Analysis

  • max time kernel
    338s
  • max time network
    333s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/01/2025, 12:03

General

  • Target

    https://github.com/SmokeLoader/XWorm-V5.3/releases

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Obfuscated with Agile.Net obfuscator 3 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 21 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 47 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/SmokeLoader/XWorm-V5.3/releases
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9ed28cc40,0x7ff9ed28cc4c,0x7ff9ed28cc58
      2⤵
        PID:2008
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2
        2⤵
          PID:4040
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2036 /prefetch:3
          2⤵
            PID:1116
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8
            2⤵
              PID:2768
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
              2⤵
                PID:3980
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
                2⤵
                  PID:1268
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
                  2⤵
                    PID:448
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
                    2⤵
                      PID:3568
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5152,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
                      2⤵
                        PID:4528
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                      1⤵
                        PID:4808
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                        1⤵
                          PID:4384
                        • C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                          1⤵
                            PID:1712
                          • C:\Program Files\7-Zip\7zFM.exe
                            "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin.7z"
                            1⤵
                            • Suspicious behavior: GetForegroundWindowSpam
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            PID:1724
                          • C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe
                            "C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe"
                            1⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Enumerates system info in registry
                            • Suspicious use of AdjustPrivilegeToken
                            PID:560
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
                              2⤵
                              • Enumerates system info in registry
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:1712
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718
                                3⤵
                                  PID:2468
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
                                  3⤵
                                    PID:860
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3504
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
                                    3⤵
                                      PID:220
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                                      3⤵
                                        PID:1772
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                                        3⤵
                                          PID:5020
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
                                          3⤵
                                            PID:1964
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
                                          2⤵
                                          • Enumerates system info in registry
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                          • Suspicious use of SendNotifyMessage
                                          PID:2588
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718
                                            3⤵
                                              PID:2916
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
                                              3⤵
                                                PID:1508
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
                                                3⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4764
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
                                                3⤵
                                                  PID:5088
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                                                  3⤵
                                                    PID:4304
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                                                    3⤵
                                                      PID:5084
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                                                      3⤵
                                                        PID:5020
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
                                                        3⤵
                                                          PID:3508
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
                                                          3⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:2436
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
                                                          3⤵
                                                            PID:3648
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                                                            3⤵
                                                              PID:3556
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                                                              3⤵
                                                                PID:3564
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                                                                3⤵
                                                                  PID:3636
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
                                                                  3⤵
                                                                    PID:4424
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                                                                    3⤵
                                                                      PID:2424
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
                                                                    2⤵
                                                                      PID:344
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718
                                                                        3⤵
                                                                          PID:3844
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:1528
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:2100
                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                          1⤵
                                                                            PID:1772
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:3224
                                                                            • C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
                                                                              "C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Enumerates system info in registry
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:2292
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
                                                                                2⤵
                                                                                • Enumerates system info in registry
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                PID:1192
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718
                                                                                  3⤵
                                                                                    PID:4316
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
                                                                                    3⤵
                                                                                      PID:3148
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
                                                                                      3⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:3680
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
                                                                                      3⤵
                                                                                        PID:4328
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                                                                                        3⤵
                                                                                          PID:1972
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                                                                                          3⤵
                                                                                            PID:4644
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
                                                                                            3⤵
                                                                                              PID:2632
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
                                                                                              3⤵
                                                                                                PID:2420
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
                                                                                                3⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:2504
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
                                                                                                3⤵
                                                                                                  PID:3264
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                                                                                                  3⤵
                                                                                                    PID:4800
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:4896
                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                  1⤵
                                                                                                    PID:2684
                                                                                                  • C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                                    C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                                    1⤵
                                                                                                      PID:4388
                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x414 0x4cc
                                                                                                      1⤵
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:1808
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                      1⤵
                                                                                                      • Enumerates system info in registry
                                                                                                      • Modifies data under HKEY_USERS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:4528
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9ed28cc40,0x7ff9ed28cc4c,0x7ff9ed28cc58
                                                                                                        2⤵
                                                                                                          PID:2164
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
                                                                                                          2⤵
                                                                                                            PID:2476
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2232,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:3
                                                                                                            2⤵
                                                                                                              PID:3868
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2468 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:960
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:2400
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:4840
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:1892
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4780,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:976
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:4560
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:3932
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3192,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3416 /prefetch:8
                                                                                                                            2⤵
                                                                                                                              PID:2988
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:8
                                                                                                                              2⤵
                                                                                                                                PID:1152
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3428,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                  PID:4460
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4456,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:4904
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3728,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:2
                                                                                                                                    2⤵
                                                                                                                                      PID:404
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5176,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:844
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5000,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:4932
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:8
                                                                                                                                          2⤵
                                                                                                                                            PID:4508
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5404,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:1592
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5636,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:8
                                                                                                                                              2⤵
                                                                                                                                                PID:2500
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5764,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5788 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:1900
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                1⤵
                                                                                                                                                  PID:4092
                                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                                  1⤵
                                                                                                                                                    PID:3684

                                                                                                                                                  Network

                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                        Replay Monitor

                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                        Downloads

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                          Filesize

                                                                                                                                                          40B

                                                                                                                                                          MD5

                                                                                                                                                          186ccc6761714f7e88de1fff069b95fb

                                                                                                                                                          SHA1

                                                                                                                                                          c7dec1fff5e2f359cccf94875265f96757865b34

                                                                                                                                                          SHA256

                                                                                                                                                          abb5c7113a03fa5d3a4d6d25007f875d5189c85054252a03a3c9d2cc64a5f59e

                                                                                                                                                          SHA512

                                                                                                                                                          5f346abd0068d56df1bc7236a8f8ae6e0397cd35c7e8a6554f90724bc4936ed6a1f127aef797391d34ab458ba9ff3337bade05334155aae7473e6c463b0499c9

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                                                                                          Filesize

                                                                                                                                                          649B

                                                                                                                                                          MD5

                                                                                                                                                          84d204fd19a078d296649313f3c0da47

                                                                                                                                                          SHA1

                                                                                                                                                          7662194bfb20aba2bf245aff6718aa26ab7cd94a

                                                                                                                                                          SHA256

                                                                                                                                                          9d889e509173c6020ff38b4efcd807c9f0df28f9a1ac4e9b2404c8e3f1176abc

                                                                                                                                                          SHA512

                                                                                                                                                          9dd27848f213b5a5745c5e4d550bbe9534c0430f9d41d693019ff4b71a389ca70d0d3bba6dbb07ae184e18131f7ec1b6991ef7addec9d1c5ad604840c7272f7f

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

                                                                                                                                                          Filesize

                                                                                                                                                          215KB

                                                                                                                                                          MD5

                                                                                                                                                          d474ec7f8d58a66420b6daa0893a4874

                                                                                                                                                          SHA1

                                                                                                                                                          4314642571493ba983748556d0e76ec6704da211

                                                                                                                                                          SHA256

                                                                                                                                                          553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

                                                                                                                                                          SHA512

                                                                                                                                                          344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

                                                                                                                                                          Filesize

                                                                                                                                                          41KB

                                                                                                                                                          MD5

                                                                                                                                                          ca9e4686e278b752e1dec522d6830b1f

                                                                                                                                                          SHA1

                                                                                                                                                          1129a37b84ee4708492f51323c90804bb0dfed64

                                                                                                                                                          SHA256

                                                                                                                                                          b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

                                                                                                                                                          SHA512

                                                                                                                                                          600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

                                                                                                                                                          Filesize

                                                                                                                                                          215KB

                                                                                                                                                          MD5

                                                                                                                                                          d79b35ccf8e6af6714eb612714349097

                                                                                                                                                          SHA1

                                                                                                                                                          eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                                                                                                                                                          SHA256

