b2735318233d6c87b6efccccc23a0e3216d2870c67f2f193cc1c83c7c879fc

                                                                                                                                                                              SHA512

                                                                                                                                                                              634a1cd2baaef29b4fe7c7583c04406bb2ea3a3c93294b31f621652844541e7c549da1a31619f657207327604c261976e15845571ee1efe5416f1b021d361da8

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\External\Components\softokn3.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              155KB

                                                                                                                                                                              MD5

                                                                                                                                                                              e846285b19405b11c8f19c1ed0a57292

                                                                                                                                                                              SHA1

                                                                                                                                                                              2c20cf37394be48770cd6d396878a3ca70066fd0

                                                                                                                                                                              SHA256

                                                                                                                                                                              251f0094b6b6537df3d3ce7c2663726616f06cfb9b6de90efabd67de2179a477

                                                                                                                                                                              SHA512

                                                                                                                                                                              b622ff07ae2f77e886a93987a9a922e80032e9041ed41503f0e38abb8c344eb922d154ade29e52454d0a1ad31596c4085f4bd942e4412af9f0698183acd75db7

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\License.XenArmor
                                                                                                                                                                              Filesize

                                                                                                                                                                              104B

                                                                                                                                                                              MD5

                                                                                                                                                                              774a9a7b72f7ed97905076523bdfe603

                                                                                                                                                                              SHA1

                                                                                                                                                                              946355308d2224694e0957f4ebf6cdba58327370

                                                                                                                                                                              SHA256

                                                                                                                                                                              76e56835b1ac5d7a8409b7333826a2353401cf67f3bd95c733adc6aa8d9fec81

                                                                                                                                                                              SHA512

                                                                                                                                                                              c5c77c6827c72901494b3a368593cb9a990451664b082761294a845c0cd9441d37e5e9ac0e82155cb4d97f29507ffc8e26d6ff74009666c3075578aa18b28675

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Log.tmp
                                                                                                                                                                              Filesize

                                                                                                                                                                              4KB

                                                                                                                                                                              MD5

                                                                                                                                                                              632084fa1ee69ee025d09a4ac416dc72

                                                                                                                                                                              SHA1

                                                                                                                                                                              73d4e1a883df9ed62abca67e6052f9a5cff5e76a

                                                                                                                                                                              SHA256

                                                                                                                                                                              52bdff7d4443eff4deca42ec8b657b9c6409705f185b61e3b32a6d65739d7230

                                                                                                                                                                              SHA512

                                                                                                                                                                              d4b9cfa9377782bf85782b8b91766f4b4c936f7fe64c7349747cc89dab140baf26856d4a59acb90eac319f9f6f604f928a272cb89718c5d5ec1b9904bcf2b496

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\XenManager.dll
                                                                                                                                                                              Filesize

                                                                                                                                                                              2.0MB

                                                                                                                                                                              MD5

                                                                                                                                                                              7a5c53a889c4bf3f773f90b85af5449e

                                                                                                                                                                              SHA1

                                                                                                                                                                              25b2928c310b3068b629e9dca38c7f10f6adc5b6

                                                                                                                                                                              SHA256

                                                                                                                                                                              baa9c3a0d0524263c4f848056b3f1da3b4bb913162362cbcabe77ce76a39870c

                                                                                                                                                                              SHA512

                                                                                                                                                                              f5943687d7e098790581bf56ac6fec3b7e9b83d0e29301077a8bc48768c5a0e9f54f53d926f9847885f6035a2b31e456e4e45ccf1c70be27229c46e79876e2ed

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0d3rdoxe.ddv.ps1
                                                                                                                                                                              Filesize

                                                                                                                                                                              60B

                                                                                                                                                                              MD5

                                                                                                                                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                              SHA1

                                                                                                                                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                              SHA256

                                                                                                                                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                              SHA512

                                                                                                                                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\jsdilr.exe
                                                                                                                                                                              Filesize

