Malware Analysis Report

2024-11-30 19:34

Sample ID 240919-1t158asfne
Target index (1).html
SHA256 212e835d3cad3cf703e4e015ce31f80a950fa4a4d650b8891e4c49076f50cf4a
Tags
xworm agilenet discovery evasion execution persistence privilege_escalation rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

212e835d3cad3cf703e4e015ce31f80a950fa4a4d650b8891e4c49076f50cf4a

Threat Level: Known bad

The file index (1).html was found to be: Known bad.

Malicious Activity Summary

xworm agilenet discovery evasion execution persistence privilege_escalation rat trojan

Contains code to disable Windows Defender

Detect Xworm Payload

Xworm

Command and Scripting Interpreter: PowerShell

Modifies Windows Firewall

Drops startup file

Executes dropped EXE

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Adds Run key to start application

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Scheduled Task/Job: Scheduled Task

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-19 21:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-19 21:57

Reported

2024-09-19 22:16

Platform

win10v2004-20240802-en

Max time kernel

1112s

Max time network

1123s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index (1).html

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\netsh.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System User.lnk C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System User.lnk C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System User = "C:\\Users\\Admin\\AppData\\Roaming\\System User" C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Browser Information Discovery

discovery

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\System32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\System32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\System32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\Xworm\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\Xworm\XWormLoader 5.2 x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\Xworm\XWormLoader 5.2 x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133712568763490660" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{1D8AC280-5614-4353-99F0-629D60A79A86} C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A
N/A N/A C:\Users\Admin\Desktop\Xworm\XWormLoader 5.2 x64.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3168 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3168 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index (1).html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa8ebfcc40,0x7ffa8ebfcc4c,0x7ffa8ebfcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 /prefetch:8

C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe

"C:\Users\Admin\Desktop\XWorm-5.6-main\Xworm V5.6.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4476,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4456 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x418 0x4a0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa8ebfcc40,0x7ffa8ebfcc4c,0x7ffa8ebfcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4884,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8

C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe

"C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9344942360155347788,12577069450991824638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5432 /prefetch:2

C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe

"C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Xworm\XWormLoader V5.2.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XWormLoader V5.2.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\System User'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System User'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "System User" /tr "C:\Users\Admin\AppData\Roaming\System User"

C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe

"C:\Users\Admin\Desktop\Xworm\XWorm V5.2.exe"

C:\Users\Admin\AppData\Roaming\System User

"C:\Users\Admin\AppData\Roaming\System User"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2797159227314912046,7428339305924721664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1

C:\Users\Admin\AppData\Roaming\System User

"C:\Users\Admin\AppData\Roaming\System User"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x418 0x4a0

C:\Users\Admin\AppData\Roaming\System User

"C:\Users\Admin\AppData\Roaming\System User"

C:\Users\Admin\AppData\Roaming\System User

"C:\Users\Admin\AppData\Roaming\System User"

C:\Users\Admin\Desktop\Xworm\XWormLoader 5.2 x64.exe

"C:\Users\Admin\Desktop\Xworm\XWormLoader 5.2 x64.exe"

C:\Users\Admin\AppData\Roaming\System User

"C:\Users\Admin\AppData\Roaming\System User"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\AppData\Roaming\System User

"C:\Users\Admin\AppData\Roaming\System User"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5340,i,14515540368532243289,6710152128131613403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0x40,0x10c,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718

C:\Users\Admin\AppData\Roaming\System User

"C:\Users\Admin\AppData\Roaming\System User"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Windows\System32\netsh.exe

"C:\Windows\System32\netsh.exe" advfirewall set allprofiles state off

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,16454152090007841399,4559535078159867674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8

C:\Users\Admin\AppData\Roaming\System User

"C:\Users\Admin\AppData\Roaming\System User"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.tailwindcss.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 172.67.41.16:443 cdn.tailwindcss.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 oaidalleapiprodscus.blob.core.windows.net udp
US 20.150.70.100:443 oaidalleapiprodscus.blob.core.windows.net tcp
US 20.150.70.100:443 oaidalleapiprodscus.blob.core.windows.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 16.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 100.70.150.20.in-addr.arpa udp
GB 95.101.143.182:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 182.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.101.143.219:443 th.bing.com tcp
GB 95.101.143.195:443 r.bing.com tcp
GB 95.101.143.195:443 r.bing.com tcp
GB 95.101.143.219:443 th.bing.com tcp
US 8.8.8.8:53 219.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 195.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.4:443 www.google.com tcp
GB 172.217.169.4:443 www.google.com udp
US 8.8.8.8:53 4.169.217.172.in-addr.arpa udp
GB 95.101.143.219:443 th.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 172.217.169.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
GB 95.101.143.177:443 www.bing.com tcp
US 8.8.8.8:53 177.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.202:443 th.bing.com tcp
GB 95.101.143.202:443 th.bing.com tcp
GB 95.101.143.202:443 th.bing.com tcp
GB 95.101.143.202:443 th.bing.com tcp
US 8.8.8.8:53 202.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 playit.gg udp
US 104.26.5.160:443 playit.gg tcp
US 104.26.5.160:443 playit.gg tcp
US 8.8.8.8:53 unpkg.com udp
US 104.17.247.203:443 unpkg.com tcp
US 8.8.8.8:53 160.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 203.247.17.104.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 4.73.50.20.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
FR 45.112.123.126:443 gofile.io tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.38.43.18:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 ad.a-ads.com udp
DE 148.251.53.118:443 ad.a-ads.com tcp
US 8.8.8.8:53 static.a-ads.com udp
DE 148.251.1.246:443 static.a-ads.com tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 118.53.251.148.in-addr.arpa udp
US 8.8.8.8:53 246.1.251.148.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 store9.gofile.io udp
US 206.168.190.239:443 store9.gofile.io tcp
US 206.168.190.239:443 store9.gofile.io tcp
US 8.8.8.8:53 239.190.168.206.in-addr.arpa udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 telegram.org udp
US 8.8.8.8:53 cdn4.cdn-telegram.org udp
US 34.111.35.152:443 cdn4.cdn-telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 152.35.111.34.in-addr.arpa udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 telegram.org udp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 press-pairs.gl.at.ply.gg udp
US 147.185.221.22:50154 press-pairs.gl.at.ply.gg tcp
US 8.8.8.8:53 22.221.185.147.in-addr.arpa udp
US 147.185.221.22:50154 press-pairs.gl.at.ply.gg tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 147.185.221.22:50154 press-pairs.gl.at.ply.gg tcp
US 147.185.221.22:50154 press-pairs.gl.at.ply.gg tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.4:443 www.google.com udp
GB 88.221.135.42:443 www.bing.com tcp
GB 88.221.135.42:443 www.bing.com udp
US 8.8.8.8:53 42.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.101.143.201:443 r.bing.com tcp
GB 88.221.135.42:443 r.bing.com tcp
GB 88.221.135.42:443 r.bing.com tcp
GB 95.101.143.201:443 r.bing.com tcp
GB 88.221.135.42:443 r.bing.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 147.185.221.22:50154 press-pairs.gl.at.ply.gg tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 983cbc1f706a155d63496ebc4d66515e
SHA1 223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256 cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512 d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

\??\pipe\LOCAL\crashpad_3168_ZRHTFIGKHSTSZKPF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 111c361619c017b5d09a13a56938bd54
SHA1 e02b363a8ceb95751623f25025a9299a2c931e07
SHA256 d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512 fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 727978063bc90020daffc1127f675f5f
SHA1 a984f0fb486d70e0fd6deed9dba0bc77a0319bb9
SHA256 0304d3b8371ef71404e81f57c8163bcd951ec1ddbda9c8345e76c2357160b65e
SHA512 d410857d1853222d4fac4c4c0c74fbd8e3ffb63223be222daa3ec69fb0a10985d781da8aa227da93becf8fd42b109ff273275d9759087d173f64fc3dff4cbb5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d7975bb6264c49eb0812ffe0cc7e5af9
SHA1 a1dbb70ed82f187721ca76481ebc1fe9cd9e08dc
SHA256 0f7ecbaab96cab6655725ba4720e3ee32447caffbcbe0f0bd1b63f8e97dc2ae4
SHA512 0c33ca20d845fa9c1e347328f4a0353e6d0a3b37fd6c45afa047396cfb5c257058ab74cac5c0970ece38b044fc6c16d19b7f62cc97c819fcf3cbeb547bea3d97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9085f5f200ca835919496dd3241c45b
SHA1 53addfdb043e2530968dd0917349ff781f564764
SHA256 2f87b1e0752385038c2ad13fff93367522478c1bf466fe10cf5786c487b948c3
SHA512 e79b643053292a367d87373fb257f37ef7a4fa9225fd6fb19cc18bb59a1d59891ccafdf0c1907ba5d3fcc3389c4441ea7d4b79471a3344ce7d428405ae9727ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\XWorm-V5.2-main.zip

MD5 06290bca26649b34c201fa1a6fabd232
SHA1 5ee6f669a49d57fb3669e4c404187f97afdb0d35
SHA256 338091b8fa272908857fee2d1ea3622a3147df78c1fd72f36328ccf16b51c87d
SHA512 b90c2f0e922b891400e30605362ff2cf588c0d072ce9263cc3d55ccf141d678803b39688ca18c2b36e85cb9c8dbb16745a471aa94610c98ef37d0dd8e1a4911d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f74fa20294f3668f2f0fa40128013d42
SHA1 825b2bb6efbea4504e9be613dcd1002539a9cae1
SHA256 dcc9ce07b7d4c97caae014c5df2ce5432a0ed7db922507610ecd22f6923602cd
SHA512 626bbeab008b45444e787434df4621297172549c03e6521b2a5511045517cf5c2772123180dadae9ef2c582e92f1896c702fab9f54e1fa48c9ec3aadd14c3937

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585f22.TMP

MD5 cc5f934ba00169d3e6ebcbe69991d2df
SHA1 a254a280e0017ba6072a765f7436a645b04d999b
SHA256 ff4ac34fd469ac8bab6253f37e57240a17064cfe0b53ea7658483084bb09b420
SHA512 5d88d489349221fa98708897582a7ed9e6fc92484570ef2dc0f93956d0ca3adddc94358965c878435494294e8d87076374655cfa0d30445b4cabfd40990a9fa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7d26270a60b55d341dd78cd1f308be1d
SHA1 0dd9cef8eccd3b6f3ba36d6d37b5747113d9f4c1
SHA256 77c84910539f7765f5bd3c85a53aeb612a756fe4239d10934cb4b16aee7d91ad
SHA512 75e58f297b3ad39b702dd13868651d82262faf6227aca5a6b881c032fcaca703a473df362ef0117b427b3fbd9a7da85abd15554655ca9fc29c4119aeec3fe445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fde4e0536e63309d29d39b507e32ff38
SHA1 eb6be4cc63409da63272123e8e83aa79e4cf9051
SHA256 1268543115d2c03d3adf411fa5558c79d4857a212f24843dded9878a0bb3bcfd
SHA512 e601e72769ec9e5503e74b839dd26d2c83c5f77ee3a2edd6c095c810733ae5372e2985ffb1c93b34baccb903ad794fe20c94cc2a52234e4decb1ba83efee15a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 98c05d0f2668488754f317611aa0f46e
SHA1 46072bf47c2605103c37dd1f3fa0275e3ef54492
SHA256 7c91983d74ae99327bdaf67deb706d118a9e925567b903d78e1a90fda5bb09c2
SHA512 af53ec806405e159a7dd0dfe349933a855e04f1a077d60b85bf7a207d03971ff240f07d8d3f5f92edd1c3b845b523022078b46be46166b5102b8e3415b5b260b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 89703a32ec5d1e649712d3a3568a6912
SHA1 9ccb5bce0f0e8d50659d5713d829742128605827
SHA256 5a690a68900ffe42a4851fd118e990a4210f131b1d61f08deebfeb97a35a336c
SHA512 cf79dd8d3a197f1ef63de008b8c0ab39d75ebbf6cf4ba774ef426bb9c251d9e5639b3fd858cc2047ebb14cdc0be5427b01b1d9c5a23381517a66c2256e2f9854