                                                                                                                                                          c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                                                                                                                                                          SHA512

                                                                                                                                                          f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                          Filesize

                                                                                                                                                          3KB

                                                                                                                                                          MD5

                                                                                                                                                          e5616d03017a8802c6aabebe148a9653

                                                                                                                                                          SHA1

                                                                                                                                                          cbf4639151e8e2dd97ddf268c2a88fc0c1f27c8b

                                                                                                                                                          SHA256

                                                                                                                                                          1542eefd60443c329f7e546608be622d16f6d2336006f9eb960d481463eb0852

                                                                                                                                                          SHA512

                                                                                                                                                          ca17635026ea12944db3657127b4b8fda0a984aa62b3282deff718b11b0d80dac984242998858a78d932cb6a163c1c98c6a51ccab452a9e983579e5128df2e89

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          44f46d0056c9cc823f7b02f14b3639ae

                                                                                                                                                          SHA1

                                                                                                                                                          3a265f09dd9641e54f1926a1a8d19178cf7ef71d

                                                                                                                                                          SHA256

                                                                                                                                                          12178355f240c4db9ccaaaf0b032ca00fcc32e56abacfc3cff6abfeda5b7d334

                                                                                                                                                          SHA512

                                                                                                                                                          b1089d6d7259cd6734bd77ab3fdf9badcd7305c7a40f9d6837872ca79c4e7c8c0cbd34ccad4d4235aebeed61b78e9fe38597b2aaad30e1814c65bb700bdaa2ca

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

                                                                                                                                                          Filesize

                                                                                                                                                          851B

                                                                                                                                                          MD5

                                                                                                                                                          07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                                                          SHA1

                                                                                                                                                          6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                                                          SHA256

                                                                                                                                                          6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                                                          SHA512

                                                                                                                                                          7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

                                                                                                                                                          Filesize

                                                                                                                                                          854B

                                                                                                                                                          MD5

                                                                                                                                                          4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                                                          SHA1

                                                                                                                                                          fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                                                          SHA256

                                                                                                                                                          6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                                                          SHA512

                                                                                                                                                          939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                          Filesize

                                                                                                                                                          2KB

                                                                                                                                                          MD5

                                                                                                                                                          2d9b5fba7421994981bef38d083896b1

                                                                                                                                                          SHA1

                                                                                                                                                          abc572a8caf66ebcdf89307d4e6c715169449672

                                                                                                                                                          SHA256

                                                                                                                                                          2b1a5da54de62816585aa8cf0013c0e15ae2d845ad86987f37b200636835c892

                                                                                                                                                          SHA512

                                                                                                                                                          54b05345e04fc8f27fdcaaeda836aad204be62ff6f1a21b46255dd17afdff88d9882d356bfc776a62de1348d97f4e2efedb6b6809b3d0ea3aee89530ecb02f3a

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                          Filesize

                                                                                                                                                          2B

                                                                                                                                                          MD5

                                                                                                                                                          d751713988987e9331980363e24189ce

                                                                                                                                                          SHA1

                                                                                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                          SHA256

                                                                                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                          SHA512

                                                                                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          e9a010afb77a6afc0ef689c980253ef3

                                                                                                                                                          SHA1

                                                                                                                                                          07345d22bb0be8772230168a44ec6aa3e6ea6904

                                                                                                                                                          SHA256

                                                                                                                                                          a807933cee5aa85b1a39deb21e715dcbf467ccfe3f8f30934ada6cea98d6d93a

                                                                                                                                                          SHA512

                                                                                                                                                          debf174ac89a170e28d6c686e2a3cec69e5ddd3e5d93b8771721ae1b86cde5cc608366bd395badedc166ccfb46843beedfd6867f6f45e216d6c55890213577eb

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          9dad414323451102f68a82011501bd72

                                                                                                                                                          SHA1

                                                                                                                                                          bd4cf7e3ab9c893d5b7e4d38806e6bb8f4e78b62

                                                                                                                                                          SHA256

                                                                                                                                                          9192227725cec6581dc53b3a8a2021ecb1d61eec3957119ff946f1b75c85845a

                                                                                                                                                          SHA512

                                                                                                                                                          818fbff74ff224a22036b75e69dfdd33cc9a69114fe7511300fdecb4929cfdd79f838578fc4eddf8e23288c80d4e203b0e43f5b0ad2e1c5e200b492c1e85cf6b

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          a00c70f52ed05f1eb4f635e4949920ae

                                                                                                                                                          SHA1

                                                                                                                                                          9020117b33c85d0e8e7038edeb57f223904b5bad

                                                                                                                                                          SHA256

                                                                                                                                                          35a33a07966b85dfa4c3a4fef9022c6e2186d3ae4e3279582f65da24867f56b3

                                                                                                                                                          SHA512

                                                                                                                                                          88cee913ae932f080b1882e572b58c9e8c20871d606ec14e16ec467b65994bb945f1e0cc520f00abb0d86b8a4f91503a24b240714f3ec300aa424048d2c224f0

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          43ee36483ddeb447ab796a5f12771ddc

                                                                                                                                                          SHA1

                                                                                                                                                          fd178ea166b427bec4f3955377217511dcd151dc

                                                                                                                                                          SHA256

                                                                                                                                                          3be893be02b43aeff1535a3c8c015bcbed147b54c0361a432538374018c2dbc2

                                                                                                                                                          SHA512

                                                                                                                                                          1e4f1aea82019e7e1f8311746d19c4ba1d7f3f71bd4a0499f01e8eb3b588037ab21a608e6d8f05c88719a1886d39fbe158e446dc025ed28955e14dc6f06074e5

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          11KB

                                                                                                                                                          MD5

                                                                                                                                                          7eb0b5d031a4430121c824fbcad499da

                                                                                                                                                          SHA1

                                                                                                                                                          1c887353ca03a69a5c7d47efe86672043d5d35d8

                                                                                                                                                          SHA256

                                                                                                                                                          cdab61d3725f58b6961151f1f051484d8fe5c22a7e47a67db2a7661872380399

                                                                                                                                                          SHA512

                                                                                                                                                          d496a19d8f2aa4a18ff5391e0e553764b36d416b934c92656eaafd30c3b1741007e5f38e777ff0094ec4352d54ddc25fe3c379b3865e69beb443b99c34ca28e6

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          11KB

                                                                                                                                                          MD5

                                                                                                                                                          d483c7b9dee9ca781bdf2d84e756d2ae

                                                                                                                                                          SHA1

                                                                                                                                                          ef3fc82685c58a13a72d447b1a90709d6b2da59c

                                                                                                                                                          SHA256

                                                                                                                                                          0cffae7ff14d76405e8f8c9be4d66eb15312888228c9f4ec11f6f638c211e68f

                                                                                                                                                          SHA512

                                                                                                                                                          b184b68e3dee2929225123ef4de5a0f1c01bcf26d7bcc384ada539ddea268c2c94308bc2b4a87c76d704ee8faf804fe88d157d8dcae0114795432b3f28f3a7c2

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          10KB

                                                                                                                                                          MD5

                                                                                                                                                          d454c1ae3d8e9bc3de56fce80a7bdac9

                                                                                                                                                          SHA1

                                                                                                                                                          3023669e2bb6b440c1456c713616211a4171b86b

                                                                                                                                                          SHA256

                                                                                                                                                          b4905e739a467fc341c89d6e4d4063776eb57046bacf66645c238fe5b029d69b

                                                                                                                                                          SHA512

                                                                                                                                                          fc29a8014eb573c108aaef18483668dc48594396764d2399f742b9bc0aa9869d5b3036b8ed3dbf0885d6804893b3737ed379fca2830ae0211a2c4cc6cdd1fa5a