                                                                                                                                                                              1.7MB

                                                                                                                                                                              MD5

                                                                                                                                                                              c49097eac4909e1300081a8f55a997cc

                                                                                                                                                                              SHA1

                                                                                                                                                                              4ff940f3685adc34a32a5fbc60f0a7d962440477

                                                                                                                                                                              SHA256

                                                                                                                                                                              66d4005bb833fceefb4aea5d116c6e9f2d061f343c7a7e8f0164107ca0584cd6

                                                                                                                                                                              SHA512

                                                                                                                                                                              352d47cc154dbfdf0d4b9c641e09599a158e744daf411064d928f5c9a169780a752c79e252f3d1889557c2be7a9154d0fde14616cdd021bb1967d2fc2c3de9be

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\settings.db
                                                                                                                                                                              Filesize

                                                                                                                                                                              20KB

                                                                                                                                                                              MD5

                                                                                                                                                                              56b941f65d270f2bf397be196fcf4406

                                                                                                                                                                              SHA1

                                                                                                                                                                              244f2e964da92f7ef7f809e5ce0b3191aeab084a

                                                                                                                                                                              SHA256

                                                                                                                                                                              00c020ba1cce022364976f164c575993cb3b811c61b5b4e05a8a0c3d1b560c0c

                                                                                                                                                                              SHA512

                                                                                                                                                                              52ad8c7ed497a5b8eed565b3abcbf544841f3c8c9ec3ca8f686846a2afd15ac4ac8b16abf1cb14aeca1a2fb31f3086ad17206ec4af28e77bae600dca15e8deab

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                                                                                                                                              Filesize

                                                                                                                                                                              144KB

                                                                                                                                                                              MD5

                                                                                                                                                                              4b90399888a12fb85ccc3d0190d5a1d3

                                                                                                                                                                              SHA1

                                                                                                                                                                              3326c027bac28b9480b0c7f621481a6cc033db4e

                                                                                                                                                                              SHA256

                                                                                                                                                                              cede03d0ef98d200bd5b68f6ca4e0d74e2a62fc430a38083663c3031dbb1c77f

                                                                                                                                                                              SHA512

                                                                                                                                                                              899ec2df2f5d70716ad5d0686bfe0a6c66ccbcf7f0485efbdfc0615f90b3526cd3d31069fa66c7c6ae8bba6ce92200836c50da40a3731888b7326b970d93216a

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp80D3.tmp.bat
                                                                                                                                                                              Filesize

                                                                                                                                                                              175B

                                                                                                                                                                              MD5

                                                                                                                                                                              c7438f7b2816e3e3e1ca010a885bf155

                                                                                                                                                                              SHA1

                                                                                                                                                                              8cb888959072d453b165f8f411c7f61a4747125a

                                                                                                                                                                              SHA256

                                                                                                                                                                              7447487966d30769bfe71b8f439cd5437666e4de6e45a90f25be80555c07c16e

                                                                                                                                                                              SHA512

                                                                                                                                                                              b01246cfc32ddedf51aaa6ba6033dfcd1154cd09cd3dba95ca9509d72dbbd177805a30121da8b4d85d65469bd8f36089417195206c7694f3150ba7d7166faf39

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmpE27B.tmp.bat
                                                                                                                                                                              Filesize

                                                                                                                                                                              154B

                                                                                                                                                                              MD5

                                                                                                                                                                              36860b0139a33cd026a814cbdb0e42be

                                                                                                                                                                              SHA1

                                                                                                                                                                              a1a031edf446d85ef85c45ce9a9eb56a5b58cfbb

                                                                                                                                                                              SHA256

                                                                                                                                                                              21e5ec216c81100036b6fe673770f4939ff11c54492307b24e679a8bfb59bc61

                                                                                                                                                                              SHA512

                                                                                                                                                                              73098fb53f3a4dc46308bc98b541ccc4df4d8ef3a1f545b3a3015bcccbd57e25a65cbab4290dfcc84f6938dc1c55010d8dd2a34b0cbad8b30e943fc8ddc21842