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d117cd7af6283fb8c01680a1b3c91b97
SHA1 8e7cce81bcc483fc7787006e177183ede3e80db8
SHA256 5bf46b1e5662f15c387247870efc8659a26abc39169d582b88c914b139177180
SHA512 aeff4175e7e867afcafa7085c1eb8b7f4e19de80e40e5e8d99894448bdb76ab27d2da4cac688f9fbe7b57acd4ba1dcbe26f2571234e510451a590fe5d15efbd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 34efe3f0acef3fdb825d4dd9a263b3ca
SHA1 a9f9adebbd3f86ba033dfb15b9ebb6857ce300f0
SHA256 61c5f9487af87c976204b1d98f091462c0b8c8fe546486eaeba99acde06e72ea
SHA512 87f892b3e10680b8c5f348e7be519cc6fd81ddd5fd223abcf87897416602e7f8b71c466560e04b8feeee5bedac1a92feb577cc2158ecdb8393ac665794de8cf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a40c49a1fda1a24590636464bd377b5
SHA1 84c9b323c1637b61fcc73ae07cb06dfa16a7d8c6
SHA256 e68d9162d5caa4110f4d29dcd42b8aadea86e19226334bd34c7512d491c30da5
SHA512 1d60355a37f0c12569aeed89b73090d219e9998e8d9e41ce3b0bf6f2e631c37573a38be13410227a5727256b26b5e137d0bf402bc4263b68c82195827d1d71e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2509d896529d06e98ccf26a547dbcec7
SHA1 ab3e20426f52de3fc9921e58f85ae41a299eac25
SHA256 aa526c0bf03fa91441afd0d7c9c645c222476ac7568898be4d9e6015ccd1c308
SHA512 1da22a7955f9c1e19cb6a8a125e70f5194eaaaa40ad9161eeadb4b2ec4baa605fd1c3d3eee9361639dd3bef3e093400ecde47df60d40200345f7b39995499e77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4308671e9d218f479c8810d2c04ea6c6
SHA1 dd3686818bc62f93c6ab0190ed611031f97fdfcf
SHA256 5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a
SHA512 5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 3fa3fda65e1e29312e0a0eb8a939d0e8
SHA1 8d98d28790074ad68d2715d0c323e985b9f3240e
SHA256 ee5d25df51e5903841b499f56845b2860e848f9551bb1e9499d71b2719312c1b
SHA512 4e63a0659d891b55952b427444c243cb2cb6339de91e60eb133ca783499261e333eaf3d04fb24886c718b1a15b79e52f50ef9e3920d6cfa0b9e6185693372cac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f85aa14d6533b658ef196e081e3a143
SHA1 650ee39ea7d3e849172e40130eb2280dc098783d
SHA256 5f0bdf2e7e24c897e6fac677ccd2400a90f2c0b4a3e5564adb0ce19b24d3e1de
SHA512 5faf74996f0a1abf79441ebbc0c7b87185552bf2400e0c4ae997d1bd7d22512531a654009e8716a0e49efa8872473cf176e9edc3c0f68d74c87c6563cf7d0649

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ee2216f010739d093a1191cbefd97e7a
SHA1 46e92bfa7fa51940a00cf400eef61e5e11a6e461
SHA256 9e42335a24f328722704013a81900769ac7f7a689564863ad15d99ac1e70e20d
SHA512 a54130b10be1434f94e64b4c0e1093c6c5e50376c7a80e38130470cd8d585a9eba37d94a3ed90960931bd946b9ae41ae135e2d808b4b614f2e9f048125cbda99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e76ac8d4035099bad93a7612b1e7e19
SHA1 304cbcd25d58069eae3f0471fa8dbad063f9339e
SHA256 39aba7d2cf84e0bb4fcdcb21a24a9c820ba2362c961566969312ca9444cf8b19
SHA512 776ef9d440dc180bbfc14f3f2c0570d0b3991fcb922901f0fe2842cf4a97da6e4d503bd7263dd74b5e8799513260c2f447fc5d26c97310535a8ebc3f8bcdf00c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ecef3f57ebd6a979bac1fde5c504d35
SHA1 a2e471ab1ad8c6e6113bc799f1561a79b994aed8
SHA256 4b7bfa3ca9de8a7623d26b22a9a5be2babed4681bbf5106855c07b460eedd290
SHA512 f9848aec49620b38b17476d9d84f912d24f166a3a5703d01b3ffd3ef86530270ae9d95a2ee87e5efc8a178369ad7feeaca9287276ec628179e98d55e8dd161eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9d69a459bf2859a43f8ed917876f9515
SHA1 b598bee2b2ffe716b97f9f71cf051424d0984cb1
SHA256 fb50d1b587e26d1c426756d9baf2a80432eceaa6ba4cca3a93a996a666824184
SHA512 3ab3cf29f5579ee6a41a49ec25cd2a2474270a7c520ae7469692441aec52ad0df5f848cdcc519ba11d6355c469a0c99b5642b08ed8b9c32ba0dd0e112ea51a92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0aca3d3e715307f80235bfd965693ec3
SHA1 51cfe58f711264952ca709e6edca32fafb7dccc4
SHA256 46ddde0817c56aa4d135cd6a6c2a5fb42e25bbbaf072ae798dbab89578aee0f8
SHA512 eb9d4ed78bbac4e13881659ce195ea03ed517d979e4f8942d3fc5997c65ac5ca7f195c870e6a05e5538e9641dfcbff18466817f7e15e26ee330f22056be69403

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18ef5e54bd633d5f82e03b753c4759c0
SHA1 e6ad854966b9266fa4c7ba9b181627a7c37013a7
SHA256 4d1eb172bf58b705976cd21a97d4d1993ff07b4c977624add9c1f26c1a325807
SHA512 2700f73526c7db09bb0f1666b7866dab1c2e5bcfb7463e5bcdf0560f0f33f2acde58470af2e7b7419ea3f165b20144c40039c12f4c3cf391ce549287fef7b91a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54c16826574a0b7b9a0e415e34a123f3
SHA1 b8d360e2110ead06f238f9a0ee1d9a9b2e05185a
SHA256 ee8e5c98b95722f6945c96704165df42f88e57a4e49f933781710e618ee1f3a8
SHA512 4dd1eb038c4c98b288e32173ba9940d32b04663d2530085d6ba53faf8cbb5c35bef312ffe6a7c1c9e8d3c55d02ff43e742ad020496ceb3538d221b9f5d018748

C:\Users\Admin\Downloads\Unconfirmed 209424.crdownload

MD5 95c1c4a3673071e05814af8b2a138be4
SHA1 4c08b79195e0ff13b63cfb0e815a09dc426ac340
SHA256 7c270da2506ba3354531e0934096315422ee719ad9ea16cb1ee86a7004a9ce27
SHA512 339a47ecfc6d403beb55d51128164a520c4bea63733be3cfd47aec47953fbf2792aa4e150f4122994a7620122b0e0fc20c1eeb2f9697cf5578df08426820fecd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93e318720de53293bb7ba45af7c76629
SHA1 ba1000c1e94b13f186d81e34257f8b611fbf3aa3
SHA256 2b3a326d94e7bbb1440edbbb015ad3b567605d9748d63569a7c7231f7595966f
SHA512 5e9a6ddba62f88a1bd3fceb28b2eac4c9c272edbfd1fe7654faa190330e4463d7505aa371607315a78a1c58c718c2c9a3435f62023b2da7f0838fea61d81cc0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00bc4976c26e4f55484f24439e3fb0f8
SHA1 5f9d94adc2d340ce155c76fc429a754ae8a3bb4d
SHA256 993eb324ffe9bb7d93c044b3484352e97b05a68bb71c79fcef822ef026022f73
SHA512 60c41da60c34d3fd90ec2b88560ff431cf9e2c3a1875d7a63aab8512af5d79cb01d84192fbd922c672949663b50772ad5a0de675b536af91f857166a5d430be6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8768c57ff1902e080b022cf4f301fe32
SHA1 de5d8ba816bb51cad5469c575d265349a2b247c7
SHA256 f85d6b03f31d27d94d43fc868cec40d65aabc16913148215709c21b3626f3872
SHA512 351e5dcb188a9814514f9cfa29c529ff3aba6c62bca885a7746cd233b44b45c568fe02b156340232a70844e3924fb9f4e036c1cf2d8e61f7d1e05f6bef45f102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b113edf85f56b603aff2889bedbe4387
SHA1 f335ec67475d079e7d737954bd58c00842b34037
SHA256 0775271dd5bdefbbb31aab359ea9970ba65eb9029808cd45fc0ac8298d50c6d2
SHA512 760281ef58fb757a6d99d6b36376e786f21be6c145b1ff3b2e7b73aa3943e61e5602549577a2240361c0402f12ba3005f07a6218186719f3a08604d851819770

memory/4360-950-0x0000027DD2330000-0x0000027DD3218000-memory.dmp

memory/4360-952-0x0000027DEF9D0000-0x0000027DEFBC4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04fa02a54a0cea22fdf67cffca4e84b6
SHA1 41c52876287a4132ef19a85201d018717c1863dc
SHA256 179b770bd5270644980d67e7fe827548dbb8b9135e4f1710d824895ec529bbc4
SHA512 30c9cda51186ee906fa09b04a1ad728a310b945b9c3ba50d7273b1af050a366378e69a93d93f0446a3fc200b19c6704c8ddcc80c2395eb0a501064f89e8257e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b21b1e75a71f0040ae54f916adaa55f7
SHA1 55429022dec3b9dc4cb2146d91f7d640170dbb10
SHA256 d8f373779060b473d1f9d13955df0334f5a36389e369660ea9296d2e270278dd
SHA512 7555bb82bd4d2e0f0a3dea4a0cb948f3bc0a352c134ceaa33bb60f80f84ec896f1fd97ba52abb546d8e144b28c2de861830ad41c8b0576ca42a4295d7e5dc745

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27137ff16a264af9c33f6e991a544527
SHA1 85f5291360d8ced1d06ca56622504f77797dd73f
SHA256 8184c27d2d21bd7403486aad905e3e5250f20b2ba1a2093db17f94b605e1bc70
SHA512 b3cae04ce6f2bd21fcafac628805f161f57e9155f0de9dff4490eb865e4ede41e15da8fb51c762febbefb00bf09c5dc26253a83b69355d06cc2ae74d102de617

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3a6fe98bc01c8de1b76afbc835b01d94
SHA1 21b5b23c7d8471570b389e91393a8a7ee70cf22e
SHA256 7ee6b72b4afa03db9894afd08768b5ef5f777d00d9cb6eb904fd340b00ff789e
SHA512 9dd9dbca3b6b87757ceb18ece86f975bc8012c25d8493a94af34ae8f88aad74986964c5603c15408c0c679e62ed5d50bdacbb46498209092d1f2e976f4aac739

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48f451c5181d3a7958cb2f5f7c2b489e
SHA1 469548639997e73a2178ca4a859269ac0794e474
SHA256 08409393e245640d274049ea4616c69bc47350409210ea8ff132b86767730637
SHA512 2dc463c0d05616073a2bc85fa0d98e227720e68a26b1aa812b7282994a13283a9822b532327ff7f32a7c8ea6479e8b7c87f9710e7236df3b17b2ed9c3802e699