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          9KB

                                                                                                                                                          MD5

                                                                                                                                                          ad636e36b141b9622e31caa2ee98fe22

                                                                                                                                                          SHA1

                                                                                                                                                          c313af301d7113c335b1980ec771331ab5651f2e

                                                                                                                                                          SHA256

                                                                                                                                                          a83ccb3f9cb977afa08265e8a36d7dccc318c94fb6d4743f769e32f3bec62ec8

                                                                                                                                                          SHA512

                                                                                                                                                          e2732b641629a4d9a375a78b6eb58c58666ed056d8cf57c4a5d3dc57ac0cdaeb732e26b70b97a0ac4daa42a578fb4dd602d3cb1689b7a815a115ea66b65b0e9b

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          11KB

                                                                                                                                                          MD5

                                                                                                                                                          f436884c1a0e9a3a7ea524d64773e8d4

                                                                                                                                                          SHA1

                                                                                                                                                          2c413507722be27bffe511340706523beab2cf0b

                                                                                                                                                          SHA256

                                                                                                                                                          ac7e03b707df7f686c2342938c742ae2e1d857fefa9faf0fc6d8f774d0b39670

                                                                                                                                                          SHA512

                                                                                                                                                          954edd133d011980cbf83668e4cde0cbb1d7cbdcb27cdc4bc5c57f791ad344cd456fddfeef25f3bd072d52661e679387c192828757945f7637b3506eab0fdf13

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          9KB

                                                                                                                                                          MD5

                                                                                                                                                          d3d30414a292f8ff90965227cec000d0

                                                                                                                                                          SHA1

                                                                                                                                                          48b96c8bba57fb440fc7de4b3edde30364ddf6d4

                                                                                                                                                          SHA256

                                                                                                                                                          58c444d3a3fda76778327e8f0c8020fae44bb42a462fd486acb92d898fcf0bac

                                                                                                                                                          SHA512

                                                                                                                                                          73c37d7a43c12d9aa262bec2046b8388b340868b6e361dbae56f861daac6904fe58bed9ebc8865e123043ce0b1647d5cb12f47d8a317fd56fec7a248376f5ca9

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          15KB

                                                                                                                                                          MD5

                                                                                                                                                          4c0d25efb3d5be38c57ffb7ce1b95ad4

                                                                                                                                                          SHA1

                                                                                                                                                          3462e582483a162be66f0a79b4f871dc76d40311

                                                                                                                                                          SHA256

                                                                                                                                                          293d22fa2d5b84f4c7e7941637d81485cb78c10f624b5fb3bdd63bfc22d66aec

                                                                                                                                                          SHA512

                                                                                                                                                          8ce99bc221e57f7d03e1cd5a3b800fbb80b2330d77455251d3b2a446c1941526a5c831272b1e2f95a31c91ef6078257d57eabde20a98b808dff257b0634cdd6d

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                          Filesize

                                                                                                                                                          96B

                                                                                                                                                          MD5

                                                                                                                                                          0493090dd94276286b77b443ad4760e8

                                                                                                                                                          SHA1

                                                                                                                                                          b8b0e4c3f6fb78184c2c7713d383b8027cf4477d

                                                                                                                                                          SHA256

                                                                                                                                                          5231515b96b6cbcc4f3b874c1b43b4915f886883343c32876571bb8d999ee6d2

                                                                                                                                                          SHA512

                                                                                                                                                          53fca16bccb92a70bc128768ceda1b3bb70e39758344e276d8dbf5f63ad795fe85f271f842f6d7fb84badd8710fb10bb69fdb7215711b333cd55cefb7979e9a7

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                          Filesize

                                                                                                                                                          116KB

                                                                                                                                                          MD5

                                                                                                                                                          5e1fe2aeb0462024b81d4c0544902fe0

                                                                                                                                                          SHA1

                                                                                                                                                          31eab0196980ce11051d286300747c4f8bb4e115

                                                                                                                                                          SHA256

                                                                                                                                                          7538fc517da9d349cf2ffad0c30d41c5b64b146c199f31e12fa00fa9dd4e5636

                                                                                                                                                          SHA512

                                                                                                                                                          afab001cf4345dd511c343d7fadcdef158d2996b24423346817a34f4963e10a7799adf6c091b49f71a79d6267be7579a388187cc1150f26c0f92bf802c84cdf2

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                          Filesize

                                                                                                                                                          230KB

                                                                                                                                                          MD5

                                                                                                                                                          b66234d83640123b661b8a88c2e5500e

                                                                                                                                                          SHA1

                                                                                                                                                          c353a405203fba5da85a7a304308120e6a6ff96f

                                                                                                                                                          SHA256

                                                                                                                                                          d9dd6147c07e10ea838034043ff281524027def0e070ed6cab203595a88b7b1c

                                                                                                                                                          SHA512

                                                                                                                                                          a78af68342fa90e98d77eef0081a3ef1fe38a91e17457c48f04993d02fce1d2dc6fbf9b49effeb703893eb9410126101e51ee1a7f15472f16ad616ba2e764d02

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                          Filesize

                                                                                                                                                          116KB

                                                                                                                                                          MD5

                                                                                                                                                          bed068f53c72c3df99c979845521d676

                                                                                                                                                          SHA1

                                                                                                                                                          792ab80ebec4a85e09e52ea45b096f2a4c596807

                                                                                                                                                          SHA256

                                                                                                                                                          57ccadf0cd18dc9d67f430801ee2eca631f9942673b82b7e1478c455a24733cb

                                                                                                                                                          SHA512

                                                                                                                                                          b24ff8cd233beaa1ee794527a3c6dca627bc6f367494037d2ea8c15c9394b09b0e3a340dea5cd8a212de3d5e5637407f5f238d524b0bf2aca285323ddb6d4cd2

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                          Filesize

                                                                                                                                                          230KB

                                                                                                                                                          MD5

                                                                                                                                                          642ff3986d9cd390b9e96b23f35863fe

                                                                                                                                                          SHA1

                                                                                                                                                          58355c908fba6a85c6645603c4344d77ff07f853

                                                                                                                                                          SHA256

                                                                                                                                                          aa612e4fbad502f9131229b020a36cb358126842bfcb69d4cd34c2905d3f1dcf

                                                                                                                                                          SHA512

                                                                                                                                                          a33d4d4df71142a9dc63115eb554422bcd6df0278ad59b1975001846258ab55d3f183414094d0d127843a66b9a1b24569fe6616d459820f688cf11e957d707eb

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                          Filesize

                                                                                                                                                          230KB

                                                                                                                                                          MD5

                                                                                                                                                          2e28f48f6a1eb3b934d121211d7f5273

                                                                                                                                                          SHA1

                                                                                                                                                          d3c2e0bd00e5d78fc968bf6a94370dd21608c57e

                                                                                                                                                          SHA256

                                                                                                                                                          8de6a40baa5ee78ae3eb75e12f020bb97249e23ff68e7c29c72eedb2bfb30439

                                                                                                                                                          SHA512

                                                                                                                                                          89f9096b8262876c25fa701616ec1b37ea532474316ec67bb3d26422b7cc4247aa2348e2d7bb39f18a1e3ad8ee3f7e2132bc5361e4a198c78c01b6a26d7d8cf7

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                          Filesize