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\vbc2176616E33674006A58C433F493EE497.TMP
                                                                                                                                                                              Filesize

                                                                                                                                                                              1KB

                                                                                                                                                                              MD5

                                                                                                                                                                              2b4c98fe7d9882aa6893db3e704aa747

                                                                                                                                                                              SHA1

                                                                                                                                                                              ebef6a1795a63d7df2a22654bb84520237711f9f

                                                                                                                                                                              SHA256

                                                                                                                                                                              4bc8fc1616899f90f80934f06e72f610dbd4b41931c71ae83c9dd362ec138d63

                                                                                                                                                                              SHA512

                                                                                                                                                                              b21ad9c709f75c53ebc57ac92fa226f39bd1404de4cd0709676b22cc5169da49b8fae5246353c0fe37773098634623ebf9aaf5adc730c4521a0b36c6a0fec427

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                                                                              Filesize

                                                                                                                                                                              12KB

                                                                                                                                                                              MD5

                                                                                                                                                                              2376ea20bbbee2946d9fc52253e4ed29

                                                                                                                                                                              SHA1

                                                                                                                                                                              666b77293516b2c088eb675545a2da1d8f0dbdd3

                                                                                                                                                                              SHA256

                                                                                                                                                                              04ebae58138821cb35507cafe04ebbf88c2a83a901a6b9da618191491f6b15e9

                                                                                                                                                                              SHA512

                                                                                                                                                                              d9fe5c8879e0eaa9237d5d2d072b67923eba61c4197a1733b5e9bdd882f1f7737209993d0611051c7af7fad9c4c099ceaf716d4d40c6ce6586db25b34723dba1

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\Desktop\XWorm V5.6\Icons\b3ddoser.hta.exe
                                                                                                                                                                              Filesize

                                                                                                                                                                              58KB

                                                                                                                                                                              MD5

                                                                                                                                                                              fcd0bfcdcf8e8ded97021c3c5b09cbb9

                                                                                                                                                                              SHA1

                                                                                                                                                                              fd543dc586033bc9334abd974cda22dbcd2e3835

                                                                                                                                                                              SHA256

                                                                                                                                                                              0a7a39171b5459644f3ca375036a454895099b1b8312c538656e1eb86bc6bdf3

                                                                                                                                                                              SHA512

                                                                                                                                                                              2b391a108e51cd652be9aa216e207ab3b4afa05b180a2cf56e951539d11f3e5a4454768f8a7c5c0bfeb7e16f21a6bed6190c4cc3155800174f512c3fa7173557

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\Downloads\XWorm_V5.6.rar
                                                                                                                                                                              Filesize

                                                                                                                                                                              22.6MB

                                                                                                                                                                              MD5

                                                                                                                                                                              e0d97dcb2cfb54d66b1b5b929341359d

                                                                                                                                                                              SHA1

                                                                                                                                                                              2f847aa36437ebee7ba991ecb1eb3503bab379ca

                                                                                                                                                                              SHA256

                                                                                                                                                                              9d6a69ad30bb114735a2d6a8c93cf40e5fd697985524f8ecd1b676f585674345

                                                                                                                                                                              SHA512

                                                                                                                                                                              c47147a787c46fc2943edcd0047004ad3d697fde162f3849b3a8192569515c6f4b9f9c64d47aa16e324bd9cfdb5348f8c6832bca2237f0b4dc8dacfe933e9115

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\Downloads\XWorm_V5.6.rar:Zone.Identifier
                                                                                                                                                                              Filesize

                                                                                                                                                                              26B

                                                                                                                                                                              MD5

                                                                                                                                                                              fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                                                              SHA1

                                                                                                                                                                              d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                                                              SHA256

                                                                                                                                                                              eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                                                              SHA512

                                                                                                                                                                              aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\Downloads\winrar-x64-700.exe
                                                                                                                                                                              Filesize