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f58505e268cda20a858cd86f452db51f
SHA1 4e4a24abb7f109577f0cfaa09b31b2db8bf2e569
SHA256 1df583d84800bffe80ba56c46c1e485c7268f69601662e9165507fb8ad31458e
SHA512 6e926a1332aa1fdb4074dca916994f3906e9c0d79edbfb6f6f9e2c5f3e02236850043269b79c3296fc5fdbd60c59042886f886bd0bb171a0933fb1023012c39f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f7e2757e43c6cd590c82569fc2de92fd
SHA1 02d201a3ec1dd2315ff01e50b42e9d558e432681
SHA256 316409b8b044495b64f62094db00f4ba1d988fb15d2cb33ff5f2a24647920b94
SHA512 db3b3b8e0325ea163ee074d0361bf2607ae67b6eae279a03997b89cacfeb5d3321409584840c1bf03da4f0ddb0982f2bdacd86378c7233ce54ca885d1e97bd9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fee64789-bb19-4e07-9764-de7a8f68e215.tmp

MD5 844968b6d1145688337000cc40530f7e
SHA1 dd2e614f4990a8f151bef988c496ad0475d57a84
SHA256 111bd51fee991f62ca19ad45a04afb054e40c0cdbcce0e7a89bd199fcf8abb66
SHA512 9f33ebfbc1097c400dd2dfc0783791e1b302a64e74a81a95dbfb21557523309db5c64b39b7652887857e9a5fba10f31a8161c54d92cde6ac36dd807f88510024

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d27d9e6a5767a6baf7481a248789fa98
SHA1 d5b6a2291109169df0d889f81d43e3396634fb33
SHA256 78355201cad16d8a3581683ec714352aa32b7ae9063c1ed1c2d7c7999fa05af2
SHA512 b73553e2f3358eb31aeb5cd3b2c518e4f0cebc4ca5647aecf830eb773aa5dd28e09e2574e8737476e83951734ef8ffaed4abd098289659648fb0ef351da47644

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dda2acb488cc563633568c40db593ccf
SHA1 c4faebf49a2ff93045f4a88d547cd178402cca1c
SHA256 bcfa9b60b5b9bec4ebb9ddf6324b6e6f9862da1d226a30ab2ca59f3d7ec6bca2
SHA512 797512b8504f94faf1adb706591bc096e76db65fdfa4dee39675570098a38d0f634a8efb1a3aa841ff9deb3a725080b8bcc3b7d91d4f11203962260cab34be09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 5eb0d2eaf5afb38af857020de6843698
SHA1 0d3e62f71d33555dbcfc0fb9d74e444e3d68cc35
SHA256 2d2a56323603b0b28a21dfc8bf44c068af581673d57d6fb7199081c1ed4b4b1c
SHA512 8bba8fce505b356fb4c4576e69c4ca44fb90ac4050bc74545c06ad3dee6c846c6192f5a1d085f65541bc3ab858934aaa48a41b8b7b886f4d0537f23a79085b47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 71cc650eda7ccaab346890bc03598f17
SHA1 e6a4fd4050bc38524cc80755c41b2b9e4d56895e
SHA256 6794465c085476a1bad38bd2b3a807e5f6833efa48f0b3529f1e8001b2743407
SHA512 46eaa8026c00ecbe90066b0f0eed036ad990ac57dbb60ad467dda54dc08e0717d2a3efecfa935dd09abe4dfd34b381837a3c82e2d7edb057824dde8240137c07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7505b951a730093eaeaa695ee7b5649a
SHA1 ce253a218f30da03458e06b5c14e3205687c3ecd
SHA256 01b3dacae4a2944d054f5536adcff1463eed79e25a43af20296f63663002ae5c
SHA512 2de698411617a8386aa6266c4249de2ce9bf51a18c824d77b3cee3fbc651c545fb3e2483c646fdc8b8fb4b2f7f901f1dc89826cfd2e6858b5b2c5e6570fbbe81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c1dd296003228782e04cb15115beeba7
SHA1 55489ffda9c42619458c97d0fd3f73c760eedcf6
SHA256 c4aeba00245bf170ce34fd5c49c4d25fe8f89143e3f253f8b99b5e339c8f77f2
SHA512 e5159bd12990e235a1018596731e87b030c14e206a31e38786771fcf03a999f02f43374c0e5caa97a2ce47c8ccc35d4bf79c8b85daab860998478984ec61c283

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4d6bf3f0a30208a35e6c03785d12703a
SHA1 d662eab67a94d411739c4fc2130113e704d9bdfd
SHA256 915e2355b5f32a35725550e9958d46e2ec061b3a0f827d19be6e376266cd2994
SHA512 3a71fa5e8aae400cb12fca06d47ebac34efe30f496314f1eb9468b1c66124b08f7a7eb414a3eda671099c7267ef096475a14eae014e017581ef2594862b40661

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81c72702a8ce13e73685c648b05edd39
SHA1 0b6fa00634e04291300a5372b60e41a035cb6f5f
SHA256 e5a6d9a2fa20595fd8728c2b7c4b3c6cebb5c3480aa9c7b84e174ccb9de63c4e
SHA512 d1fa184cd466de87b5e940be10a252925b70f538a23ef09fd0035ab461b3122b8acbefe6fd7a7d4228a776c76f0f78dd4a496ad2ce906bd386151c96ca83f8d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 67fdf0a57aecd823554cbb18e16a39d8
SHA1 7904403b20a4b10be33a4f31e2c1c8fda6004d64
SHA256 4ba164e441bfc4975d9bdd7f7a7888491f0fb146bd46bf35d8d75f1249cd3dd2
SHA512 ac6b8933d1754e00b4f3c294ffcd72dde2617985afd1d8d4539a956154aaa5993ab085faa453a7a653b8f26155aec0645f80c4a1b037e95a8579bf55371ebb16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 4cac357bf24f523841d64a4775f0aa54
SHA1 78b550849a3899d802ec8798fac15a7401580ba9
SHA256 04e85566882a2bc4e8d6d31ceefcd36b4c0a5b3cc3885321ea274abf780ce5c2
SHA512 f9b9107b26c3ac0ae71c1a24c5e240f984663322eea15ecf6ad4d2e30cb444b78bb3da3d3c9229c37ebba39061fa283f94f02376524abd7d09f02cdb632159d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 999a8e71948190106aa3e5add25befd6
SHA1 3878362dfcd16d1334fd91839635ea6d4060ffdd
SHA256 db0e90e64b89c9a5f4576142ca8b48011449fff534f81e6eabd50dbfc7fa0330
SHA512 c09d569ce5f6a23b5ddedc1aaaec7b9d83601d34d9507bdf2652f5f84988878c0586808694da7937482ef1df0e1d536aacb08542b7d597d8b1c43a2ec146ecbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 80bd55bf5a01e3aafacbd15f48c92611
SHA1 f2fe7ee0b92a66f0ebc2cf2cc47387c51b2e5e7f
SHA256 6979aba041dbedbc48d46cd4090dbdb6d26443ecb026c144572db831957ac5d5
SHA512 f85cab53eb4094d606b1b62c77bcc0badb5b7328a7f69b15cc94081ac8bf37c8c78b75aa9c01764432d01b07c42cf50ec6ad9fec2ea60b3a14b96fd3a1fae5e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5c57e1278c901f96a286e06fdc2adbc8
SHA1 df0635fc8b122b5eacf4b279a9df36dea2011e45
SHA256 4d2458668716e01d9f86f68587f8c3b323130c9cfa6ad93d509ca28401ed89ee
SHA512 276fdfc0472099e9745a2de1b25bd413cef005196498b0ba2313a9ceae9957d7c7b68ddbea755845c5948fcea89eb594f9cd449fbf5a2033fca9d380ba5e689c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60d3f51580b426cd3c0008643095cc45
SHA1 77c8bf6aee52e8c1443a66b10147dbd7e09d5fe6
SHA256 54d5273b8058d06dae4149bff856142588fbe03f736b511453b3488b33885f44
SHA512 fc09e33c7fec6ade5f65d50f950a1fb8a64fc46034a088dd427466484c0b51edc29015063ed3359f4014b2a13739d89545387aedfc6ceae2bf795a743dbeb6ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 662a8eacbe2122448dac469755a70e37
SHA1 d921fb71699a405b09da754a733f672a54ab8bf2
SHA256 c8a9584f6a79694cf3f94984f89fc9c86ccbac676a563b821912b95b0ca578f8
SHA512 e53f54be9806e3b960e1697275b32c43679492fed694fcb6845f8bc301f5fc135e67473ebc2f6f49e7dd7509ec14a6485ddc6f538f8c76e7aaecafffcbb8776a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 66da03f4ab506ee4f9585c19c3ae96ad
SHA1 c39e12bbe2dfaafa8ea02dd9fb42901344662be0
SHA256 8b54a5d196fc34a8364d3b15797f76bd3199cb309f1bdd8e92069860eac788f1
SHA512 2e54479840c75e3224f8bd21c912d7919dda5a0255cf6296ec9890f3689a861574407bb2112899534515ce65309ce153269c9a22ff2ba179a100bcaa91becd68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ee9ca71b0905d3d1c195039d1df7bf09
SHA1 d2cdd398fa19bda5893e8241b47efec875899832
SHA256 dba629012e85aa6a05e41b0f38f4b6d71195508a8dca91ea767fc8134fd0c7a7
SHA512 8ffd08b4be02c5ed3e3f5ef01a6eb9282f82e9f5f109fd855955abb87ca45d80991153d9f60d17dd969c8c3864e11e029c86b0b42bb0f25e9efe77cb6a7a15ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 905137a20f2a4449b81db1f8f5555552
SHA1 135f9a7610485d67c841f9d3baceeb39510408f3
SHA256 f849bf130cf4fc8053070b7c13eaeeca53dafa50bcb09e1156776675746343d2
SHA512 f3b9ce57565b40369b9f0725ffd104fe4a9bcdfb53226ca8335cc7b02822392b26dbb820ef256bbd9421a694f429bccc9405381398e7fc2b20162be02fd8aa21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 63506d85eb84a37827f86ecd2973ae2b
SHA1 72249d9e2a45b03b44d3319f0755b86108e4ae59
SHA256 a5fec3f6c9d95d9bb372c645e5b69c0db6e9199399f980b9383aba7d885d0b11
SHA512 8e5f35da13e17ca3d1fbf2dbe6af2a48c58b54179a5948fcbc6d354652dbe66c18740a5b4cfad1f0c2fa0e8e5b79cc802501579b35a3de941723817c306026a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 33bdc9d333dc6b1e3dad3b166ea3a567
SHA1 30a38602e99bdc5c6a795f2ad5d54fec0458ddb3
SHA256 24cf7e133c705d3350bfe954c4e325b2de97fd4889de600f90cf06c8c3d02a4d
SHA512 5a7095db8e8733f71656871ef8109255049bfbff78c6beb030fb0c0a167a289dc29671f28a879b5e1ffd84418b29b15a59f5a264de6da8da08b02062fa3f1e92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 3ae7a1fc24a2fc360d0911d5074311c9
SHA1 b94f593d8789e38908e86e75bf5d4795fa14f4d7
SHA256 3e687d87510e90e494e83e1f064cc388577ff85bbf9798044ccb2c274b0ee18c
SHA512 c82aef8ad194a149f55549e7ac903bb18601ad765e63aae0550feabf6699bcaef604be165639979e65bc9bd1fc680d67a76ece63b4338148bb2ea6a5a731bbb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 a330dcd681ce3bab9d64645b28ee933b
SHA1 dc5a304235f72dbd1cc22d4a68102aa40f99253b
SHA256 95a5918c4a1f830250bf554c9a1b848a4daad16c32153becc6db8c0497a9fe33
SHA512 d3b8a74ee23d179bed590dd5585d267a642108b3cb4e02008414db2c3a18c6f89585bb78e02e9c2f7d48f214e904d73065ab029f18375a586e70be17f7a973bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 94a66764d0bd4c1d12019dcd9b7d2385
SHA1 922ba4ccf5e626923c1821d2df022a11a12183aa
SHA256 341c78787e5c199fa3d7c423854c597fd51a0fc495b9fd8fed010e15c0442548
SHA512 f27ba03356072970452307d81632c906e4b62c56c76b56dfe5c7f0ea898ac1af6be50f91c29f394a2644040929548d186e0fbcea0106e80d9a6a74035f533412