                                                                                                                                                          116KB

                                                                                                                                                          MD5

                                                                                                                                                          edf3f2739e800fcb6ef1c74266980890

                                                                                                                                                          SHA1

                                                                                                                                                          bd70a371b59dd9ee8eb41dfa7230a6c1f8dcc202

                                                                                                                                                          SHA256

                                                                                                                                                          f68f6cd04845be1241fb5658f6ac2f3f9d05b473e21100c4ab02dfe3ea2c6b00

                                                                                                                                                          SHA512

                                                                                                                                                          92bc89a8fd20c31c2e362b2a4d36a21625b3a4385fef68285cbf7b247a7b093f64987dd5328f3839fd6e48879071bcc15dca915fcdcbe71bd0c04050077c7324

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                                                                                          Filesize

                                                                                                                                                          264KB

                                                                                                                                                          MD5

                                                                                                                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                          SHA1

                                                                                                                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                          SHA256

                                                                                                                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                          SHA512

                                                                                                                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          34d2c4f40f47672ecdf6f66fea242f4a

                                                                                                                                                          SHA1

                                                                                                                                                          4bcad62542aeb44cae38a907d8b5a8604115ada2

                                                                                                                                                          SHA256

                                                                                                                                                          b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

                                                                                                                                                          SHA512

                                                                                                                                                          50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          8749e21d9d0a17dac32d5aa2027f7a75

                                                                                                                                                          SHA1

                                                                                                                                                          a5d555f8b035c7938a4a864e89218c0402ab7cde

                                                                                                                                                          SHA256

                                                                                                                                                          915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

                                                                                                                                                          SHA512

                                                                                                                                                          c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          637bb1a02e76d05efb9a2015b602e35c

                                                                                                                                                          SHA1

                                                                                                                                                          219bc46b8532e8cb57e687c8dca32c6987da37d0

                                                                                                                                                          SHA256

                                                                                                                                                          cbce373432fa17352ffc8ef27ff241f3b1e606c7e0b03b235a3b3c779c35dc35

                                                                                                                                                          SHA512

                                                                                                                                                          beddc55a4d300a2de7f26925d8744a9d8a7e35ac6939154618f02a8f8a0a105089f2154f0c822938b19c4bccbae188ad42d774e24a1ce0298156c6a8ab26b7ce

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          bf2509d2e739db36dcd5d01a09431815

                                                                                                                                                          SHA1

                                                                                                                                                          16b863551083f728849881f221dac67dabb73858

                                                                                                                                                          SHA256

                                                                                                                                                          fe5a40c6673dfb187ea7adbbd7a9137f56a3e40b40690466b9caf0b4b7f8c111

                                                                                                                                                          SHA512

                                                                                                                                                          be221396de95bae3a1444bc396edeef26589dcdf1eda2e4fce12fa0b0742f4511cdbe67629c128941a80770687ae30a10ac7e5f33036ee885d7245d5a817f645

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07859fe4-fbe8-4a16-a7bb-5e58c988c582.tmp

                                                                                                                                                          Filesize

                                                                                                                                                          1B

                                                                                                                                                          MD5

                                                                                                                                                          5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                          SHA1

                                                                                                                                                          3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                          SHA256

                                                                                                                                                          cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                          SHA512

                                                                                                                                                          0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

                                                                                                                                                          Filesize

                                                                                                                                                          44KB

                                                                                                                                                          MD5

                                                                                                                                                          4651d27909dd3a3a7d5a2f7af4c6979f

                                                                                                                                                          SHA1

                                                                                                                                                          cd681ac3d1a5fbb1cacdb55334fe8b51656850df

                                                                                                                                                          SHA256

                                                                                                                                                          97a0c460f83089f8570a7d87b83d354e15d6b1006543971f6570c0e70f1c6994

                                                                                                                                                          SHA512

                                                                                                                                                          1d0b700d98c9a8b6758e446db904670250bb313620fa9855a5a5836b5393a5bbd1d54ab63ddc9178af912c8c0fac874a7a139f20f46cb1b093c88ba44a397434

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

                                                                                                                                                          Filesize

                                                                                                                                                          264KB

                                                                                                                                                          MD5

                                                                                                                                                          a1a2b9d42661ccac1d00ad3e4c0fc39d

                                                                                                                                                          SHA1

                                                                                                                                                          00e272d025decf59df252adde38d8c63cdc14f18

                                                                                                                                                          SHA256

                                                                                                                                                          f7e9e39f6e918b4820f33a07cd8c6c5cfbda8a799c6ff1cfe4b801ba4dde5826

                                                                                                                                                          SHA512

                                                                                                                                                          dffdaea62ceba0652759ded5ed6082978bc1d3d33b34c464909869c46b55ed659a6511b87a334949026546e3bd4b088e05305d3e126ef1ea8b15e3ba5bf0577f

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

                                                                                                                                                          Filesize

                                                                                                                                                          1.0MB

                                                                                                                                                          MD5

                                                                                                                                                          3fa641867977126c2c7b5c5e1d23969b

                                                                                                                                                          SHA1

                                                                                                                                                          9a6850bb77dcd408ac422b6672f6c670970d3809

                                                                                                                                                          SHA256

                                                                                                                                                          d15ff53e525e463f13aafb9cd302d3ba7ad42390e6432b526092abd0769a2aa5

                                                                                                                                                          SHA512

                                                                                                                                                          778c288a44e3d39a3176c07f9882ebeed39a0d9a7c3140977c3204d98a3396854870545eb6e1b7432435753306d13fac84b1bd2e535e6452d0dc5ae26dfcf2f5

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

                                                                                                                                                          Filesize

                                                                                                                                                          4.0MB

                                                                                                                                                          MD5

                                                                                                                                                          093244be81dfe8521957033d6826745b

                                                                                                                                                          SHA1

                                                                                                                                                          59db7c139a371e8f987520111e08bdc9a4e8180e

                                                                                                                                                          SHA256

                                                                                                                                                          ace76c81fc05b06b5807c398591ab0425388a78eb54f23dca49e96f648b3867f

                                                                                                                                                          SHA512

                                                                                                                                                          f4fd1b50f0f33675141724a5fc85473abd5c30878b033fa07ac9a69e2a176161b02671ec05cb172b1b33182e3ea5440e15d583503ba75c40ffb6bd3ab4e0ca9c

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

                                                                                                                                                          Filesize

                                                                                                                                                          29KB

                                                                                                                                                          MD5

                                                                                                                                                          f10c37d77d36e96a16728e74796b711b

                                                                                                                                                          SHA1

                                                                                                                                                          8ed11aacba485806971a017b6d008787b5a3c6e2

                                                                                                                                                          SHA256

                                                                                                                                                          92ef87710f3329116be314daab24b45d5fa302a1a5d4b94c63117d7926e82abf

                                                                                                                                                          SHA512

                                                                                                                                                          59793d2a3c08c285c1b97cefbde75880e5c07b6fb4d381f272a65a748b0d2bea7016e2b709a925b8901e2a028c0630330cbfa3e0aba77898291a5c339a75c9bd

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                                                                                                          Filesize

                                                                                                                                                          80KB

                                                                                                                                                          MD5

                                                                                                                                                          14e39be019da848a73da7658165674cb

                                                                                                                                                          SHA1

                                                                                                                                                          e016473c4189a8cc3dbff754a48b3e42d68af25a

                                                                                                                                                          SHA256

                                                                                                                                                          39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd

                                                                                                                                                          SHA512

                                                                                                                                                          828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efa986235cc38916_0

                                                                                                                                                          Filesize

                                                                                                                                                          195B

                                                                                                                                                          MD5

                                                                                                                                                          6943c7a731f89b4b90bf5568da44882a

                                                                                                                                                          SHA1

                                                                                                                                                          7c053397e1d8729a97dcaee729534efda664ea01

                                                                                                                                                          SHA256

                                                                                                                                                          cbeab8c8e168aa4f856ff363cf9227e624ea82ce3a6bc8679f882203c95c8483

                                                                                                                                                          SHA512

                                                                                                                                                          679198e4610fee6fed9bcec8276416d878b10d587d69d23d20df56b1ff9c5bd93f21fd4648ad20c89232ad03aa424fee7f561efe36ba0e948b782b7da0f8115c