                                                                                                                                                                              3.7MB

                                                                                                                                                                              MD5

                                                                                                                                                                              fc7776eec30751e169e1089bc2a4c478

                                                                                                                                                                              SHA1

                                                                                                                                                                              99cdb78719ca97c7351aa75f1566224396d9033b

                                                                                                                                                                              SHA256

                                                                                                                                                                              426b7b38ca6de20f1f6535d2fa63c16e11780c7cd5f2ebc66ff9a0022e246e83

                                                                                                                                                                              SHA512

                                                                                                                                                                              bc94f526d4dd751a44071dd6f540f2957d96f5c6500d7e5bb41ec6581bb0a584a6bb91fe13f7a1d9c7749c4601b1fe95f2a12a204b73bdc9a37c83cff7ac35c3

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Users\Admin\NTUSER.DAT{2fa72cf3-34ca-11ed-acae-cbf1edc82a99}.TMContainer00000000000000000001.regtrans-ms.ENC
                                                                                                                                                                              Filesize

                                                                                                                                                                              16B

                                                                                                                                                                              MD5

                                                                                                                                                                              9da2c7f97f49359d36c5fda24cc0baa4

                                                                                                                                                                              SHA1

                                                                                                                                                                              180027ebbb1bd3dbac8e11898d372b869f13fdb5

                                                                                                                                                                              SHA256

                                                                                                                                                                              c194bcb2bab39bea343ab04d42f063c44aa62afddad5d88ccc238f9801396919

                                                                                                                                                                              SHA512

                                                                                                                                                                              64e69770bf24def592304b006417feb9e41ade3770dec215346d777b48ade1af73ea723775e4de4cdbbee248ea95e2094c093f415a5aef5daeac69d904a5421d

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Windows\System32\perfc009.dat
                                                                                                                                                                              Filesize

                                                                                                                                                                              35KB

                                                                                                                                                                              MD5

                                                                                                                                                                              7f41bddfccdfe4a298b0bfcf14a20836

                                                                                                                                                                              SHA1

                                                                                                                                                                              8acacdd3503c65fb2ddc4fbb9f41811ae8550276

                                                                                                                                                                              SHA256

                                                                                                                                                                              446d064235ee69494d5797e01e4039eca0a026c9b801cacf0670334104eedbbb

                                                                                                                                                                              SHA512

                                                                                                                                                                              bb984e7660899c293eb3e8c14156cee5237e0cd2b0ada7b03c850f027a08d728fe8774f7a377e911ed54bd788ac5c88fd6e24b41fda6d5020dc6fae0e4980c85

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Windows\System32\perfh009.dat
                                                                                                                                                                              Filesize

                                                                                                                                                                              297KB

                                                                                                                                                                              MD5

                                                                                                                                                                              50362589add3f92e63c918a06d664416

                                                                                                                                                                              SHA1

                                                                                                                                                                              e1f96e10fb0f9d3bec9ea89f07f97811ccc78182

                                                                                                                                                                              SHA256

                                                                                                                                                                              9a60acb9d0cb67b40154feb3ff45119f122301ee059798c87a02cc0c23e2ffce

                                                                                                                                                                              SHA512

                                                                                                                                                                              e21404bc7a5708ab1f4bd1df5baff4302bc31ac894d0940a38b8967b40aac46c2b3e51566d6410e66c4e867e1d8a88489adccf8bdcaec682e9ddabc0dac64468

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • C:\Windows\svchost.exe
                                                                                                                                                                              Filesize

                                                                                                                                                                              389KB

                                                                                                                                                                              MD5

                                                                                                                                                                              064c7a241edfa0b1c72718edf5303a3c

                                                                                                                                                                              SHA1

                                                                                                                                                                              f95f85d211f25ee9068c1330de2f65c7b35b8b86

                                                                                                                                                                              SHA256

                                                                                                                                                                              d803f89ad1d23a5a569c85feed5974918ab7152dd2ba482401f0412c6cae8c78

                                                                                                                                                                              SHA512

                                                                                                                                                                              69d58707c0f589820b1c8f5cb641e296d33107012eb19e4afd44ba151f5a06c56ab07bcd9c561133e297219ba6c102c9c02140e9db55a04e2e1aaf41e76e28fb

