Resubmissions

10-07-2024 16:39

240710-t51v9sybkn 10

Analysis

  • max time kernel
    401s
  • max time network
    383s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-07-2024 16:39

General

  • Target

    XWorm V5.2 .rar

  • Size

    30.3MB

  • MD5

    68b6d1867b72e17f1d23acd2a4832ee8

  • SHA1

    e94284ac4809d37ffd4257a9ac70d552825670ba

  • SHA256

    e4b004dd8c3648aee2d1efe073cdf5a79c89fffab06395e9c6b57fde30fcf024

  • SHA512

    3de63c69a17b2ee498eca01b08478b0744930302674a9c6c1490737ab7870bfa35583a26ad3a54d82bf980ac25150c6cf91706d5ee70fbf2a16b27bdd1435851

  • SSDEEP

    786432:hy+VwnbHHdXmR6ZMZ7EU1oFuuTCq6v7AU:bVmnUIM+WheQD

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

  • AgentTesla payload 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 15 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 56 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 .rar"
    1⤵
    • Modifies registry class
    PID:2980
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2 .rar"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3440
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1040
    • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe
      "C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:484
    • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe
      "C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:1192
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1856
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7ec9cc40,0x7ffd7ec9cc4c,0x7ffd7ec9cc58
        2⤵
          PID:2200
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1868 /prefetch:2
          2⤵
            PID:2128
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2140 /prefetch:3
            2⤵
              PID:4696
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2240 /prefetch:8
              2⤵
                PID:860
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3116 /prefetch:1
                2⤵
                  PID:1336
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3176 /prefetch:1
                  2⤵
                    PID:4004
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4320 /prefetch:1
                    2⤵
                      PID:3484
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4612 /prefetch:8
                      2⤵
                        PID:940
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4920 /prefetch:8
                        2⤵
                          PID:480
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4584,i,2022266254670193062,9678358884663642917,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4604 /prefetch:8
                          2⤵
                          • Drops file in System32 directory
                          • Suspicious behavior: EnumeratesProcesses
                          PID:484
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                        1⤵
                          PID:1896
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:2876
                          • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe
                            "C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe"
                            1⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Enumerates system info in registry
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: GetForegroundWindowSpam
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            PID:4144
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
                              2⤵
                              • Enumerates system info in registry
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:424
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffd765b3cb8,0x7ffd765b3cc8,0x7ffd765b3cd8
                                3⤵
                                  PID:3840
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2072 /prefetch:2
                                  3⤵
                                    PID:780
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3960
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
                                    3⤵
                                      PID:1748
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
                                      3⤵
                                        PID:3360
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
                                        3⤵
                                          PID:1972
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
                                          3⤵
                                            PID:4528
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8
                                            3⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:1928
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                                            3⤵
                                              PID:2056
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
                                              3⤵
                                                PID:5152
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
                                                3⤵
                                                  PID:5304
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                                                  3⤵
                                                    PID:5312
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
                                                    3⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:5456
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                                                    3⤵
                                                      PID:5540
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                                                      3⤵
                                                        PID:5548
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
                                                        3⤵
                                                          PID:2056
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
                                                          3⤵
                                                            PID:5208
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16001857206899206512,7199232049535301970,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6120 /prefetch:2
                                                            3⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:4432
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
                                                          2⤵
                                                            PID:1544
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd765b3cb8,0x7ffd765b3cc8,0x7ffd765b3cd8
                                                              3⤵
                                                                PID:4344
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
                                                              2⤵
                                                                PID:6116
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7ffd765b3cb8,0x7ffd765b3cc8,0x7ffd765b3cd8
                                                                  3⤵
                                                                    PID:6132
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:1480
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:2860
                                                                  • C:\Windows\system32\wbem\WmiApSrv.exe
                                                                    C:\Windows\system32\wbem\WmiApSrv.exe
                                                                    1⤵
                                                                      PID:5456
                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                      C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004F0
                                                                      1⤵
                                                                        PID:5404

                                                                      Network

                                                                      MITRE ATT&CK Matrix ATT&CK v13

                                                                      Discovery

                                                                      System Information Discovery

                                                                      2
                                                                      T1082

                                                                      Query Registry

                                                                      1
                                                                      T1012

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                        Filesize

                                                                        64KB

                                                                        MD5

                                                                        b5ad5caaaee00cb8cf445427975ae66c

                                                                        SHA1

                                                                        dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                                        SHA256

                                                                        b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                                        SHA512

                                                                        92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                                      • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                        Filesize