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 3190f31cce176613f19d0fc8cfb61788
SHA1 15267d7f52d62cfc01328d7bb366965bdc0b3e47
SHA256 cc3438c2808585856cb1067668a4f028ab3dfc2456153cbe93160065bc9889dc
SHA512 6021a1aa40749d70d0f10843276bb3acefb919010764c1fde6d5a81519c2a2016464b238ca43c4ff55f8a7aa386145f5802f9f15711a9dec832117b0c0e580c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 c31b37a19c98b4c2000199176d8f68a0
SHA1 3bd583d1ca2c5c5b5850e25fbc79d3d7fca1f81b
SHA256 ba1cbc3a16b4b2eacda841d61274bba2f3797cebda3847ad9cf40eac5097d5d1
SHA512 ecea85d6a3860bfb698c386d96763df32988d291ffa15dcd854ad7d357586b38f9f358218db635ca26a8cc4837ef7577d29c9e6eb9ee1e98a98a6a1201236da1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 9df56abe7d416c8a096f63ccb2bb357c
SHA1 340a9b8c408c1018d1e953bd944a1f33be5c108c
SHA256 2ee56d023f55d5e2d53f627f2f334b744554e832886e7f203844ed7e893f870a
SHA512 365077ab4bac6e31588ae2495186ac592f024a146c4a675314fd53085b6f86ea79195b34bae15f60e275b5c73632d04d152722a94b776bd1935a454c30dae8ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 6727cdbad4a47c2a0aae30df05908e84
SHA1 d241487ab173e707f0f6c1d82954653f2b5fa494
SHA256 8ca5dbd37c00a64d7af04275f97da2a726d21c3b2d04eff6a6c64a439b454c9a
SHA512 ff1e4d800e705fd302de93a0ad780152507970c6c0a11647f4bb1a9636dd0bd5538e039e55c8731ee4a6905c7073d9134ee3af29448578a37ca923495932b785

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 cfff8fc00d16fc868cf319409948c243
SHA1 b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA256 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA512 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 57201247b11b865ce61ea7e4a8f4a441
SHA1 05dd9e6775662068b1edc09e342b6de044b05ac1
SHA256 b8003743954ed11490edd4165ead722d6e5afd18e0146c3e2f963e1f87b757ab
SHA512 7de756be9a55f530ccf4b5fdcfa50e1eca6150b1d1600a8846a64b3d4f1e5ae5393bd3b5a98298f145f63a81390bb00bcf76287904c203eb8fa3311e19ad60d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 2e23d6e099f830cf0b14356b3c3443ce
SHA1 027db4ff48118566db039d6b5f574a8ac73002bc
SHA256 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 50b68edf200c0a0b37a528ba89564630
SHA1 fd73311625fb39fd96e46b48bb90aeb89ed57bff
SHA256 3e23d560e49a0e10df26a9a7408f1161826c325f34c072a94a28f6c140d0889b
SHA512 6396f331f3b2dac451b08c6f25e9cf27a996fdd4d27cf51f0dce5ab54ea62e1d123832bdc3ab9d06cbbcb28eba671f2ff63cc79aba2f9e458dae8c1ab2a4e32c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 17688d93c51cdaf3b90c06ebd8648b90
SHA1 d3ff0b996ff6a99dc6d6bf61a6228a9e759a36e0
SHA256 27d46b3850286457e9bb3b04dc404b7e79eccd6eabf02760caf922689dfde4e5
SHA512 a19149c0462abe7d7246ebcb454fe775075e0b97f7a11e19d2c7254155f913a1113ddfc0ff044be8d4a0b53d6e4b113f57c9ba15d18c23b11a483656aca434e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 07eaf1d273beb8d7d511f6c878c04685
SHA1 8ef832af6db74539cae46ae56e8901c536064ce9
SHA256 1d05cdb46b28941a0e9bc666cb1f5d54af9ee6d37fc7be813f540d76273f60a8
SHA512 9d0f83f3a4c2d73bb5714351611979ee0bab1ed978daef8e53f1241c7f437d0a0ded2ab4e0f3d671bc9d7e5d882a1600ac5aadd2d30ff07e8390927d2bd27e6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3bacb23469457ceeeb1b63ad29e72e5b
SHA1 d738bd3b75f560b4f2918cbf38adefa3216384e5
SHA256 ce543f2369aaba06b75cd9444fa6b4002f4a8ef3a7097902f6a23103d46aff8c
SHA512 dafafeb01f45dd1808e533fecb17fb97d3d583c3e9b8b893624cbe7a88116638725f9f6737b6db4497344af805d1042b0ef0c0ef082a7b41ec07086fd72d9e5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5165fc68ddc0de0f800b3457bb639221
SHA1 09d6a8a35a6f3c6222ae887b1acf52128b0d2e36
SHA256 1afed18da71b840282895ac3c13428831c77b7fabe245759e06986bcd74c1fd9
SHA512 6b2565ae3dc4144c6a8e3f1681e18e5aeaba4d247ade2123612c98ffb4d8b02cb10ff7a7edd693369f97fa34c5f22bb81585e219dd4ca1643212958325169895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b84a87b61c15cc6b81e8064e5d426978
SHA1 fa989f61f3fec408adb166e3239c70a1aa28c27a
SHA256 df95e0296a6c2a3ca8aa6e7e0981f5e0811b58f7bdab6c8714c7a1cd26aae8b2
SHA512 7659453dba49ae750eebc3ce329f4e792b313403dd460e8111b0f3d0317ecbce436981693d18644c92d8fb232f587fbc4ca14725fdb2dfee5a961926a2e85c83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1729a9a121e34342af5632ab20c2fec3
SHA1 8c0ee3180659418cdad42178efe0068c972c8059
SHA256 23bb9d7da0e97198720a479ec495b0b21134130727a7bfbe5acbe20b51c36a18
SHA512 fd38d752d1b64089cc9f6549a432091e3dceef57a16f634fe44a505da13005fdcb00ab27a3fca780163aeb829cc6702ce1f94c957d0bab59e97e80185f9049ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 322a582a5268ad4cdbdd8ae9a9c2531d
SHA1 66c7824dc3e8aba01b586dd0e2b9ec1e91cd0110
SHA256 4997e39e6ccba12c45326c3b0c2dddd957238875f954b4782fd322486e9a08d1
SHA512 f3a2d880cce910f7388eeedcd90149569e612f477f46c7ee4e13f50d414f404c7a44324037e66d4165b2b11cb8db8f2cd97026fea05771f1efbf545ef6b661c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b98bf63cf7d843a5885318e27573f325
SHA1 71648afcdf0e0f70a668ab62461dd8a38974548b
SHA256 113ba1c48f26cb15b233d800a47d3fc93922e61b3145d2a55accc909a0482f66
SHA512 515ecba6fd649534bfbef267db9ec40b93921469f1c991ef997f98ad5063ddd1868ad1deafbbe8ecd35142f285646df0147f6ad40439f080fe3b58c4266068fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9affd9f6b018cb12c8217c6524a21cdc
SHA1 22904f999cc57d54697c383acc04dff091799ccf
SHA256 5e64e4f3876b7985455b4befd05f2a73819a5744b9a61167b2f3bf6a840c8ea3
SHA512 e0950dbc1e5bd5553d2ca19f6f049d4324430162313190c5c7a12a9aac00a12ee300a1788f0eaaef48d820990890aed618edc5eb896d041db3991742eb0572da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1683fbe50ba78fc9b41431c74e0a0746
SHA1 d432d333eb27168a33fe1adbd16343729c29782e
SHA256 ab2dbbd94f5e60970705bc8389216a7d620c5d6b298236c561a7ebf83041a7f7
SHA512 ece7cccd29122febf2c108d08a7b32ae36b6e64ff8146528c96de45fc737fedc9d4a32003045a6cdd0c31f89bac42f26c311e74d20ff49bbcffd25d46743804c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc0093189c1503413ded77d4dfe86f4e
SHA1 97773bfe809b324e7831b1bea00fed5176744774
SHA256 e4b492598bf787c314f37aa506237cb32be95f6f08021e787423fe2a78914c23
SHA512 791e8ef3a90b23079fd06fb8b0d5ede2f99ea0abee85f1cb5146825fface6f8d10914db701b0823d27da124741aadc8a37c7520e79b4c15806f921d015a4806a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 34a23364018cccaf7f6b21f8b8d06ef6
SHA1 e42aa042c62b7af82320e7d618ca06704d1ab16c
SHA256 de6108c1827162da20c04bd101b5f1d465b0975ff29c0470b68e46196c839fb0
SHA512 b92b74f20740a86e7e2cbe82340d95e477c4d0b6db25883a73a3bdf1b0b8a2e1be019695f1cd71dc0cc1650f8393ca3c46e03530465d384abfcdb50231aaea5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6fdadff44d9ca61d9e77ef5f558e26e8
SHA1 6eca961024935c6602a5344a22988f1d490f6723
SHA256 d6a52ef314da9f4c42c46d8ac8f4682b93ba6a08abdb83d28ed398b22549c495
SHA512 9f681a0330b48385fb5b83a4648871f6735a45a2f79ec5916a03d06f344653bb5f566e792f77ebeee0510fb8ca6fc75d9c50da3773726b5a4ec0626f0045dc7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e02b9c44433d1afef162fc55fab494e
SHA1 021fee118a969c8b014f1785c45b85df6dc456f5
SHA256 d191d5cb4ae2084dee6e88e296b7921306158b58cba3ac549ec4b469f350aabd
SHA512 757d2c06fe21a6a9820de8cce5a8c15e2884c2176884338eca35813b5d96c31d2e616e15c3a7541b039ef9ab0a0d53d184a4d32b7dccbfa127b4b0abc6f7ac86