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • \??\pipe\LOCAL\crashpad_2232_ERHPGMFEQEAISHTU
                                                                                                                                                                              MD5

                                                                                                                                                                              d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                              SHA1

                                                                                                                                                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                              SHA256

                                                                                                                                                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                              SHA512

                                                                                                                                                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                              Download Submit

                                                                                                                                                                            • memory/476-735-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/476-736-0x00000205358C0000-0x00000205358D0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/476-737-0x00000205358C0000-0x00000205358D0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/476-738-0x00000205358C0000-0x00000205358D0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/476-740-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/496-852-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/496-847-0x00000207D5ED0000-0x00000207D5EE0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/496-846-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1012-822-0x00007FFA93E00000-0x00007FFA947A1000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              9.6MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1012-804-0x00007FFA93E00000-0x00007FFA947A1000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              9.6MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1012-803-0x0000000002000000-0x0000000002010000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1012-802-0x00007FFA93E00000-0x00007FFA947A1000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              9.6MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1336-780-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1336-777-0x0000027BB68E0000-0x0000027BB68F0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1336-773-0x0000027BB68E0000-0x0000027BB68F0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1336-766-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1528-842-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1528-838-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/1528-840-0x000001F163010000-0x000001F163020000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/2300-869-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/2300-859-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/2448-824-0x000001F9BF590000-0x000001F9BF5A0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/2448-827-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/2448-823-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2547-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2543-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2575-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2573-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2571-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2569-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2567-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2565-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2563-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2561-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2579-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2559-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2557-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2553-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2551-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2549-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2581-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2545-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2583-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2577-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2541-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2539-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2537-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2535-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2533-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2531-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2585-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2587-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2555-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2529-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2527-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3000-2522-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              272KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3240-669-0x00000000003C0000-0x00000000003EA000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              168KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3240-670-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3240-751-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3968-841-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3968-839-0x0000027A81AB0000-0x0000027A81AC0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/3968-836-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4128-826-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4128-808-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4300-853-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4300-851-0x000001CB7E7E0000-0x000001CB7E7F0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4300-850-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4532-756-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4532-750-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4532-753-0x00000208D0410000-0x00000208D0420000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4532-752-0x00000208D0410000-0x00000208D0420000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4656-998-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4656-999-0x000001CD1BEA0000-0x000001CD1BEB0000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4704-703-0x0000025934440000-0x0000025934450000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4704-724-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4704-702-0x0000025934440000-0x0000025934450000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4704-701-0x0000025934440000-0x0000025934450000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4704-697-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4704-696-0x000002591BE60000-0x000002591BE82000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              136KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4760-682-0x000000001D3D0000-0x000000001D89E000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              4.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4760-656-0x000000001C180000-0x000000001C226000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              664KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4760-655-0x00007FFA949C0000-0x00007FFA95361000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              9.6MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4760-654-0x00000000019F0000-0x0000000001A00000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4760-653-0x00007FFA949C0000-0x00007FFA95361000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              9.6MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4760-688-0x00007FFA949C0000-0x00007FFA95361000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              9.6MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4796-767-0x00000232A4070000-0x00000232A4080000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4796-686-0x00000232A1550000-0x00000232A2438000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              14.9MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4796-687-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4796-689-0x00000232A4070000-0x00000232A4080000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4796-754-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4796-782-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4880-796-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4880-798-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4960-830-0x00000188ACA50000-0x00000188ACA60000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              64KB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4960-831-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download

                                                                                                                                                                            • memory/4960-829-0x00007FFA92430000-0x00007FFA92EF2000-memory.dmp

                                                                                                                                                                              Filesize

                                                                                                                                                                              10.8MB

                                                                                                                                                                              Download