                                                                        4B

                                                                        MD5

                                                                        f49655f856acb8884cc0ace29216f511

                                                                        SHA1

                                                                        cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                        SHA256

                                                                        7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                        SHA512

                                                                        599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                      • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                        Filesize

                                                                        1008B

                                                                        MD5

                                                                        d222b77a61527f2c177b0869e7babc24

                                                                        SHA1

                                                                        3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                                        SHA256

                                                                        80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                                        SHA512

                                                                        d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        fa636a2c187ef7ed4aeebec99524c787

                                                                        SHA1

                                                                        69121b15bc5336b6872435fedd14c7d847284f24

                                                                        SHA256

                                                                        174135973148a092fe79362b22f66d60de72e6f489c5ab3e51d91668f782d932

                                                                        SHA512

                                                                        6fab7f5a5f7677e640ef3cfdf75caf00436012da9f89b4f35188eef3a4131689617d2d031311561dda652793f4a3779236c27a9eb1c4e25d1cc92e4693971b79

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                        Filesize

                                                                        2B

                                                                        MD5

                                                                        d751713988987e9331980363e24189ce

                                                                        SHA1

                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                        SHA256

                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                        SHA512

                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                        Filesize

                                                                        356B

                                                                        MD5

                                                                        33aef139859eb48c5b99fdc20624dbfd

                                                                        SHA1

                                                                        d24827364525c7073abfc14a068e90b824645476

                                                                        SHA256

                                                                        87ef3e1c87f2446ef6f3617340fd2c71e84680895e835a66d576eb5929dd7365

                                                                        SHA512

                                                                        a791fa1cfcefe98472a32846568a95ccf6fe1676b6740c75db860955e5f5815e73131c69ed6eb10dc55f34cee405d186b274f5e6bb6d1612754d8269674862c9

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        069d3831161a35c9aafdfe1a9ca21bd5

                                                                        SHA1

                                                                        dcdf372b73b3bfb5a34801c64730b9ddc028d814

                                                                        SHA256

                                                                        0207877db5bace99d94f90def2ff932967c167c3baef7519bdafb96723e17d57

                                                                        SHA512

                                                                        ad2fff16b3ed833ef61e89675543d73c698b342206f61653439d1b95cfd4b87eccf99244510994286884f6b9e551ff5ae7cf40e379da4f5a1a97ca8e63f73fbc

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        2aaa423d373d3b248766d0e1962f20dc

                                                                        SHA1

                                                                        f7f1e0cff7b3710201ddd1040c84b3071d6c190a

                                                                        SHA256

                                                                        4d32c13f8554f8f78a7d99a14ebe1a7fcb58be11ab1b808227d4cd79819617e9

                                                                        SHA512

                                                                        8d5454e2adde844abc72aacd3d6edee8fa2802c40d0f08bfe116ce3b04857997a0e0489b578c400ed02db0c76c02a7bc853e9f350e57fdfcb0c7a5f2a2d9f8ed

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        ea57d030854fb8e8c4a0f7b2106a68d9

                                                                        SHA1

                                                                        b1e871f2d41be07aeb0d14a3451e5cf4a3c22df7

                                                                        SHA256

                                                                        555d6635ce7d5b8ceda26e81181f9c81aa73db05c2cafa08908cf59289885d24

                                                                        SHA512

                                                                        2568f02b577c8541b396222a933600954a203167528a9c4363c17d00b30502275394c3ae942135aa66e40f7993af75a0ba05c92a6f399f2f2309f0ae65a3400b

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        bd8ce5c385b7d08f84d147d29bc0c106

                                                                        SHA1

                                                                        046ac8c216c1a6e167bdf5e65ebf1a9ab815dc28

                                                                        SHA256

                                                                        03edad643992213f1d7b161a7d8277e2e03ac4a0e4c5c99f6f69b780006c37b4

                                                                        SHA512

                                                                        10013cbe67952edf4c9ab448356927e5abe3620d4ecc06aa237917b99720ead9bad0ea962c4b3244a54dbfd4a38f654dc53c7c731d1977b063b608cfa923cb32

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        0fa5e1c0fcef6e8250cd7cc4557a4e53

                                                                        SHA1

                                                                        38fdee503dc9498e4bdd877b2a86678a937cb2ac

                                                                        SHA256

                                                                        0a03f6e3efdb0414e47eb4639e1cfd60f7523691e562d23a5c0ad239993f3182

                                                                        SHA512

                                                                        1916a0d057743f16a0be2fa391bd5c222d25c694271a1aaf71883327cc37e0e6b7cf400e83361c1c7e52fbe511ffac5c6fcbc115941209d367e893d254c03090