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                          Filesize

                                                                                                                                                          72B

                                                                                                                                                          MD5

                                                                                                                                                          bb4d6a5ea0720c2b1bf58b156620161d

                                                                                                                                                          SHA1

                                                                                                                                                          3bbf2012af9800d8847d6962102387fcb0d9eb7f

                                                                                                                                                          SHA256

                                                                                                                                                          07a21416b330be17f9c846776202ac4672c9c2ea66e98d36144f889462720af9

                                                                                                                                                          SHA512

                                                                                                                                                          2dceb401eb43c8780b61f0abfaf8f70384c843f0080b14fce8c0f74b2b1ed5dc031370d311e8e9e5a6f45c46b42d3482aa98a0942847c88c7d41974e0e357a8b

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                          Filesize

                                                                                                                                                          72B

                                                                                                                                                          MD5

                                                                                                                                                          02c387144a1919697ecafa6ec1d7e4e0

                                                                                                                                                          SHA1

                                                                                                                                                          f9f6d260195d310f63b90f277d929c2aa5788385

                                                                                                                                                          SHA256

                                                                                                                                                          a5f900c8faf6293acffb2454df63bfa60a798505865fc199caba94c0551350ae

                                                                                                                                                          SHA512

                                                                                                                                                          d8f2a7aa72b3476ed1388bca92da02be19d2fc814ecbda66887e74024f9196b40f59df7ed53a800ed3134807dbd890820301e8fcbe30bd501d92c0c6ae017675

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                                                                                                                          Filesize

                                                                                                                                                          20KB

                                                                                                                                                          MD5

                                                                                                                                                          071b99c1e57d5becf5e5e4acefeccb1f

                                                                                                                                                          SHA1

                                                                                                                                                          ec6b1239479a9ba559a63abc8176a698ba111236

                                                                                                                                                          SHA256

                                                                                                                                                          37c3fb2b2e474e6358f16edf852b82a3cb7ca6aad27fc56a9ff8249982a2cada

                                                                                                                                                          SHA512

                                                                                                                                                          f9bed0cfdc7c8a14e9f227ba55ed2aea4b79575b9173e8e31d7cd586670bcb644a5b2844e63b6b2ba5bd08d94c4d3b25a51018eadad5d4ba4e9c632e585f9295

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                          Filesize

                                                                                                                                                          319B

                                                                                                                                                          MD5

                                                                                                                                                          78b70183f51c7f9639faa630f5d8ee3c

                                                                                                                                                          SHA1

                                                                                                                                                          232d38e6c221f175ad2b8ac5601079e94c587bc6

                                                                                                                                                          SHA256

                                                                                                                                                          2f4e3fbfe1c94f1e5b00e8779401b3bc50cb57dc9d0dbbe81318f9af841b2804

                                                                                                                                                          SHA512

                                                                                                                                                          28e8549a0708a64764c5420c8cf0a813489158434c33e2f8b28baa68e6a1050966249703dc5ab059b5f423b8b38f2a97beacf2ffde6e93aa863a0317e51ac696

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                          Filesize

                                                                                                                                                          124KB

                                                                                                                                                          MD5

                                                                                                                                                          25929431469cc4a4d27999d44d818ab8

                                                                                                                                                          SHA1

                                                                                                                                                          a51d8d9f3710833b047a57420e992c844b6f5236

                                                                                                                                                          SHA256

                                                                                                                                                          f946e3ddc94ad24a54a6cfd3c7326c54d9f3f30d90b96af941e7f46dc2edce10

                                                                                                                                                          SHA512

                                                                                                                                                          fd6ce4934a62fe388aa263161bb88307bb97dccd0f26f3947b39e5b62707a08a6e3c35fd7a1343a62af2c76d118b92132593b47f1009cbf85a0e9488ec03b6b8

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                                                                                                                          Filesize

                                                                                                                                                          456B

                                                                                                                                                          MD5

                                                                                                                                                          9487bfa1a367e86e262da613ea780b40

                                                                                                                                                          SHA1

                                                                                                                                                          dc30fbdb5e878663986811b38f2fc45f327318d4

                                                                                                                                                          SHA256

                                                                                                                                                          ea06f96a6fc1d8d667e65a2f0f350ee32fc1bb2ca58612fb148e55fd6f96bfd6

                                                                                                                                                          SHA512

                                                                                                                                                          355a935b1c4353c35ff9743f212f503f4530c2405899220eb258999317e6eb81f92d0c79f5317c34bb8315c751a7835054b87b6ee999451c9e184b64cdf35b1a

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                          Filesize

                                                                                                                                                          20KB

                                                                                                                                                          MD5

                                                                                                                                                          14ffe9e8ed75f4bccdc608b6d76f27d4

                                                                                                                                                          SHA1

                                                                                                                                                          006b32641e51bda391773d579a8b6ba1428a5213

                                                                                                                                                          SHA256

                                                                                                                                                          70716dd3933c39ae84648e1583a64acbf57a9b4bd709ea2160605a4c3a5c161f

                                                                                                                                                          SHA512

                                                                                                                                                          969a0bd40d86cb2fdd258feca71ab4abda60088f401d2b3c8e904946c01947083c31259ade5787cfd90d221e90fbeee9affdb0dc2778abd327bd1db793796619

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                          Filesize

                                                                                                                                                          334B

                                                                                                                                                          MD5

                                                                                                                                                          c766bafbd00b8fd83323b088f81d2ac5

                                                                                                                                                          SHA1

                                                                                                                                                          da8aae979958edc04245647a7f752663f9187ca9

                                                                                                                                                          SHA256

                                                                                                                                                          3e9b72ab11f8db7cf0e52442b73d5c6d15f50e05f1c3923b1fe9ddf27b0c630d

                                                                                                                                                          SHA512

                                                                                                                                                          55afcf6863ed4c730fac3a05d6b8c280c6099d2bde85629be77fb51f239eeda027d0cecbd21da6e8f7a53b6c122e75a33b1fe767c4cbfcdc50b63d03fe41947b

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                          Filesize

                                                                                                                                                          442B

                                                                                                                                                          MD5

                                                                                                                                                          520591e3d9d5faedf80696f049784e7a

                                                                                                                                                          SHA1

                                                                                                                                                          c55225233217f797d455aae12fbaf66e4aec6630

                                                                                                                                                          SHA256

                                                                                                                                                          65c02fc1130dd1ef75aebf4775facd9e9b4019fa685060c559c54bc1f77cb1f7

                                                                                                                                                          SHA512

                                                                                                                                                          3e14aaad9123d1d33289708277b15b8f43a9c4aa18443cb1df3933bde3267216134f1d8e17a5b444de353073226459322dc104847a6c60cfc89843be596f3a63

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          6KB

                                                                                                                                                          MD5

                                                                                                                                                          b70166ebc65545ecee13885269956582

                                                                                                                                                          SHA1

                                                                                                                                                          ecdeeb104527cd109fbcf52869f589a346956adc

                                                                                                                                                          SHA256

                                                                                                                                                          c0f002b12733a6686836fc11cdc8c3f8e5235a9a604a3887c049a8689ee0d8ae

                                                                                                                                                          SHA512

                                                                                                                                                          48c55bda5b1e568510eb5f26699b92dd24c8c3210961d19f998568eea5a465675ce71cc40d89c5d677ed2b7ec5efca83acc123d4d6899b71e6e3fff98988b44d