C:\Users\Admin\Downloads\Xworm.zip

MD5 3c844ff8e05e6ed0fb56de023b4ced2e
SHA1 a930a22e0cb37682120849cd08c3aa9c14572bd4
SHA256 271b5f56f0e852919a2f3fa8446b4cbb5d80c133821eade61cb8d48511ed52b5
SHA512 17feba86ce7025fd24801d3d57d132729206d9416d966f968b67eaabcb3758617a38f5350a2db97dcc4b6a546a62d93dbdc95d9ed9a770f7117ac8ae415ad1c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d9899dabaab3d3323c659f0af779550
SHA1 903ba6c7e5a3ab780999a084821414e3ff1cc04d
SHA256 f5765b64296c4b70828ac0a09acf8a8cc9fbbbb105a7451b76cb2a25dc26ab83
SHA512 ec8fcc76116065357e15c88a954d99c1052986b177b6bc2e16ed9bd8be9f09ce5175f2942e6c6845bc75a361dbdbf79f0906614bf2aa69671c516f6ad7744a99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fae085c042254e19ca31438775432f90
SHA1 0116a7c2125b28faeaa973895fdbc6611df838ae
SHA256 1f8f448c6ce6584de1f68ecc9c4b1036e314320a102475c99bb56401d6b8b8a5
SHA512 02585ac013f0e607368f4163fa5b576f5c5723d8c389cdb877b5bdf21cafdd17460efe62f60461a22a6ab0121efd6ce820ee2299826358b6614394f11138044f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 15641ef2255befe802ece8cda27204fe
SHA1 efdf9e48c502f5cb4d6188980d86ff46ef3b7cbb
SHA256 df2de53edf2d9a94839d5b5be0fbc1c1543c15a0dd8a3d98c87780c6a41c7f49
SHA512 5694540ecebacc79187b8871e25d7fd6a6f4972997a2c361474f2e78a879620ef6613bb4f2d2b6b2922f0dc4458e3f275de68813630496d17cd7f607537b2849

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f438c988fbc30de74f103c57fd9f6bc9
SHA1 a3db2d2e868e2526e4d5aec15ef1031af1daccc9
SHA256 83673523f6af0ed6c1003e526bc938dc4955ffa2ab92ff381924ad2f4942d0bb
SHA512 b17216b93b1962d5645937046c792c93a0d372858e9aab76994079ec2a10b5acf309b0dbf2f5459d691cb7168aaa8253d3354d855f7731f9d10dd270b9b6bb6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2dc6ade568d772c8685a73e220997f41
SHA1 e60bcf305569b70398af86315e21fa34163156a5
SHA256 a28f9b9098605f7b24654c3c4b175668f14e595fec93ad4fa968f4f0c3f9d08a
SHA512 982dbc9f447416e3d8726313b519e16aa103a766b18947429205e1f0a6550429da22bf61b5512492e916de56f7365933b8e0375e5590d7ef8431b6c0250cb98e

memory/3108-1899-0x0000011C25060000-0x0000011C25C98000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll

MD5 2f1a50031dcf5c87d92e8b2491fdcea6
SHA1 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA256 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA512 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

memory/3108-1907-0x0000011C411B0000-0x0000011C41D9C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdc348de01ab7b198cc29d9e692f1724
SHA1 ab12c245547947c4d3148e755dc329a8604ea601
SHA256 0b54dc23f6eae0cea7f6d8e4b9a9f979c9eca5c2246383109078195675e70f8d
SHA512 180a99e9d6fccdb2c850b31ee8a1ab490438b6e9fbae79b3e49f416bc83d40125991b9e8a79ed51e03f6d89de8edf505aeceba14283cf49ac2092387c038f26f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 544843fe72b67a7ddae8f87c54353310
SHA1 efd8404ddf051111d29c38dd98f8043b7e641a6e
SHA256 d55adebc4dab502b44190ecc937adc1a13357c5b52b1bdeb5006bbb51ebfa0ad
SHA512 acd7afcba2566bbedee27bb1d8aac0c4880fb56839d102b280ed56567db700d96468e5ff541d44e6e5d485840cbbcd6ae94dcff36edb36e6890578b4f0b8cc3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc99dbd21d8bf0f1be1a94f53dc6fd54
SHA1 10395988ba98cb1c78cdc528b8e18c56bde250b5
SHA256 d6433727e6c1d90997314262fe324dbaabef232395250b077b9ae73b1eab943a
SHA512 3c36e21030b71ae7cb352535033147013b127b841c9940d89ddad0e9e91bbd9e038979ef2cb7b4ce7ead264439f3dd5597851f225dc2994625a6ef54da7ad484

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f993da59c5b29d73d4662792cac1aeec
SHA1 8bc9f1e91cbdaa8498478b4f0878bf2e0af7e2d9
SHA256 78fe02bd125169d32c49fb1b7bea1e1af8db5a2cd88f9bc4d53d467e56f38a41
SHA512 06ec0ccf01a6879aa37a78f474fb2cd6be22180ddfc20589f2d748a8b046c947e9fbcf1e04277a5e7850f46abf6e3b7186a09d087e708f52298e7912d744357f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 520422a395035364db102a7641940715
SHA1 f45110141491fb661a7c8842eeb734994eae1692
SHA256 d70b7f76aadb17c36174eeb90e55e91133fbfcb4d2bc692cdf8789aa18f2a0e6
SHA512 7320140507c704f2c4704d7d6c3c06ea6558fdc0569f443b7f33a0d8f7c005f42ca4e536917c7f986010c76dad977436bd25662c0ff0dc6658cd9d71d12a8784

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b424c5cc9b633e87ac664f0b56a30419
SHA1 1090e6c095402808204942df3a93f9e5490cea90
SHA256 cacbe29f6906fa70879ce8458bdd583a2d915fd39f6c6f87e9682755105b2002
SHA512 8b5706129a7b6922c8c9491f47f0e7e372fa208246b7a38ad22b6008ce0aea1d0117e785b78cdd2ff488f9b0eb7d87a98b394b6eb37a3cee0afc4c37c1dc0fb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9941f521b52efc3d4c0048e72cff7d1f
SHA1 7c6a77013f5ced5e2d57e2715afd9a985d8c2f91
SHA256 05ee6dd40b6b8a6e9037ac8a47ef1e194129603ba475e8c275da0d0adf0803b4
SHA512 690698100a310848733467dfb4f6bbc9363c47384a21e26943af93a8a2628612bea6516f09400dacc1cf5a0a2efd8f3325e8eefef9d50dc198e40e124231c036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 1c987fe93c9ccce63912f78f15b73ce2
SHA1 e07dd9e0742d8d0e6b615e52d47b754a35aa229b
SHA256 5b6d25b85fe1a4e6ad598e0c5a1d228df511492b0b6ff7a4840f37b33aa930cf
SHA512 e4bfb4a123ef7d18714c06b7218a4c317859e26025ea4847183dcba94b8cae8a419eb46fadac6b1d13e761280a963786794039c307be5894009d5f7d3492da54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 14e39be019da848a73da7658165674cb
SHA1 e016473c4189a8cc3dbff754a48b3e42d68af25a
SHA256 39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd
SHA512 828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce8be82307aadc77b65839520ab45281
SHA1 9313cddc91ff5ef418825d9cc086a402140efb45
SHA256 c72936a369be35ad61d03e22ab30c8da732050b4037e6c9a9823582c4657bc81
SHA512 74dbc90dc085f9f8118b53c23baf158a6628a0bb3b2066e8da65b73b350478aeb25d408d718bb212aeba825fe546c75ad8d7a1ab058e290fa195844c9e038513

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 07665fccab4e0f53ce25e69a30c30695
SHA1 f2cbeac30a2c0dba4e5d7c35ce3c2b9e807451a1
SHA256 ab4904be491da2184d0eec9ca08f9c1a7bc96a7a96a8eee483db62d203be1229
SHA512 4eb99cb2b86c48b81b3648b3200977123378537fe6261029abf5c595d12b472f01bb24615ba162377ed164b98735cd8ae8185ab0c5b3ac05d19c2f60e3f13923

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 992d22dafbea0038e62a5cca2ebea786
SHA1 8200e26522a52e32ab40e6555bd841be8446ed50
SHA256 5e2b30fa4a5d6f237b950996f77f335a9c6739818d9c5bdf9b3477a0a4941f77
SHA512 9eb1ea18b1877bf365743a8b29ae1e868ec45a2bd7899f5c6191204b1335f419286dfd770cfff68604578c26aa8b0e95541b34182470c10bd9e8d3c65ef1296b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6cc29449480a822e61d7a0c3b029447b
SHA1 322857059a857e2962b465d45ee18386f698ed19
SHA256 770b3ba0808abf7ece593163c99bb15b77a5ff485019a0c15b3632167d5a4e12
SHA512 70b25da925b6dc318301ca33efd53c2869b8174d2cdb5b006e47db755619dd58f13dfcb4ced61c698163f3a327d72bb8b983b668428fad6ad31aca9fa502ea97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 945031806c1c477f979c27106782b8bd
SHA1 aca6ff2ffa389045ab1a0976478b2c617f77e5fa
SHA256 0bc056944859634ef7a40bc92c91eb4ea2bb2226588d96890622edb019e09e89
SHA512 37d5a900424fe12cadaec8679685f123fc4317c68b03084f74562dea051fe4a6a68f576905d763ae4a820afc4eeacb7959ff5fb0985fe2c09422e0168eac2603

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7239cf29f0489e9ba2a004c08a99611c
SHA1 99629e22dae5ac6724b27dc47bfb9569a95c7073
SHA256 7b8421f9f0209b1abd22dcff86562d73ab665d0279f8be45574bf73b8b64d82a
SHA512 c2fd29c72b41acfa35e69eac49e68bc593a09fa8d29c192ec9f92e85de05545b54191b113bdef07e90fe51f5f23c7c5d83bd807879031b605eee00098f27a124