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        7KB

                                                                        MD5

                                                                        e689ce60514ab8e71bb4c554ecc03317

                                                                        SHA1

                                                                        3f31d86aa5fe6a4fa939bf6d5ca625d3d5eaf43b

                                                                        SHA256

                                                                        a5454f65b8f330300e9aef76fb27577bf39b5150a390a0e999855d35b0666abd

                                                                        SHA512

                                                                        9df11ddcdf5db91c3d7786e216175e768f3e5b9ace85b583dcf3e96f3aba6a724dd5afa69c693dee8354ac3d9055fe17f20690bc8449f1c48bb3197e75b95889

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        0e1ea6a0c2229016e39a0b29718b8381

                                                                        SHA1

                                                                        78e3d99fb305ef376df7d96b1f52ec3fc01e4225

                                                                        SHA256

                                                                        af335640e8ac85348861e32b7783358031fba0c568479c65fa1e0213a396d3b1

                                                                        SHA512

                                                                        7b6c1428ef882543b31eafa6bbb9bdbea11fbfd7f4ef2eb1fb3683fa227ceec8ef5e433f7c2f460457dd45238b3aaa2fe16c797034fcf5fbd02fe671c96cac02

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        5d71e17885098ebecda93ff318c19f3d

                                                                        SHA1

                                                                        09162d39b1648283d5dd57b155406f767021b723

                                                                        SHA256

                                                                        126f9bc2b14e3a64ec384582c3cc867bef4e8247c24d203bc7492d1280a36049

                                                                        SHA512

                                                                        ee554069b0182c222a92a8113fb85570c40e9f01bbaa7812f1e9c7343fc4be008eeba357746a50530f8639a32df5044fa001a1786e1fca4a81835fd1aae3c054

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        eac4bd1e359d729495f2421fa26d3db7

                                                                        SHA1

                                                                        dd2411badf3310095fd8f6531eef710ac8d87241

                                                                        SHA256

                                                                        baa8dd3d2f2277d6f5720602ec7b99f972291b06583d0a5648126df416058ff6

                                                                        SHA512

                                                                        489e4248a35af55e0ce091d803d88dd8da8579078eb80082b555eaeea20a4cb229b5fdfb794a83bb9057f7245e842d46ab4ae31310b776627193459d4155a469

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        46fcea581b8ea029f51bed73d97d615a

                                                                        SHA1

                                                                        13ae18863a7d1592bf4670d0c833fde302c1f34e

                                                                        SHA256

                                                                        f0196c7c43b851e6ad3cf15c9dd6976cbbc44c998813eb2433e6463c5a46a280

                                                                        SHA512

                                                                        1a1c9946cc65bde1a1f66b9e5c264fdafa26676e0b6d63723a63d2e45dc42a107d7ed76f5378d7efa1102780a9352134016cc2d406b890fa03371ae8fa7d3101

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        de46495338c6724df678ffb7c9767d54

                                                                        SHA1

                                                                        04c62cac41f0d39f37b8035bb7c82f5f87939a98

                                                                        SHA256

                                                                        8c5d9c347d6df39ab38b0d364a259d71532babc5fd81b33bbce0d3444850a55f

                                                                        SHA512

                                                                        2dd1e19b470c78eecaebb9012213537df047f5e5a411c9bbfe5869a5180531e7e9303166ecd64781535dc43d2693c85bad6e42f681b5e90861a65b1de58e6a59

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        107d83567a98d4b0a07fae7d7a2591b0

                                                                        SHA1

                                                                        138f1b90e50b5671493b6965ef3c625ab53f4de9

                                                                        SHA256

                                                                        d5ea6c4a903f8015f54eb63c8e615048a47988e026299e1cd355e8cb8284c7a9

                                                                        SHA512

                                                                        5171ef92dbf90b8c977e4e8b916a57037e90c920fee417ef2b50e79a361915862698895516a2008846dc2e743c7e56c87245147b7e47e40c06d78c04fa1a167f

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        e91924a9c50fbee3410aab60ab362829

                                                                        SHA1

                                                                        bd622cdd8bae3e5c5a8b4a163e50feee7d72c581

                                                                        SHA256

                                                                        500bc696a11075cfcbf1958b72732e7a0c23931ab6526c0e29624cffe20a7b02

                                                                        SHA512

                                                                        7c26c14f198609a0f165a6fc71d6f3d92e013547e81db389fe10be054779c74a057c17adf0463284cbad446c8fde9779079ebd40d5d0574ec196f9283184e260