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          6KB

                                                                                                                                                          MD5

                                                                                                                                                          355da9ee5b7c8586ee88e024004d503e

                                                                                                                                                          SHA1

                                                                                                                                                          f50ddf8ed098acab3156198d74db4cd8d3d796a1

                                                                                                                                                          SHA256

                                                                                                                                                          07f95e7bb58100811ad7fd1f30012d93f461af8c34d0fdaf6229ecceb10185ab

                                                                                                                                                          SHA512

                                                                                                                                                          beb51483e1dc79ad6f5dba9619263c5e78576ae58dd5d00bc1778da286e663a03c1a50f36024419529e4d1f5a95664321f43a00045d2e083625b897c0e7891d0

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          5KB

                                                                                                                                                          MD5

                                                                                                                                                          d669a4c77937531860672b630769b431

                                                                                                                                                          SHA1

                                                                                                                                                          796c2fa60d109a87ef52de059ebd4386d59ebdb5

                                                                                                                                                          SHA256

                                                                                                                                                          1682d4ca4ac89ce728fd693b76659fde5c894be2a35545ab8a0382d6cbc15ce9

                                                                                                                                                          SHA512

                                                                                                                                                          391450b4f858db074867e632ab3c3fe339fb644bb17c2a6cd125e52cb450d1e37347cec9252e4110459bf543fdfbc95b2ad44b9218c5548d025f97ee597ee776

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          6KB

                                                                                                                                                          MD5

                                                                                                                                                          48987ddea13fa396a14e56febebf76d1

                                                                                                                                                          SHA1

                                                                                                                                                          ef674bb3d0889bece3d5d4b19dd185cde672265d

                                                                                                                                                          SHA256

                                                                                                                                                          a6fb4a1c6cd291f9670beb51a9ebbfe95f88b794f010324e1661597831023ddd

                                                                                                                                                          SHA512

                                                                                                                                                          141856a0f0f5c0dddc2c1b8fe188107646c4fa3c3e7eb5d7623e210ed77c43aa895130245727c7cdf2e332e98a784952f3f4916c4d6f6fcb3ed766c036367d3c

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          6KB

                                                                                                                                                          MD5

                                                                                                                                                          ab9fb3c8e8274c4be97d560bbddf1124

                                                                                                                                                          SHA1

                                                                                                                                                          43241d7e2dba30e6c70c534d39334173c6c005e8

                                                                                                                                                          SHA256

                                                                                                                                                          ee2af9ca073dd9e49a4170d8ad5df7d3324f6f37663679c728d44dba645c310c

                                                                                                                                                          SHA512

                                                                                                                                                          9659e3f9dad828ebe0a56526706c4a0dcdf1ddff8aaf2e725b58852be2d8cdc936d2a62a12cee578facaaffddaa22a94f531bc975497d52afa26a21a81a7e2b5

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                          Filesize

                                                                                                                                                          6KB

                                                                                                                                                          MD5

                                                                                                                                                          69f8cbb6a9d14c60b73d20c6211bc00c

                                                                                                                                                          SHA1

                                                                                                                                                          4997fc4fe3800c080aacb4d71ad1f615c60acc31

                                                                                                                                                          SHA256

                                                                                                                                                          eaf671f72aa71fe2d43d158b43d151b3356d56cd731f7ffdb0b3d6afed729fa5

                                                                                                                                                          SHA512

                                                                                                                                                          e131d8c3a7096b592a638a7a5381a16b1024904f84c1cfa7cf73c31063a001b30abfc2a8730d0e1aa0292ad6f98ecad2cbb279631870259bffeb3eecceb6039e

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                          Filesize

                                                                                                                                                          137B

                                                                                                                                                          MD5

                                                                                                                                                          a62d3a19ae8455b16223d3ead5300936

                                                                                                                                                          SHA1

                                                                                                                                                          c0c3083c7f5f7a6b41f440244a8226f96b300343

                                                                                                                                                          SHA256

                                                                                                                                                          c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

                                                                                                                                                          SHA512

                                                                                                                                                          f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                          Filesize

                                                                                                                                                          322B

                                                                                                                                                          MD5

                                                                                                                                                          7e702d6c32ff1d9ab23e6680aaeee1df

                                                                                                                                                          SHA1

                                                                                                                                                          b77da6834b2ef771145280157728e4ab1046e1a8

                                                                                                                                                          SHA256

                                                                                                                                                          9ad572d2464454a18400e605621ce8da55182dadeba908b1bcc53cdaf866e857

                                                                                                                                                          SHA512

                                                                                                                                                          28966f19d35336697d37c95dd276e11065129c1e93b809dbcc706ef419d85377b0cab76aff3bdd6f2e25808b46ea86d4f4273fa51754adccc58bf131f5a52684

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381502736604343

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          05d957dcc9d1a5737f3a3c7bc9af7e39

                                                                                                                                                          SHA1

                                                                                                                                                          328f38369488708bd9d044f63187917e79d2e631

                                                                                                                                                          SHA256

                                                                                                                                                          2e215f65c15811aadabc6fbe33420c773eb9bf06ff9e8793a90bd2382c5653bc

                                                                                                                                                          SHA512

                                                                                                                                                          6cb7900b3555b4393556da02a9bcbc756920d7bf2528b88aced332a69c506fbc1c174951c9a9b9fa44c3f53e638815bbde5276c5e6717a461d2895fe7032fd76

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                          Filesize

                                                                                                                                                          347B

                                                                                                                                                          MD5

                                                                                                                                                          2280bbd50abfc3fc48e71e5d57835c06

                                                                                                                                                          SHA1

                                                                                                                                                          37b7fd729f0ed273803bb1d3f25db6c3be0c15fe

                                                                                                                                                          SHA256

                                                                                                                                                          5f2ca8f34c9a89d58ea55bcbfba8ef4cd599290694dae4679ffd566e272fe408

                                                                                                                                                          SHA512

                                                                                                                                                          84d4696d0c3553290d69be4ab5e2f21927c44f43d50bd26c290fd665fe6d6011a52a838ece26dd3cd3f34a72cc2cfe22b0ce95c0857e8d0d09a4d660f7f7f4d3

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                          Filesize

                                                                                                                                                          323B

                                                                                                                                                          MD5

                                                                                                                                                          9f68fae8fed183f858ccb1a44ce5bfae

                                                                                                                                                          SHA1

                                                                                                                                                          a93677787f2354f107eb84b21911a1931da5e25d

                                                                                                                                                          SHA256

                                                                                                                                                          231b29c82b0805d8327b69109343ad1d45f4c085273bb9bb5ec9d5e4c1c486ce

                                                                                                                                                          SHA512

                                                                                                                                                          57283580ecbd9157de8b8c9f8d423dc31cf11f6d8d1531b3ccdfaae8c70e13ac4eb924e05288e0c1fda131198f7add897304537c8a461c77a8da66fd99297544

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                          Filesize

                                                                                                                                                          536B

                                                                                                                                                          MD5

                                                                                                                                                          bf96f0e47998d2b7a9756e01868a2d91

                                                                                                                                                          SHA1

                                                                                                                                                          b54ef79403938bd6349cacee7fe7844933bdf3fb

                                                                                                                                                          SHA256

                                                                                                                                                          74a2b949e1b4877146c749c320d22b41d6554557cbc2ba87f0e0032a0cd58212

                                                                                                                                                          SHA512

                                                                                                                                                          a5d8bb789de969e544c78ea7fcf956d5d752cd69eaab965900ea2016662e6991653c00e83dfe42dc4263e38413a4ef806086d79571de677b18d6322b2e5603aa

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                          Filesize