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3275b79e8797a6cfe50c388b3db6faf1
SHA1 dcb04fed985c02893d5f19cfdd6ad4eee58f84e0
SHA256 337f1ea425c4f124eaef20cb9bf3d04657b0153ce1f6719557fdf60926e53135
SHA512 26489a45a909cd1791053a922e2212b9d475c22635d118bba47a8e42b824bbb4b693306a6436f63fe8b6ec85f143f15eaa0a2427ee9534b49e1e00f0c0b702e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\074701b5-2297-44cd-a316-5bbf57a313a3.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 31d9f16f84dab4cbc0db6b2c3339028c
SHA1 c06f136434affe4becf173ae187cd031ef42e307
SHA256 f84ef10c06c0d9545bf8b3616d9ea09f69f191174a2df99d13403701cd96f5af
SHA512 09552c68d3e9b6d6074375b3360e48634be3c88af737f375d420db2c09b1c760777e37166ed0ee4fa21252297dc4ee8e8cbbb56a87ec16dc91e9d1774fa2bbf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57dc7fd649143296477de590cbbfd74d
SHA1 5a6e84a94c7bcced3120594e8d477329e5f5868d
SHA256 e7f4282b3d64f0bea24cfc2519da69784562763c222992fe8c25f92dfb870c16
SHA512 d0fce1dd1f98827044a21c5eaff1275ca55a5a5bcef7e162167dc8aa44acd1db19d03663674881fcec13b3f49bcf28ffdbc3b6679c8ece84f213ca4dd0d9d4a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b4c4fd4936a8679402bfd03c9fa04675
SHA1 e1c460f5821cf451c75bf27db467641b8b0d2179
SHA256 39f17ae3cf3b2097de94e56a82a6ac61240741744f2b602a5774b22a2ddbb4d1
SHA512 7c292aa8e4084a20c0f6a35e375bdc37a765999a066eaccb4f4af48de073265ebeb63885a09b863f81a8e7016d39349aa9afe7286151e9b9b36aa2d8b0d677a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b989366da2596f758822f68d37408e64
SHA1 d4ef7d1ea967b365b9dda82840a53b1a3c49d4ad
SHA256 cf212ade750aeb3d5c0fbcefd223fcc58f6f47b3b60d6cb5568baa65a8568f5e
SHA512 79dc80327e78cf47ed32e674de901560805f74e398b5b076666caf9358c045b7e891f932d97824b289750377d8cd2540e6b7a8d0d94ab70a1f7d11722d8cbf22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 132f55d3297198ae9dfa1e0818130a35
SHA1 66783ea14e472a6e3d6a8167f19375b9cd093c1e
SHA256 aa2c63b190556925ec1cee5ecc90183f7bd6376fbb2f2ed33a7fa66910da0995
SHA512 4a7d67f0c9a6e0a71fd2155f41d7759d204ad69ca5b47e7955bceaa67113ddcbd93b15fb07ceb93473e46bbe481bba5e4013ddc008be21d9afdf9c9dc7b0553f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 def61f38c457c3747f520058860ba70a
SHA1 a00891362fae4f1a5a569530a5b9981e33d4966f
SHA256 1c22e0889033e10da932f851cc3c6cbd30f0e8e13cfb5bb89bcd0cfe884905ba
SHA512 e16dac8bd36930174cd44b4130cb06d9889906224df73de268c17e7fdafca83be1f3fb2404b97f88d586ad2c258555066d4a8577dbcd0cb1fe061fcf9cfd650c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e93f4d8ec998d0cb0b39c5693fb4fe13
SHA1 8dcea82cd7453e1351515576a0c95275ad57f4db
SHA256 db7a705a971bceac6f36ba5788cc36a1641b8313b776a804b0a57e376473e98e
SHA512 2d1f0be4703992dca918396c95b13126fc58d9854e2d66ad80e77a97ad158d60a6852d7c82a272c5d341d9d9fe7bcfac386abc6b31a44bc9bc85587697c10b86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c50280ebdf5616b23d2a2f44c70773da
SHA1 560611454482b64f53cfc205f6fadac0669e4fec
SHA256 9294305e7ee3752b7ade45f7819fbfbf1506977e2f8c4b2d75517af1d27a2d53
SHA512 57a0b0a8c316536711ecb245d65b72dc65ee6d8751dff91dc2a8ffc5d6ab0468e8126bc02c5e9a2f1db49dd9c13b9d6352eb594d0ade145b2ec7a1708771d9c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eadcf2dc07377fc260618b24d359dcc5
SHA1 cd15c3fe25456078dd0adaa4bd4f1ec18a8ffd1a
SHA256 6f9a636dcd32f1f88174231dc413485a95520f3d1e6a6d85aa37afa8bbb11a15
SHA512 adeb9eb0bcdd7e969d83a6f8efe72e9a297110b51c82bae27f866e27d0b7a083192b4c10befaf7bc97361a38442f63ab005e273fc7a9383e3bfde03df079411e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0519d0daea26bc7e454dc40bddefc339
SHA1 4f64697914d80c07ed82cd12fbb9e1afa040d232
SHA256 4e9cda1ac4a42c38d208ef185a015bc7bdfb463d8b3407b4116cb92f058f2715
SHA512 0b046ffe4efd60d8fff9ebc1ec88a3d261ff3ca877e3822c3d9d5037c68387ec8d46677878fc176c39c2071076e6bd2894ca23f2a41a5ad3e692b353f0124fd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da234235e65d0e0319921691c787e032
SHA1 d24a870477867ca508bc4c4109cfd5cc8b5210b5
SHA256 5ccd9032e1c810d96bf2d850c1119a14285f2aa7ea12d35635b198cb5a224acc
SHA512 4369b1507cc906ad90b6200a1899fc0a992f3564bbb276cd25f7bbdb6445983ca9ff58ae87d8b97bd8e2b773167512df5dcee91e7b559012c1b419e14ad7576c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f001a04bcaaadf6c29b48dcba7ea6775
SHA1 cf70cec41032caef2c6a16f13f29ad985ae76010
SHA256 2c6ac74d614169c6b66d79bceace0dd958114b7bcda3beb5cb23ad566a6175ab
SHA512 cb60f71360a26d66ed3a3b8d6cba32db1733a99accb84787409b0e32974cdd8bde5b59d1d1996def7b9177fcc2424993b1b5d6f00d93de711a092105024e24a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2683dcef4ada98ea5c93bb7bf2d06b58
SHA1 b12d6e1ab766a95b107dd2929bca157e879f88f9
SHA256 5f75ef2747bf7ab6a63f9e5c6bd71679dc0c9f3d9b3f892913326d870f1ccaa3
SHA512 15252ff9285518fdceae18d683316c4ffacae470b88e968211066e99d9638d0cf488fa9f413e33cf096ba45ae5c9ae66a5910346ca155a0764c4d7b94f583707

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d1d84eed1b6edda5f2c1af26d0f10e7
SHA1 798f25391a4569e301f8d2ed6af024e8606b8fed
SHA256 30444e343dafd05a218b4ad95ab8aefb99108c853edb9d2bdfc6166662cbaae8
SHA512 41860fca5445b6e95709224be0669d65f5a28249c60c04c4de04be414b40dfa38874d36e8fe26bcf1ce0463cd92845436c029292e72f657fadc04868b0ff15c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf569748eeadfbf7a7e92333bc1d7f7d
SHA1 d08fa6770b450ffa5e57ef5e08a061d9c92a5711
SHA256 0a95a1869ac2d16ba8fdc29aa272ddd5b4c9522ee0606f846e8f5746b4ba6868
SHA512 3b48ea0e831369eda3fc902fdba866762d3c01f48f7ccabd2ec61a3fe77d5c8d5919a10c9ce8f386a76aa3f28f40d0584af1510292c1a100bb89c0e523ad19ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e1e71b92a8ca7dafb3202ca7c43a5fe4
SHA1 8d133db4d4883eff116509d192f72d65d4dc0643
SHA256 013eff144e2f09da382c622002c1593627c907a0d6a7eb4b07152a0c6253f565
SHA512 4c48af5c82164edd878c3fa10a00ed9d7e6045030844f256d450a019df4b3fa71e98ea64d633e0930e1734c706b72ccc98ead9386c245d31435bcec850e8f0d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7f646b26c2f242c93ee55dd35d372277
SHA1 eaf0b0e6b4d51e03e7eada45f255ef2ce1f20870
SHA256 c9003486c42cc97cb5d590fd3be4651a6afbd535d4d4009b95f063672fc92021
SHA512 4f55056d981ad75173a001f554a11b8ebbda3187e7377123d2eb012758bdefe282bd458e6b0ad2de48a62374a7d05d3225419797a77fcac5245ba25723936be4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d49333b064cb36fc10684d1e914ec3a4
SHA1 c92e86036d6a6578ae8667b8395ad6bfb8922e3b
SHA256 dfae110d146fc7f50815c5567b93afa5dc3e94fe1ab93408c5d29040dd64a8fd
SHA512 d8e12f278724af7bcd68f178bf000f90334bb3c100196a6f2ed83ce166d6894f1cec2a465a03647ce602b75cfd1395f54acd529c6590abc0fe3136d7c5837f3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8134233980528f23e22b5a6e522fce2a
SHA1 714d5e52ce5a9f0e8502cc5f33783f1397c59e3d
SHA256 842f26b7cc47ca966c09462ef45691ed4eb8cb3bb0da6550dff02f6304fff7e6
SHA512 f0a2b7ad2995c2d402f9085b21fc29259856bd232f136e4e19b22123c091a7dbd038af5402732217dbd5e4371019b8cd7d3010de1b560d6c8042c6890fe781b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c54a125a43baea91ff12f16b29064575
SHA1 9404d3d4c1e96e5d28d3c0d0f3df40ed5ae0d21a
SHA256 010f8d7fbb58a871ad786298e0e808fae43f6f2ba0cc24b07fa7d6411c3bc432
SHA512 6f0f07f36f847912c0d27d504f30fc64bdd67b9b09f3271fd0d2c36bcb779c71ee097b85f084fb8a2779f61d09e70b9b9bc865c88d6e0cc715991f13280a2687

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52f239091bc9b8c629f2245ad85773af
SHA1 d72058a205f146148acbe6f006894e411a960eba
SHA256 eaa2d33f0e2bb09969a38c053e44a7003c3370e9b93e31b1617c7d0452bbba9d
SHA512 be3b0fddbcca444e630356c7affd6229390af97fa6ca45f6c87a9eb54c387a58233c42b147e47b618168aefa879cb3d0150c92d1815286dd161a0d3166adfeb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54338eeb6bb09ca02076c894c20ae960
SHA1 529338b6f27ed19eae3dba0ab9a59af8f191e5c5
SHA256 44d438ffc7295e163c2884dac7bcb2475cec622a0500bd2232093d5942fca6bd
SHA512 26f0922592b615f63c1c24478321e82fc6ee58426f41a62890eeccbb33880b45a3ea2bba85b166c45874e21efa19d3181eee36d13493cba2c5c8a15468a35f99

memory/3396-2480-0x0000000000EE0000-0x0000000000F1A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25aec78dd17abbdf04a206ba23888bb9
SHA1 b65defb3182c2b58db8f0172578992a8f6d7acfd
SHA256 e69a9612ee64889647d6ccf7ae3416819fac8bdfa79489e51e7b46ace678a399
SHA512 57652ee4d761154fa32cc2db90d1f99cdffa8b693e97da67ec3f51a4d39f26b52207a34cebddbc500213f6d623d84dfc1f9b9740a339ac11bd75a095e8bccad4

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_chgh3dte.yrk.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5792-2490-0x000002ED8A0C0000-0x000002ED8A0E2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 173770424a3dbce8593598588d93351f
SHA1 d7fcefc88c2bf86606a97fe9a1551bae8718b232
SHA256 4cb553061cae756093743694cfe412742e9309726d814db042b2da9a297a484f
SHA512 fdad0f783096c6b4e690e1a755e163647d4a18c5d9fe539124644192642297444d4ee1918db11d51af50e0535be37e0ea2a7dc01d8e3793c0ef9e281126e1561

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 473cbfa983778367d1bb0d627fd58964
SHA1 1bb78b6e4ed318cb869a846fa7c7ba538099e62c
SHA256 0a8b242635c74ac18593ba81a7fe07a250f5027067d150248b34ef95e0578237
SHA512 4ae6526145c832b09b6d22502be168e434bd59d344bf0f363b7e8fccdd870d655c9105c0033670f863010862b88c15718f14d580c9601b4945643987c88b1bae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4fedcc2141719bb3f129f2ad30e93301
SHA1 ec65e98177dc0f7835b300839cae649ff1bfe5e7
SHA256 58c41a42e0aa0dec74b80f461506898601c410b8d26ccefe1835386950c15347
SHA512 719b85d6271fc704ad8076be8b1c3d5b68fec4520220a22324473398b292df1028d89e49c2c46be6ed4286298684d222d5e0a2312b51ec537a1b84636df7f441