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        79fb7c3d5a4773811fe678007d96c8fe

                                                                        SHA1

                                                                        8c33a19c3a9b1a6458ad4e19f638a4e107efd385

                                                                        SHA256

                                                                        6bc167b8fdb2c2902358f88a1b5d5dbaf25b034763cf39993e419f0501a8724c

                                                                        SHA512

                                                                        73165f4f6427c18eabacfa85329cd596d8ce5a1bbd8276396727d0a28ad86eeec71a91f6a82e46d72d4acc718609d348b0a0fb2df42606c221f59934e315da3a

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\edad7aa5-7b3e-4408-ba0f-18cb6600a761.tmp
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        09d4f51378c90ff6404acd154eb242c8

                                                                        SHA1

                                                                        5bfbd1853c06d3dbfccb4c5a5e18dff1ede76784

                                                                        SHA256

                                                                        e46f66de298433e250a3daaf96823a14d2da9e225419d253d8b8e40ce6349dff

                                                                        SHA512

                                                                        1d437ccf14e71ba09bd3f9275134f6d7348541cfb547235cee3cdc997275723c17976d27ed5deba8eadbc2118026c992add883c9e6add497d2ff7419cdb31603

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                        Filesize

                                                                        92KB

                                                                        MD5

                                                                        034f007151d90944e1f54913f3f7465c

                                                                        SHA1

                                                                        103dbd5e0fe695f3a20910b71a8a9b420b938f3d

                                                                        SHA256

                                                                        3eaf4884e63aa6be42e7e40eefe31a0a99d5b8b0738c28d686a59de3d3164aa2

                                                                        SHA512

                                                                        2b57ca3cf88ac2a7b1c206b195af87f989b42d3dfd7240b94630d02979d09c8388f5cb6d72d0a2fbae2425e329df8940b094a480a2692c41aae27ffa26c79395

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                        Filesize

                                                                        92KB

                                                                        MD5

                                                                        e1e1057ebd0ad6b04f453dfe96acd517

                                                                        SHA1

                                                                        061976489684e6957f322e56eb8e97e2197f3668

                                                                        SHA256

                                                                        9f8cc5eb9ed2576ff7019c5e21d455c4b2a50fcafa509412264a5ce0c71b123a

                                                                        SHA512

                                                                        d61a67697d0af5761edfbe41476f79e965caf5c5ce2479a88b277e7d18243501b3ab65cd2ea9c61468344aa67a252a8db1ca1bfd3d0fa155c91fdfdf426c4ed1

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWormLoader 5.2 x64.exe.log
                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        33bb549a6f0e5d5b27d2af0a0894a55d

                                                                        SHA1

                                                                        c6b7b943d8a8d50da22c40d2f80960af63b18ec2

                                                                        SHA256

                                                                        f7d6ec766167a17fce46669ca54b383d4468a21faf2eaa5eb02aa1a3b1a2af08

                                                                        SHA512

                                                                        2e57b52b60bbd44f07c81f605118922650a6da1a4cd85ecfab4f954f476a7a851e1a71ae7e74a57153dabf7ea49bb6a50ca2c73c384871d5f68f05db6e37ced8

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        21cf39beee4d807318a05a10dc3f1bf3

                                                                        SHA1

                                                                        01ef7fc09919eb33292a76934d3f2b5ba248f79c

                                                                        SHA256

                                                                        b766823dabbf6f78e2ee7c36d231d6708800126dc347ce3e83f4bf27bc6e2939

                                                                        SHA512

                                                                        0baf8b0964d390b9eb7fafd217037709ac4ab31abcdf63598244026c31284cd838f12d628dcffe35d5661ba15a5e4f3b82c7c2d9226ac88856a07b5b7b415291

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        f1998107017edc46fed4599ad24cfe53

                                                                        SHA1

                                                                        47e92f0646f0de9241c59f88e0c10561a2236b5e

                                                                        SHA256

                                                                        cc6838475e4b8d425548ceb54a16d41fb91d528273396a8f0b216889d79e0caa

                                                                        SHA512

                                                                        ef7228c3da52bf2a88332b9d902832ed18176dfff7c295abfbaab4e82399dc21600b125c8dad615eb1580fab2f4192251a7f7c557842c9cac0209033a3113816

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                                                        Filesize