                                                                                                                                                          536B

                                                                                                                                                          MD5

                                                                                                                                                          e2eaae0ef587decd7d6c0a5cb0b0f08c

                                                                                                                                                          SHA1

                                                                                                                                                          55e34cd51c61ae485285653c11b973108881e0a8

                                                                                                                                                          SHA256

                                                                                                                                                          cc6a968a3d10f08a0474c3d61d6dacd511706ab80deb289035ec07aaa3dfce46

                                                                                                                                                          SHA512

                                                                                                                                                          7152c005a3e0a5d585af4b76558ac2bb0abc93bd5672c6a0e5405299c8e1fc1e1bc67d2c3bcd5f69852a58f1c6b25ecfeedfca2693ca3d73f586c1c458673ec3

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                          Filesize

                                                                                                                                                          532B

                                                                                                                                                          MD5

                                                                                                                                                          be1048f59bf6b3b009ca2383ee4602ec

                                                                                                                                                          SHA1

                                                                                                                                                          4a2a19ed2b5424a7668d9506bf5681624e11dcd6

                                                                                                                                                          SHA256

                                                                                                                                                          cb4db4009ab6e7d887f484925f061e8cc3d129b8bc0a0bdbe1c049b284dd7100

                                                                                                                                                          SHA512

                                                                                                                                                          93d81cc1e440663355ecfbe62393a83b57cf8ed1f078abb5f469563f78b1d4cf39bb1ad73146b3dda8abfcf6ce158c7888749bc6bbdd21064cbe4ff015046300

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                          MD5

                                                                                                                                                          21b9963b784bc49dc6b4711b6b0218c9

                                                                                                                                                          SHA1

                                                                                                                                                          1ca7cb376061d95cb059cd3f325c75cb7e5fe47b

                                                                                                                                                          SHA256

                                                                                                                                                          b3321a535496e9ff1046262b085eb4e244095a931a36b8fd9a059630c829765e

                                                                                                                                                          SHA512

                                                                                                                                                          8db78936a0b9f4bdd0d76fa7cd4ffcdfe4c2cf87dfcea8e23b52697f6ad21caa69c29afdcf29ae918a52db765f881a6c77a16fd7dba7eccd0d751b13fa29d555

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                          Filesize

                                                                                                                                                          16B

                                                                                                                                                          MD5

                                                                                                                                                          aefd77f47fb84fae5ea194496b44c67a

                                                                                                                                                          SHA1

                                                                                                                                                          dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                                                          SHA256

                                                                                                                                                          4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                                                          SHA512

                                                                                                                                                          b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                          Filesize

                                                                                                                                                          16B

                                                                                                                                                          MD5

                                                                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                          SHA1

                                                                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                          SHA256

                                                                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                          SHA512

                                                                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                                                          Filesize

                                                                                                                                                          44KB

                                                                                                                                                          MD5

                                                                                                                                                          1002b0ee7a3cb46c88c5989e39a3fa2e

                                                                                                                                                          SHA1

                                                                                                                                                          6978b9782fa3bade3f88f746467cbe0b3ddb11b7

                                                                                                                                                          SHA256

                                                                                                                                                          7bc7c68694a8f16a85d00e58e752655092bad314b99fc4ec96f95ac9a26bcb01

                                                                                                                                                          SHA512

                                                                                                                                                          2bf13d516b2fa0563f7dbc541c18fa89c677704cc3c37145ad54afaf38cebfc134708125a268d9bd839e437de840806efc2e5c5987534e8e68b4c9f838b4719c

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                          Filesize

                                                                                                                                                          319B

                                                                                                                                                          MD5

                                                                                                                                                          cbda18b5e37b6a79b81e27bd5f179bf4

                                                                                                                                                          SHA1

                                                                                                                                                          9cf93451a81c8f66692eada855d5f3ce3c02ff59

                                                                                                                                                          SHA256

                                                                                                                                                          6f5f8c27b0a78fb99d8c91be451ee93c44d890b7714dda1292aa19605e82e512

                                                                                                                                                          SHA512

                                                                                                                                                          5ba5b3cb32111bb195ef8e5b47fcd1bd10f69a2df39d1e545955566c98182b224f7f8775c134bd92496d0a549f0261218317eb73be7225b7b6842a144a3ce2ce

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                          Filesize

                                                                                                                                                          194B

                                                                                                                                                          MD5

                                                                                                                                                          a48763b50473dbd0a0922258703d673e

                                                                                                                                                          SHA1

                                                                                                                                                          5a3572629bcdf5586d79823b6ddbf3d9736aa251

                                                                                                                                                          SHA256

                                                                                                                                                          9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

                                                                                                                                                          SHA512

                                                                                                                                                          536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                          Filesize

                                                                                                                                                          337B

                                                                                                                                                          MD5

                                                                                                                                                          c6f5710b5e061e0af4aecabd0f5876c0

                                                                                                                                                          SHA1

                                                                                                                                                          75f452733610f8852ed40a3c50db4f0d51c6987d

                                                                                                                                                          SHA256

                                                                                                                                                          30f5da117896b75ace5e7b0af1e5a0779c08adb6ad01ba1c04e8821d66c3d2cc

                                                                                                                                                          SHA512

                                                                                                                                                          4c11aacf6e07e5799e5e07e521c5fc479bc0a57bf5359c7a12d635b1e7ce42e0c6c7965e317fb97349a1c2c942b38ebb4145753e9c4efe9d5020f192a54b3665

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                                                                                                                          Filesize

                                                                                                                                                          44KB

                                                                                                                                                          MD5

                                                                                                                                                          4edd0e14f10bc5e1c31690c423b71fa5

                                                                                                                                                          SHA1

                                                                                                                                                          90c72d10fcbf7a371158c2fdc7209da13f0f8d90

                                                                                                                                                          SHA256

                                                                                                                                                          56d3e3e8e565801f8aa79d13bdf14b6a2eb1517e2843ba53e39c914f02521d0e

                                                                                                                                                          SHA512

                                                                                                                                                          ecc948d0e04977694c6d175c08e99817cd6ae4c31cc5059936803b5350f588f2593d885cc3091c2b7921f30ac3ee89baa6a34b162d1ea1e068cf2d0f52cb804f

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

                                                                                                                                                          Filesize

                                                                                                                                                          264KB

                                                                                                                                                          MD5

                                                                                                                                                          ab10610f89b98e0de5590f17943ae440

                                                                                                                                                          SHA1

                                                                                                                                                          d49f4251273c4dec9d0d62dab0e94230a3c473a1

                                                                                                                                                          SHA256

                                                                                                                                                          e632bd7ae1bc993ba3da727317133721ee521dab9e89355f370218710e03b8ca

                                                                                                                                                          SHA512

                                                                                                                                                          2ef05aedfc64bd6458196ad24df124098889a55110c95e8abe8664a4f918a1cd79b54163e0edd702e1036ae4e2231d0926bb11d329df2056cb95ce1148f5822f

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

                                                                                                                                                          Filesize

                                                                                                                                                          4.0MB

                                                                                                                                                          MD5

                                                                                                                                                          23ac92f3b8fbaa7ab668aaecdeef71e4

                                                                                                                                                          SHA1

                                                                                                                                                          2afd769c1dc09ce37d8a2411708a524049f04189

                                                                                                                                                          SHA256

                                                                                                                                                          b51a44830b751da2b3812ddfc5fce5993613596c8534fd69ac0e0312f44b6d5b

                                                                                                                                                          SHA512

                                                                                                                                                          e4145452d893b85e81a96ac1cebbe2873322724af109bf42c78716ba3de7669ec3d2722fcbb7e3773ce35c7305d227ead2bead1c01a9079191d8d4255a57cac6