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 db4963e7c1554507d2daa1903f666114
SHA1 93f49a24f3b7bed09b98d7bbd83979c432b57d02
SHA256 93dba70dc584ba17e3c5d67fc819d2109046b834fc8027e9764ac65eb50fbbdc
SHA512 701df791d385863694de0fb6b04f45ca9f8c6454e2c66ecff77cfb67b34b74fde39b43d987dcb75cbf1a5ac1606f7837218423aa71381762dea48031c1e993c9

memory/3396-2647-0x00000000017E0000-0x00000000017EC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b2f629c1e2cd58d5bf96450a5993066
SHA1 7c2d67c01690fb4dd57cc161889760bb70e02ebd
SHA256 86db4b9edbc5980d1c3fb037a99d71b4087551dfebd7ab6826470b4c47f4ef56
SHA512 348ff9a0cc5c205b658a3e280ed948a7a53486878b5a3cf2920e0a1af2af194224df31f398bcc9ffa7d1ba3432d4d99908495763c340be8d1bb3afaf781596a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d2362f3e3e0224a4455f8c24ccb5429
SHA1 47b1ed7a2ea86112dc7c5400a76a72567f51c91d
SHA256 a33cd30db40bddab4de6e65ba0f8b018569dd45cdad264bf096a167c81fe313a
SHA512 4ec4a4ef7b6ec5f4bfbab7fd0b2e60bafbbf458dd3c422c06e5fe15e718472624af6d1e3df66f8995d6094dacb305086abd5c2511500d1ac83c0152290012c46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7fd2ded5abf2c0d49ad18d038f4caceb
SHA1 d86ae68d3de9fb5b2da7d16da6354bf8e7392c26
SHA256 b35a1022f4b40b8b0ab9890ed93989a146301760b6a6a16c0c61d196f87aa5fa
SHA512 0fd77fa686eb7e32926ab6d0b37e20e01b8b0397ea1c30d305ac4f75bad7c8cdf43886ccb93d26941515cfcd1105275550cea59e31b7975d29e75d3912b5ba09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 6f181abb2569adbe1161ae1d32733af8
SHA1 24d9777118d1c9479dc6e19ec73abc4e18152245
SHA256 c1271aecfbb64e2e7bc5173ce7bd28957feec3c5b4b523fc3611d274e67b9541
SHA512 2c50f737239a6fe8fb3d5bd8837214e69c0b65fa0822d338e7883abb79be2cc4439d85a4b60b11ff4130fb20e1cb46bdb343bd2bc9f30d24a5eed99e0fadc9c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4768da5719bc9a1c8dd37b55507d2a6
SHA1 29daddbe7bd369cea80e33e2743c7877bf117815
SHA256 af6592dae3792a6738465e0d03ba3358e8886e57a3d650f469acbe10b8ecf83f
SHA512 418d313642bad3fd4e57e2b0d3438c167cf01c5369f66728e7ce1e091b72bcfac198ee631e4b893083f180b3076548a9fbc2253ab5db2bed04ae952a786a8c8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8cd7f08ee2602d56177366c2a30cba03
SHA1 d598a22f65c196579703132b9737145f10cdbddb
SHA256 fb408c7bc278eb2964c304d17b846f0d2bfe3d783a202caba1e9a16c3f1145bb
SHA512 0355f658ff55de9f187a0b3b01f0e99b43f4401dfbbd14fb89033a0c4b4aa431a769e30236fdc404ca664dd21c39e90b1e29942ca528bceeb400e3f8c0807fd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b1461022-2224-4c62-afff-3459e8f026e1.tmp

MD5 bc8a0563ab53b423f638cb9cf041dced
SHA1 645a99ddb1609ca4d23f63bd1dfa2bd34457602f
SHA256 3d04ff712763929338da98a29fd4f454ab918d73a10652f8852baa1d6042d9ef
SHA512 523f739d7601f7a7c2adcd3d4fcf910748762f85eea2ab730e39fa17274799ca1471d9f3f6c6082658cbad751f2e6f4677b8be78dc1ae501200afc1d11daafce

memory/3396-2786-0x000000001C870000-0x000000001C920000-memory.dmp

memory/3396-2787-0x000000001F1C0000-0x000000001F6E8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69cb7bc3689e2b30d4f18d0e8d25beb1
SHA1 20ff81cb3eb525141475982f66ffc12c9e02726a
SHA256 09ef2522b9d7c175bc47c9f6c1456defd190eb40a6bf0e5d1cff752118dbaca9
SHA512 82bab7a1b161db771708c51b5ebe9f4a7391bd099cb455997d77d135ddce9cecd5c9250a99a51384247af33e44e3cccdaead097dd2d218f79ea1346cdd692e99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dcee93ab2fc1dec9db1bbd0c5b723e80
SHA1 acd056dfcbfc6552bdb8f109d5600d8bcb0657a1
SHA256 e03ba4df1a6a2ef5aa3ee46cf21249c3167a42ce74630f2f02cba2760ca9d720
SHA512 a0bdecc15e6bd0af2ec03ea5c302ec4bc48532249ac12e27e038bc98ddd5ef0b72e533dcbc2d00b8f43603f020f51180e1833aba99cea75b00bc9c9ea2ecb200

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 987a07b978cfe12e4ce45e513ef86619
SHA1 22eec9a9b2e83ad33bedc59e3205f86590b7d40c
SHA256 f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8
SHA512 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 527b4837b28f88a07373bcd9da0bd8fb
SHA1 62a4cef88c754e45ff8b7e88c518981015f9f7a5
SHA256 6a3ada841a2ef42f425a7965a2ce32a62d2a421fc49407a003b681c34b32d563
SHA512 00e05ea44bb932238ac12739e5e627b7708f3752e2ce882e6de0d5bce5d6b3b921dea65f9a6f04305cbfcd4e3b1e4a23f5b6b05ed4f695342200814ed32ec610

C:\Users\Admin\Downloads\videoplayback_3.mp4

MD5 d7148a7a92b44065ec8ee5b1a7b3f352
SHA1 564ce3eb3ec1d862fc328d621af3d1cf02bf17f7
SHA256 529091933e2eea23caf15edf1e7a1d235d775762ad4da31bccc680f51ec80bb4
SHA512 33a4b6cf2bad8df5a4c09d08c720af44f1c42896a54dfef9768f6d101e4112215402d1753f24810ad93f951363ef356e4d7725f65723adb2a7ca8fd96e8f11b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13f3e16b32a1991f0261e19c0d1e0f61
SHA1 46405c7f4631fc7efe23d29c9bd19c8bdf4d5b2c
SHA256 4217b679b4a407a90f24f532fc4da0347413a97950c505c84ebaf1d0de0be7b5
SHA512 17078c16cfa866d8d52bbb5d16eeef9256ce48587b5f82ba2cb803960d83e7505881bca98b2f512db02352cda7b28cc0f99d65fd921173ad75f81f144e456bda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f9012e0267c0ff843c4c9d582d3d6eb
SHA1 0e8e72797925446153e679fbfe8c284cfd69a2cc
SHA256 45f9e4e90d8615dc53ad9d6f6928550c5a069871a1e9e97892a7d309c31a6bd2
SHA512 52352fb115e0496f0dd16b1ab9f4175d77ae55e27f2313cbe41926b2135a320b52d7d807ec885446642241a4fbfadfe3f3fd5e8748ba7f7b5b1bbd217db7b264

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0b055b117538123a5d244b6131598516
SHA1 3da5f6e7bcc41d9b0bbfa504532e88ee4db1b8d6
SHA256 7ac495e81938602ac5b82281da50f72f51451eec3fa90e1e1633ae070c4324b4
SHA512 854074acbcd1f1aa2bc5da09cf17935edcdd66bfa4a85fa58b5c9dcbf6d1e085109a706bbc3e73a5d681b3214b0dd9a38b89639a51944ba954e50ceef12804b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0292ff6f2724b688b7911fd017f17166
SHA1 6a201166e7bf892d53bd806955f149a2a46014b6
SHA256 246b912b3b98d7e73fd1fd0c70ae625e9aeaa31d4651000eee06b8786d59ef5f
SHA512 5be9c96ae279c04479dafd6cdeb37d94b65af1ae6b4c6164a618e3809c066d0e3597258c8ddcdbefe71bd70a442ad452ae08d3c8c50526188dd06154ae1b26d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a1a8e6a507926cf76d8028e6eeb9869
SHA1 a734a53003506cb12e5e28cb9819dbf5e47113da
SHA256 8d252b1cfd8115a1b7db075f521ffb1b8955701007e364cf1723576854d70d47
SHA512 f9297ea25ec0d418685f01da40f8452cb515b32c5b23d1fb10d40d16e1913a115393a0638ba6250cfcc182c4e1cb9a6c6a8aabbc873a0616753db90c282f4a14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f7eb830726c65dbf9200c5c82fe545e9
SHA1 0c0cf342adda67eef483f48773c4cdce93dff485
SHA256 cd15c1a9dbed512d3a436094a593e0500bae6711a0db0f3643e69b05ff6fcaab
SHA512 42c3177faf3dab5049e2c3ac0e92410e66883bc3591cf07dbb3b36decfae3fc9faea1bcee42ba75175a768436dd9be838d6f6d757e1304c32fdbadd0349ac535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7dbd6da7ba227067585c178cc05f98ac
SHA1 54e2b4c469b0ff4e53eb5dae8d5ebf262d003a32
SHA256 5d53bbda1c1cea86402235e6e6e98ecc2b9ed8477c90221bb30598e1d4621045
SHA512 9e5d6af2b962044713792db63ee3e546947233fa003ecb24e2f4c779812b8a5f3b2b8977d11d6cc7af21ed640dbe6a99e49778ad9ac3707bf1f55d24b6a53504

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2427ff246bbcc42067afac6ae86ab3e5
SHA1 b6bcfd5c055a4776bd2f9aaf9f281811d9643956
SHA256 0bbe211488ea4c772038968a7917273f436ebfb08f8393e4ac4ea2bc84bd7234
SHA512 658d9aee44885a5936f803f92f8fc7c86b4ec1d5d52708724098956353a66a290d2d77982c4267e02186ca1b6d4f8a8e6c37547cc62ee7fff7ea842a8f88d1d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fad1c7dc5018e22c9858e405eef77f73
SHA1 90b8b2d3c885c9bab0aba012eb6ff83047f52e95
SHA256 c6afc57726e8442d8c62b190a5384dc51286258efaea8fb1dc02f6c1a6bf6184
SHA512 f8d344e4f971ae70eb747e5aacdc0172276fa4b86921ad62325f3119683121997aa397f3334b535540ed2f063ea86af4ecbee75632d66f04180028eb9f234ed0