                                                                        28KB

                                                                        MD5

                                                                        f4017127d1ec466e5eaa9381fb542920

                                                                        SHA1

                                                                        431fec3f952f5e45c4ff64a992f7a5d91be34460

                                                                        SHA256

                                                                        21befff8e26723141b552ff1ab105e9a50d448527155100052d087377f22adbd

                                                                        SHA512

                                                                        a04a4c40f6fd422ae1cc3f63ef51c221cd5c08cd52352ccb4683abdf3a5e7654d028d227c7fa3736c3baac4d73377743a0fa03e63a5487d6ed8e64e44cde8c01

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                                        Filesize

                                                                        80KB

                                                                        MD5

                                                                        14e39be019da848a73da7658165674cb

                                                                        SHA1

                                                                        e016473c4189a8cc3dbff754a48b3e42d68af25a

                                                                        SHA256

                                                                        39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd

                                                                        SHA512

                                                                        828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                        Filesize

                                                                        72B

                                                                        MD5

                                                                        2ececf143d25455539008d6e6491130a

                                                                        SHA1

                                                                        c2da644a19a6061501b040fda175eee3d6920db5

                                                                        SHA256

                                                                        a0cceae9f571a34a3f940f546bb3eed0efd528534c4c0d5169432704323c522f

                                                                        SHA512

                                                                        64a6a1f05ad793bcfd345d563514af16ccdfd9d396f93eb2c2984601ba8846eaf97b00d37bcc6db1ffa9e444178599e52afb67e12f94822caeda18da8f1330d0

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                        Filesize

                                                                        442B

                                                                        MD5

                                                                        284915a4caf84b9f2f8c03db1ec687da

                                                                        SHA1

                                                                        673d2d4f7596e6c770441eeab7aecafa2cdf45b1

                                                                        SHA256

                                                                        8eb8a33aafe824df9726ec755d07d950821767232e227199c61c32bf308e9937

                                                                        SHA512

                                                                        128ba49129858f67a2dd7faf41e6607df0227dfa2c124ea699eb837841fcc2b16ca5a4ebfd3cda7e165049c2bbda7eb7a8f1d6a8ab310ecf75354728daa023c8

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        51588b2275d2a4d9748f196d2c18c386

                                                                        SHA1

                                                                        36801ba853fb7f8182769e03de14afb5ee4ea920

                                                                        SHA256

                                                                        d14f466e7979d19d1973a801fbf48167c41ca4dd6f3d17ac92876054bbdb9560

                                                                        SHA512

                                                                        189794640607554e1be8112e6a8697ff83241b17bd748c15043f250f5094bcbc85c5fb0dd4e2dbdb38b241cf5ca83e516a5c23b36b85bffe1d40fbaaaf72dbfe

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        cb8314ed4d18d8f3ebab459d24c74cee

                                                                        SHA1

                                                                        ba03f1b8ca20638d5a98292177a11bf954684f97

                                                                        SHA256

                                                                        38b71d8cebbfa61795fb026428157d11a7b5b172ed718d0bd5ce14fae0566d76

                                                                        SHA512

                                                                        e40ce67a53f2a5b9b7d17bb633fb912d45e6124925307251e46f0973f044b38ab9daa5338f493ba83b002b1684dff703066f67b0991c0d4f0a768f92cce3809a

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        c45e7a176454c3d6b7756be4fc3c7f7b

                                                                        SHA1

                                                                        d9a3ff4be70c74147d71a4785439055f61a1a6de

                                                                        SHA256

                                                                        c7114e23b4369cba250f6b1426a918d4557345463175230e9547166decfe0e25

                                                                        SHA512

                                                                        24f7e0aba7e353bdbc569ba7abfccbb8f24208cdcb5bd348e053baddc9735105bf17b15aa11677f471ac13b1c1678b9b4b1ef8af7e7545d6e0b72622cac04152

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        538B

                                                                        MD5

                                                                        9d1fb222d5761441039d6e2f434678d2

                                                                        SHA1

                                                                        324d9c6fd80d84ff884686740d07826a8944ccb8

                                                                        SHA256

                                                                        49dbf7d494845429624adac1c3da3399154f73094fd0d01a16cb88d33517ad7e

                                                                        SHA512

                                                                        fcad3dadfcb3a1f991c10651d9757f970b1f90029969216626c715c137c4201434e5e602074bd73a11907b658111bf06d50f1d2ce090148c10642359b93c2334

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c6b06.TMP
                                                                        Filesize

                                                                        538B

                                                                        MD5

                                                                        4a24b2fabece2b77de06bae58fcfd060

                                                                        SHA1

                                                                        f0a02dbc35cb578408bc2b4d2559450d663bd5c7

                                                                        SHA256

                                                                        718d8ef91414e1555dc2420074badc353f798fea264cfef43178be8a6e6785ae

                                                                        SHA512

                                                                        437a1bff7a6882fc08b0904392abef44e1261151a46745c9c6fa97de2f86e3aa7fb7c8396403478d16c7146f0e815f184b98f1c2bd5008e185769d51df19aa7b

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                        Filesize

                                                                        16B

                                                                        MD5

                                                                        46295cac801e5d4857d09837238a6394

                                                                        SHA1

                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                        SHA256

                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                        SHA512

                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                        Filesize

                                                                        16B

                                                                        MD5

                                                                        206702161f94c5cd39fadd03f4014d98

                                                                        SHA1

                                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                        SHA256

                                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                        SHA512

                                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        b93211443d6292c6b5a10821dd7fadc5

                                                                        SHA1

                                                                        26e47e0b79b359e425d70a64443454e29a63064e

                                                                        SHA256

                                                                        bf9fd7a96425f94f9da89cc12ba9b6995484af9784c76f1abe848b8c267d151f

                                                                        SHA512

                                                                        ab87958c408ecbd5c9eb65eeabcc6cf09b5f4e7d0fb300908119d0fee668daa4732c71245f5601b9e945af1dc564418bc9af5af685edc4d9470b786cbc31e42a

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        ef4836393e9982c8cbcad5e4fd0a1320

                                                                        SHA1

                                                                        efb91e078ba3b0a6a342457557bbe1217113ca8f

                                                                        SHA256

                                                                        fe767cdf437463020a9f7deaac6dc07f59798623fb8960751a94c82b7891aed2

                                                                        SHA512

                                                                        931d20df1ad5eede1278030e0df391e661dbd9f7648c8ebac9c9d6f3b18836110382ed56bf8dc9f966936a555d5bbdc89d7716e99b3e2597fe09cff79d063a7c

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        12KB

                                                                        MD5

                                                                        a7d1e439ad0ff9217bc2de85ff3a32c4

                                                                        SHA1

                                                                        a31926de775330752b17adfcaf1b23b225c143df

                                                                        SHA256

                                                                        6e0a27e775f4ce15a40550d5ea27501063080618c5644fd91996c89796bd9586

                                                                        SHA512

                                                                        27d4eb3662cdb8af0420341c3f3bf2f2dfe7613d271b40376e0874d6d9d08cad540e943450fce2807a3785769303e866f26723ebb02d156a7194fd346396cc72

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        12KB

                                                                        MD5

                                                                        aa2a6d7236103404046a757e6b50a617

                                                                        SHA1

                                                                        a56b318870ef5dc7fce26d80c215a3f29987c7ba

                                                                        SHA256

                                                                        166f2db40f9ca140cecc6d7ada695dfc7b3ce2f2420481080512198072d4ffd5

                                                                        SHA512

                                                                        d0db3cc153d7a9bec5ea98901b03457b627a0228a63eab1e8eb78e3b42a3ea84488d44f488784c017eeb788fea60b79b1f2da1dd814e6347ef9515109d711732

                                                                      • C:\Users\Admin\AppData\Local\Temp\7zE07D10A58\XWorm V5.2 password 1234\XWorm V5.2\Icons\icon (15).ico
                                                                        Filesize

                                                                        361KB

                                                                        MD5

                                                                        e3143e8c70427a56dac73a808cba0c79

                                                                        SHA1

                                                                        63556c7ad9e778d5bd9092f834b5cc751e419d16

                                                                        SHA256

                                                                        b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

                                                                        SHA512

                                                                        74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

                                                                      • C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
                                                                        Filesize

                                                                        112KB

                                                                        MD5

                                                                        2f1a50031dcf5c87d92e8b2491fdcea6

                                                                        SHA1

                                                                        71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

                                                                        SHA256

                                                                        47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

                                                                        SHA512

                                                                        1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\GeoIP.dat
                                                                        Filesize

                                                                        1.2MB

                                                                        MD5

                                                                        8ef41798df108ce9bd41382c9721b1c9

                                                                        SHA1

                                                                        1e6227635a12039f4d380531b032bf773f0e6de0

                                                                        SHA256

                                                                        bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

                                                                        SHA512

                                                                        4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\Guna.UI2.dll
                                                                        Filesize

                                                                        1.9MB

                                                                        MD5

                                                                        bcc0fe2b28edd2da651388f84599059b

                                                                        SHA1

                                                                        44d7756708aafa08730ca9dbdc01091790940a4f

                                                                        SHA256

                                                                        c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

                                                                        SHA512

                                                                        3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\Mono.Cecil.dll
                                                                        Filesize