memory/4740-2928-0x0000000001000000-0x0000000001020000-memory.dmp

memory/4740-2929-0x0000023B6B000000-0x0000023B6B042000-memory.dmp

memory/4740-2931-0x0000023B6B060000-0x0000023B6B066000-memory.dmp

memory/4740-2930-0x0000023B6B080000-0x0000023B6B0A8000-memory.dmp

memory/4740-2932-0x0000023B6D100000-0x0000023B6D15E000-memory.dmp

memory/4740-2933-0x0000023B6D160000-0x0000023B6D1B6000-memory.dmp

memory/4740-2934-0x0000023B6AF80000-0x0000023B6AF86000-memory.dmp

memory/4740-2935-0x0000023B6AFE0000-0x0000023B6AFE6000-memory.dmp

memory/4740-2936-0x0000023B6C9C0000-0x0000023B6C9FC000-memory.dmp

memory/4740-2937-0x0000023B6C9A0000-0x0000023B6C9BA000-memory.dmp

memory/4740-2938-0x0000023B6DFC0000-0x0000023B6EBF8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e455cd8bc5747dacc5cc47a324816ca
SHA1 83084b2bd4ef40e01eb14934f1f286b1138fc07f
SHA256 2d22cc6f6f99c689f85f809fc48973d50dd412334782d5305949dc5fbba0e116
SHA512 84cdf186e813d9f704a9774c23515403927e524632df70334ca28d6f0f41676de0cbfaae5fdef9be121804e9be39649175bc60a3d0c85bdd6d4d1ae5daf29b53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 569adee53a6417576c3e25f91119d6e2
SHA1 c99fb8db84fb2b5bee350ddb5321d73e8663e026
SHA256 ce8bb09068018dfa07a4c17ff3c5b3d873486dbdd6bad5302f411a5927f947d6
SHA512 a7817d4617f10a3a80740cd05b3c2d6feae16e770bbe69d2a6f53bf38783035ba555489589a66e479092c99e78fbffb4669dfd35d69c22024c2183be7c7a7fa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c66b7e3b0563d85fc0b629ffcc3e9fa
SHA1 8a445d24442773a45e58bac654ba072bb42b7587
SHA256 2bb7af5b967a628241bf0e3a64405b73f15ff1dce8206a5cab84858c4e393d24
SHA512 dbe52c4f2dfcd0db3e079c4c3f9ed4aab847a55a43c37acca82868012a3c1cacefee0fe7c1f8cb4ad5e1bc33412e5ec27c9bac8d16a0bc6bef39761df997a02e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6146e968dc4c21902cd1d8b89da6ca01
SHA1 8a51f685b734b4171b72e8fba5109434fe68b2f3
SHA256 58e6a4a42a590b859449d3eab21b44cff98f4c8515d5f226bf5ec5a4d799f8b2
SHA512 c3f31442aa416c9cae94687e08bfa26ff10f00c2c6b9598d44868602ba550e17d2a0d0076eb6cb057cc82d0393fd901cef348c6a737a129755bb77d7229ed640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8a4e559cf59a4208310e11a8080fc15e
SHA1 8a733defda9950afb1c6d6b4446c255b1990d7c5
SHA256 1b781f95281db16d35066e51534e357e391627c36eba7e96aae3ed0a77017361
SHA512 d6d0cfd92bfd855ae0dcfdaba752f98ed79dca0afb7c7cdc584e0730e921281420b5695aba7ce960c8627da364542bd2e2e1a04e1c057b68df44ffd829618122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1db7e6a25d94560653d2e7b3f8d8bf6
SHA1 80190659bfdb92ee030a60569840b57a50dd6de3
SHA256 8d284e600a24ed959da441df37f1ba6f3d9958efec619b7d1c4a89e7c408616a
SHA512 21dfb82c460eff0e058a53b6587d11bb20a96f91d162cfff40dc906bc8ae2b253336d68702c1fb3e960981bfbfa516922e8f22ed22ae59c70a56b7cd51679ac0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b15eab45e493da627a1d11670be32bc6
SHA1 0d31c90f1cd2dfb5b8736d449e6f14c86f9a3e8e
SHA256 e9b9b30410f80b6518e416f38c2c739c68efd3390371c6fa48026b54bf14ba60
SHA512 2f92a70f26ae3db41d5c292c6ecfee54e080fce94ce18cfd6a850333cc8a28305396e4a961a3ccb836b09ffbca02a1579be5da8856c6fdeb67c7eced55df7626

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b140716e271aa53f2ac1dfa34df1d036
SHA1 c5d6c362d7c839fc3668e9b01b8fc3a0f4e8f58d
SHA256 a880bae1a675964101ffb01c9ff6412c72e08f87423ff0c154bda1fb13c8f067
SHA512 57a3ec52949094584f7aa0870b8eba37d4e8c40ed768cc9f024ab7fb0ee7b1249c50fdc3ea75d9a73a0d4cd846ec7c03dc4ae7324a53d87bffd9ef9862be0ca6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d166d3e7c21c6aeb722bd69b66afd54c
SHA1 de6d1a4283cf0a824a9a7c057c6bacb7fa04e812
SHA256 5ee858ab19a7315c35c7338cae8aea87dfbe3359eba20d5d8edcef7bc3f31bca
SHA512 ab723b62ccaa7a8c066f6477650d0a995e85085d38aa7d5822bd58c280e9e0f985a384bdd9f05c321c6c96b8f5c8bd939a3c526fa9682090c19facac7f90c846

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e94186098d3feea89afc79dcd8e7d22
SHA1 3e509c37171e22ad75b0d988e5c151090297bbc5
SHA256 6c4957d68e381f54aa36e577ef3e0c9ff40009133eb51dad2b6874f336f16995
SHA512 f1315f1e22330179826799b03fe257199283ef476f226992c1d1306f756d8d87d84421c8f9f3b0084964f7d705316b566a0a9dc7f6c4f4f937f3cb5e8f283c6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d6e4f58f9bfe46227a95ae343a252198
SHA1 a9658e7c31cc2faf0cc3cca1627900f8e2e78ada
SHA256 c3e16ffea47e6b9cc9b042479c078a471c26da9a8e4cdda3f76eb9b2fc37fa5a
SHA512 50148bb4ba53550fbc6209af6b9bac9dd4b49cd0aca3deb7aae07b14ad8715c60d9786d7a6793e06291e008844a5d9d0a68a6dc0c860260f6d946817a7780e2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 553cc0c4ccdc62417590b0f04b1b5599
SHA1 9da0dd7c42e581e3761867582eacee24fd53ea5a
SHA256 cc9495921682d32b42f3a76fa47b12ace6b726e4164822b8ae3356f50909e8f0
SHA512 d7c171a0b806b4717b51aa248d05fa6c51c025b738b2fb3b7a7575872517110a5b4e01521c9a8447671c7a48a4584e461d2bd07044067c0779c4bedc2ff352ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a98c43f173605e9538bfdfd1d2456823
SHA1 cfa2ea8f90ca53e03c071820a474080eac530efd
SHA256 c4dd5493e6b2e8b7808729255fabe3de8f83064c163857a44c2c2687e9018810
SHA512 9dc1e6d854b63f602fc784c0eac5aab72726ccc9200d9a114efa9d1dae6e42037ca07438fc7fe08f8978907f7d32bad091bddcb9bf23af99fa1777d11c12c9f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c145eda456b3b9a7ba1d6340faa01a74
SHA1 9860d2dfe30cfffdf761cd36f2cfcbef14613739
SHA256 36287a0cd949ed5da4bf31d0cf04e9aa601eda47f4a8a61a42829b304aaa0490
SHA512 2c4df365a920116f37b3e777c0cba03cca738e5ef994607ab77fb9c31d06c8f8221b387f9eabad71c90460641417069f238a6d75b8eb7fe1217de3cdd0329c77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cfe9873b78aa6635be3cd3f87031d858
SHA1 4bd4008e692c27f8413040c4585e6610ae16263b
SHA256 ad1a64fb00567b0cc4b75540e5ca1dd511fb598aa47e0080ecdadfbabf37e3cd
SHA512 0fd6872daa15b91aa7a4e08cdcbb1e410a9ebbdd3a2653faf86293a23d2ca58633e15b5d43829da6020816ee747dfad1e5b668dbd6a097ac4fafbe59cef55a04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

memory/3396-3369-0x000000001BFD0000-0x000000001BFDE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52c2a4e035ceaeb1e038afdd7bdb7dc9
SHA1 5d73edaae30124dbda0de11ad5823a957b4596a1
SHA256 577a7d4e16132ca47eed65718e508c632e3d8fc914749f7766f1347f63791e78
SHA512 ab67003bf0d324853f88bfe54a50cfd25ee8237b35a2375647c4f76724fcfbb31d7004edb9e067b12423010467bfebabed95a1b02402f5dca60853344b20e50f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c928324f908eb551bbd7cc5733ec71b
SHA1 ca517f93648ed205f9b11ecf87e4c7a15e71d482
SHA256 2adeffdc987af8af421b084e24366b9b90f17aab5d0a4110eff8291e313aa1ca
SHA512 4a760cf7098fe75feb64dcd0a676169236742549f29e08dd0634a532366db5ecd363d9201c4e097b60c0bfe5dc103d3bd4de8c9e9bf482c820a137ed139d271d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d215a67d7ef0d153f8bac2597aeeab1a
SHA1 f06ea374e29c562775d1e9112e3f47bc35bcae65
SHA256 83d9d10e68f30bcfb7583cf35c43ede04e1bd9b9ecb930a679dbc461b5e2832e
SHA512 c6cc6a71dd259bf5943e0bc1090daa0536b88eef8c733ef8ab11e4947a3b1e6705ae8466cddf4489afbaacadeb4a323efec427b657c76a685a4a64dbd928b005

C:\Users\Admin\Downloads\MEMZ-virus-main.zip

MD5 a043dc5c624d091f7c2600dd18b300b7
SHA1 4682f79dabfc6da05441e2b6d820382ff02b4c58
SHA256 0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a
SHA512 ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38d12c2d0f1d8f0ad3bba05b88990a2d
SHA1 83751294fcd2874faef2117ae851248cf4d68017
SHA256 97d3b7621b492a3fedc52c924fc0ff404f5d670726e5eabd4ce3b3f29697d16a
SHA512 02e447586f053eac93fb11b573cb2ef705d55c17e9fa3ffc0f2c09c4d4137dea3f31fc8c2154e6cdd6e5f43c8289ddb8b36a2f92bd0f2d01cc6bab18b483ded9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a7875e81d2fd77af87558b4305983435
SHA1 1610427e62694a19f327332d567ea10827f85255
SHA256 e8218f2d52caa82510249d0884d7755c062a9330b0fa4f357084afd302db5859
SHA512 ee652990dceeab9b99bcc08848055db6aa70a7a184563bb42022a30411b8cd5dd5feb36f80d8c6cde0ed3663c7f3510b33acfd5e2f5a89b157619c6fae9e8284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 47f70e5201ef34c9a2fd3a2f5c143aa9
SHA1 447afe3ddfdb2456781dfd7c6f0930f7672e3a5d
SHA256 7380846ab0e2640c58136bcfb7fa4f1c318126cec623ded9f2b6c323407f54dd
SHA512 8c7bc66d2f2d06a6296de5b9ed05ce087857c0af737ed4e2d6ff641259bf80ed215e62927fc38e531d2214d2abdb481dfb6ef0773b06f543cf1a1fa8d6ce1f93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 44514a37cda48f91e592135528421970
SHA1 d9c0fddbd103c2b437d981178bb7e4e69272391c
SHA256 00c1849d9d6b67a061495e18f116a401b61272f9cb2119aed5663f8302126a2d
SHA512 109dcc09fa747b5ac479d1db1c6f1379b3ed40d4b530eb8e0bca23eecbad2837ae669402faf6316d2b005da06449af272f20bd390d455e49f952f61b4d4a89a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4eb10910ade277c71a98457dc4a513ce
SHA1 605430ee7a45adbe811160d90e385fe2f127119c
SHA256 1842114132318f8dac4b503dc18b5bbdec8e6af916272c1836a0717e1f4eeb4c
SHA512 d0cbd0005154afe0598dbd4281c53be808e717220ec1edf7e321603a102f6e409fd9b7a400370814177452ee772ce17e6173097ef168625b4a4a0ae465c7ccb8

memory/3396-3509-0x000000001C180000-0x000000001C18C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 77cf82aa65c96907db37175dc732b10f
SHA1 9a3fa685e91f818205b3a5fa13e2f31289761c34
SHA256 44a6e45e4ef7636d0c2cf4e096b24c02dcd35d642f1365c338562fbfee9dcf4a
SHA512 ef7386a3687737617cbeec4a7dcee72c96c12b0a0db57893deb2ae50e18b29b36a9031a62fa854ad33e283db69350b0951aaea634864bbc0eadb2138a495e3e9

memory/4572-3544-0x000002748AC40000-0x000002748AC41000-memory.dmp

memory/4572-3543-0x000002748AC40000-0x000002748AC41000-memory.dmp

memory/4572-3542-0x000002748AC40000-0x000002748AC41000-memory.dmp

memory/4572-3552-0x000002748AC40000-0x000002748AC41000-memory.dmp

memory/4572-3550-0x000002748AC40000-0x000002748AC41000-memory.dmp

memory/4572-3554-0x000002748AC40000-0x000002748AC41000-memory.dmp

memory/4572-3553-0x000002748AC40000-0x000002748AC41000-memory.dmp

memory/4572-3551-0x000002748AC40000-0x000002748AC41000-memory.dmp

memory/4572-3549-0x000002748AC40000-0x000002748AC41000-memory.dmp

memory/4572-3548-0x000002748AC40000-0x000002748AC41000-memory.dmp