                                                                        350KB

                                                                        MD5

                                                                        de69bb29d6a9dfb615a90df3580d63b1

                                                                        SHA1

                                                                        74446b4dcc146ce61e5216bf7efac186adf7849b

                                                                        SHA256

                                                                        f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

                                                                        SHA512

                                                                        6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Backports.dll
                                                                        Filesize

                                                                        138KB

                                                                        MD5

                                                                        dd43356f07fc0ce082db4e2f102747a2

                                                                        SHA1

                                                                        aa0782732e2d60fa668b0aadbf3447ef70b6a619

                                                                        SHA256

                                                                        e375b83a3e242212a2ed9478e1f0b8383c1bf1fdfab5a1cf766df740b631afd6

                                                                        SHA512

                                                                        284d64b99931ed1f2e839a7b19ee8389eefaf6c72bac556468a01f3eb17000252613c01dbae88923e9a02f3c84bcab02296659648fad727123f63d0ac38d258e

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Core.dll
                                                                        Filesize

                                                                        216KB

                                                                        MD5

                                                                        b808181453b17f3fc1ab153bf11be197

                                                                        SHA1

                                                                        bce86080b7eb76783940d1ff277e2b46f231efe9

                                                                        SHA256

                                                                        da00cdfab411f8f535f17258981ec51d1af9b0bfcee3a360cbd0cb6f692dbcdd

                                                                        SHA512

                                                                        a2d941c6e69972f99707ade5c5325eb50b0ec4c5abf6a189eb11a46606fed8076be44c839d83cf310b67e66471e0ea3f6597857a8e2c7e2a7ad6de60c314f7d3

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.ILHelpers.dll
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        6512e89e0cb92514ef24be43f0bf4500

                                                                        SHA1

                                                                        a039c51f89656d9d5c584f063b2b675a9ff44b8e

                                                                        SHA256

                                                                        1411e4858412ded195f0e65544a4ec8e8249118b76375050a35c076940826cd0

                                                                        SHA512

                                                                        9ffb2ff050cce82dbfbbb0e85ab5f976fcd81086b3d8695502c5221c23d14080f0e494a33e0092b4feb2eda12e2130a2f02df3125733c2f5ec31356e92dea00b

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\MonoMod.Utils.dll
                                                                        Filesize

                                                                        319KB

                                                                        MD5

                                                                        79f1c4c312fdbb9258c2cdde3772271f

                                                                        SHA1

                                                                        a143434883e4ef2c0190407602b030f5c4fdf96f

                                                                        SHA256

                                                                        f22a4fa1e8b1b70286ecf07effb15d2184454fa88325ce4c0f31ffadb4bef50a

                                                                        SHA512

                                                                        b28ed3c063ae3a15cd52e625a860bbb65f6cd38ccad458657a163cd927c74ebf498fb12f1e578e869bcea00c6cd3f47ede10866e34a48c133c5ac26b902ae5d9

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\RVGLib.dll
                                                                        Filesize

                                                                        241KB

                                                                        MD5

                                                                        d34c13128c6c7c93af2000a45196df81

                                                                        SHA1

                                                                        664c821c9d2ed234aea31d8b4f17d987e4b386f1

                                                                        SHA256

                                                                        aaf9fb0158bd40ab562a4212c2a795cb40ef6864042dc12f3a2415f2446ba1c7

                                                                        SHA512

                                                                        91f4e0e795f359b03595b01cbf29188a2a0b52ab9d64eadd8fb8b3508e417b8c7a70be439940975bf5bdf26493ea161aa45025beb83bc95076ed269e82d39689

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\Sounds\Intro.wav
                                                                        Filesize

                                                                        238KB

                                                                        MD5

                                                                        ad3b4fae17bcabc254df49f5e76b87a6

                                                                        SHA1

                                                                        1683ff029eebaffdc7a4827827da7bb361c8747e

                                                                        SHA256

                                                                        e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

                                                                        SHA512

                                                                        3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWorm V5.2.exe
                                                                        Filesize

                                                                        12.2MB

                                                                        MD5

                                                                        8b7b015c1ea809f5c6ade7269bdc5610

                                                                        SHA1

                                                                        c67d5d83ca18731d17f79529cfdb3d3dcad36b96

                                                                        SHA256

                                                                        7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e

                                                                        SHA512

                                                                        e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe
                                                                        Filesize

                                                                        109KB

                                                                        MD5

                                                                        e6a20535b636d6402164a8e2d871ef6d

                                                                        SHA1

                                                                        981cb1fd9361ca58f8985104e00132d1836a8736

                                                                        SHA256

                                                                        b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2

                                                                        SHA512

                                                                        35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

                                                                      • C:\Users\Admin\Desktop\XWorm V5.2 password 1234\XWorm V5.2\XWormLoader 5.2 x64.exe.config
                                                                        Filesize

                                                                        187B

                                                                        MD5

                                                                        15c8c4ba1aa574c0c00fd45bb9cce1ab

                                                                        SHA1

                                                                        0dad65a3d4e9080fa29c42aa485c6102d2fa8bc8

                                                                        SHA256

                                                                        f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15

                                                                        SHA512

                                                                        52baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4

                                                                      • \??\pipe\crashpad_2760_LOAINUGJXXAGJMHD
                                                                        MD5

                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                        SHA1

                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                        SHA256

                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                        SHA512

                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                      • memory/484-194-0x0000023D64590000-0x0000023D645AA000-memory.dmp
                                                                        Filesize

                                                                        104KB

                                                                      • memory/484-185-0x0000023D4A400000-0x0000023D4A406000-memory.dmp
                                                                        Filesize

                                                                        24KB

                                                                      • memory/484-214-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-212-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-211-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-210-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-189-0x0000023D646B0000-0x0000023D64706000-memory.dmp
                                                                        Filesize

                                                                        344KB

                                                                      • memory/484-209-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-208-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-183-0x0000023D645C0000-0x0000023D645E8000-memory.dmp
                                                                        Filesize

                                                                        160KB

                                                                      • memory/484-207-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-206-0x0000023D65110000-0x0000023D65304000-memory.dmp
                                                                        Filesize

                                                                        2.0MB

                                                                      • memory/484-179-0x0000000000CB0000-0x0000000000CD0000-memory.dmp
                                                                        Filesize

                                                                        128KB

                                                                      • memory/484-216-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-204-0x0000023D667D0000-0x0000023D673BC000-memory.dmp
                                                                        Filesize

                                                                        11.9MB

                                                                      • memory/484-187-0x0000023D64650000-0x0000023D646AE000-memory.dmp
                                                                        Filesize

                                                                        376KB

                                                                      • memory/484-196-0x0000023D65390000-0x0000023D65FC8000-memory.dmp
                                                                        Filesize

                                                                        12.2MB

                                                                      • memory/484-215-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-218-0x0000023D64F10000-0x0000023D650C3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/484-190-0x0000023D4A3C0000-0x0000023D4A3C6000-memory.dmp
                                                                        Filesize

                                                                        24KB

                                                                      • memory/484-181-0x0000023D4A450000-0x0000023D4A492000-memory.dmp
                                                                        Filesize

                                                                        264KB

                                                                      • memory/484-193-0x0000023D64710000-0x0000023D6474C000-memory.dmp
                                                                        Filesize

                                                                        240KB

                                                                      • memory/484-191-0x0000023D4A3D0000-0x0000023D4A3D6000-memory.dmp
                                                                        Filesize

                                                                        24KB

                                                                      • memory/1192-222-0x0000026C28DC0000-0x0000026C28DC6000-memory.dmp
                                                                        Filesize

                                                                        24KB

                                                                      • memory/1192-257-0x0000026C42120000-0x0000026C422D3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/1192-223-0x0000026C28DD0000-0x0000026C28DD6000-memory.dmp
                                                                        Filesize

                                                                        24KB

                                                                      • memory/1192-221-0x0000000000CB0000-0x0000000000CD0000-memory.dmp
                                                                        Filesize

                                                                        128KB

                                                                      • memory/1192-226-0x0000026C42120000-0x0000026C422D3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/1192-227-0x0000026C42120000-0x0000026C422D3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/1192-268-0x0000026C42120000-0x0000026C422D3000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-523-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-538-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-290-0x0000017D821B0000-0x0000017D821B6000-memory.dmp
                                                                        Filesize

                                                                        24KB

                                                                      • memory/4144-573-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-302-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-583-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-289-0x0000017D82190000-0x0000017D82196000-memory.dmp
                                                                        Filesize

                                                                        24KB

                                                                      • memory/4144-593-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-594-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-478-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-468-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-618-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-449-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-629-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-434-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-409-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-657-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-380-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB

                                                                      • memory/4144-667-0x0000017D9CC70000-0x0000017D9CE23000-memory.dmp
                                                                        Filesize

                                                                        1.7MB