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

                                                                                                                                                          Filesize

                                                                                                                                                          16KB

                                                                                                                                                          MD5

                                                                                                                                                          f55234db88c6538e3f4ad45c114435f1

                                                                                                                                                          SHA1

                                                                                                                                                          c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

                                                                                                                                                          SHA256

                                                                                                                                                          bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

                                                                                                                                                          SHA512

                                                                                                                                                          8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

                                                                                                                                                          Filesize

                                                                                                                                                          16KB

                                                                                                                                                          MD5

                                                                                                                                                          4517391bc8c55acdbe1f4c2f0d1c1fc8

                                                                                                                                                          SHA1

                                                                                                                                                          ac51fcf3271333d222e4cb526431817f48345a43

                                                                                                                                                          SHA256

                                                                                                                                                          3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d

                                                                                                                                                          SHA512

                                                                                                                                                          e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

                                                                                                                                                          Filesize

                                                                                                                                                          16KB

                                                                                                                                                          MD5

                                                                                                                                                          8feb503d057a1dfc7121b0aa2c7cc10f

                                                                                                                                                          SHA1

                                                                                                                                                          0d25b47e8482de37b7f615205b8a45162e1049d4

                                                                                                                                                          SHA256

                                                                                                                                                          e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713

                                                                                                                                                          SHA512

                                                                                                                                                          a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                          Filesize

                                                                                                                                                          11B

                                                                                                                                                          MD5

                                                                                                                                                          838a7b32aefb618130392bc7d006aa2e

                                                                                                                                                          SHA1

                                                                                                                                                          5159e0f18c9e68f0e75e2239875aa994847b8290

                                                                                                                                                          SHA256

                                                                                                                                                          ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                                                                                                                          SHA512

                                                                                                                                                          9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                          Filesize

                                                                                                                                                          10KB

                                                                                                                                                          MD5

                                                                                                                                                          0c4f8ea762b7f52b506ba07681536a70

                                                                                                                                                          SHA1

                                                                                                                                                          43646441cc21a4c9512a911cf7bbbf75de442dc9

                                                                                                                                                          SHA256

                                                                                                                                                          0e066358f03354c6dc0f019584449967460c4b0aa89b5c2c11458f5f134069c7

                                                                                                                                                          SHA512

                                                                                                                                                          55c63130c78bf7c1bb20a571bad67e79368162a5da0cbe2d28424a68e4e3bd175a128ec11ea173f46cda35fad29537b1aa874ee252f5e7f8e7d2f7266b1bfde8

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                          Filesize

                                                                                                                                                          10KB

                                                                                                                                                          MD5

                                                                                                                                                          679247ea7d24ac0a751874a147f60a15

                                                                                                                                                          SHA1

                                                                                                                                                          dfb65c01417399580688680f475210d199b95a37

                                                                                                                                                          SHA256

                                                                                                                                                          d0f693159568af4248697064b2e7cbe305ed59463dae453e577bc87cfa929118

                                                                                                                                                          SHA512

                                                                                                                                                          8293e962748045ac6d0933dbb5a19af275e961e6f52ea6f2af2db4477ebf351692f5478911208ab99e3aaaf50ac88405377ba147d037ef4efdf2a0ecdc7c7b99

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                          Filesize

                                                                                                                                                          10KB

                                                                                                                                                          MD5

                                                                                                                                                          c1d12ba9922229a32a9f1496a6ad4f49

                                                                                                                                                          SHA1

                                                                                                                                                          b0d697e1b89a10579e24f719e9cc971c6be6aabc

                                                                                                                                                          SHA256

                                                                                                                                                          92ebe3a089eebde442c89624484b461535f00d1d8edcf637dcb56c87327e76fc

                                                                                                                                                          SHA512

                                                                                                                                                          aea2aa778b0e93d9dc1f31ecc56ffe4cae0405becd349fab713d838d968a7aacb482f20ce698358833a4771c2d8ec1a559cf7152193348f97860bf120270c1a1

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                          MD5

                                                                                                                                                          5baaf44b82f4c44eb18a5f6740dc4d51

                                                                                                                                                          SHA1

                                                                                                                                                          4892228dc71a2d975320a21f66b74f2ccdb1c195

                                                                                                                                                          SHA256

                                                                                                                                                          db4782d6ad08a8b337804c0534664216e525f44b50a8ace168ce0ae8dac4a9b3

                                                                                                                                                          SHA512

                                                                                                                                                          9adae2fe99f59fa07aef152321b7ed539747f275e176310dd923303868fe6fe154c78ba08b6535adcc46966f3413ccda1081978a8767c0893c38e02ff2b3c14e

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zECB6C7908\XWorm V5.3 Optimized Bin\Icons\icon (15).ico

                                                                                                                                                          Filesize

                                                                                                                                                          361KB

                                                                                                                                                          MD5

                                                                                                                                                          e3143e8c70427a56dac73a808cba0c79

                                                                                                                                                          SHA1

                                                                                                                                                          63556c7ad9e778d5bd9092f834b5cc751e419d16

                                                                                                                                                          SHA256

                                                                                                                                                          b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

                                                                                                                                                          SHA512

                                                                                                                                                          74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll

                                                                                                                                                          Filesize

                                                                                                                                                          112KB

                                                                                                                                                          MD5

                                                                                                                                                          2f1a50031dcf5c87d92e8b2491fdcea6

                                                                                                                                                          SHA1

                                                                                                                                                          71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

                                                                                                                                                          SHA256

                                                                                                                                                          47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

                                                                                                                                                          SHA512

                                                                                                                                                          1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir4528_1418597071\599e1e9c-9a22-43b7-9ad0-484066467a50.tmp

                                                                                                                                                          Filesize

                                                                                                                                                          150KB

                                                                                                                                                          MD5

                                                                                                                                                          14937b985303ecce4196154a24fc369a

                                                                                                                                                          SHA1

                                                                                                                                                          ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                                                                                                                          SHA256

                                                                                                                                                          71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                                                                                                                          SHA512

                                                                                                                                                          1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir4528_1418597071\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                          Filesize

                                                                                                                                                          711B

                                                                                                                                                          MD5

                                                                                                                                                          558659936250e03cc14b60ebf648aa09

                                                                                                                                                          SHA1

                                                                                                                                                          32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                                                          SHA256

                                                                                                                                                          2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                                                          SHA512

                                                                                                                                                          1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                                                        • C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\GeoIP.dat

                                                                                                                                                          Filesize

                                                                                                                                                          1.2MB

                                                                                                                                                          MD5

                                                                                                                                                          8ef41798df108ce9bd41382c9721b1c9

                                                                                                                                                          SHA1

                                                                                                                                                          1e6227635a12039f4d380531b032bf773f0e6de0

                                                                                                                                                          SHA256

                                                                                                                                                          bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

                                                                                                                                                          SHA512

                                                                                                                                                          4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

                                                                                                                                                        • C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\Guna.UI2.dll

                                                                                                                                                          Filesize

                                                                                                                                                          1.9MB

                                                                                                                                                          MD5

                                                                                                                                                          bcc0fe2b28edd2da651388f84599059b

                                                                                                                                                          SHA1

                                                                                                                                                          44d7756708aafa08730ca9dbdc01091790940a4f

                                                                                                                                                          SHA256

                                                                                                                                                          c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

                                                                                                                                                          SHA512

                                                                                                                                                          3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

                                                                                                                                                        • C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe

                                                                                                                                                          Filesize

                                                                                                                                                          13.8MB

                                                                                                                                                          MD5

                                                                                                                                                          897201dc6254281404ab74aa27790a71

                                                                                                                                                          SHA1

                                                                                                                                                          9409ddf7e72b7869f4d689c88f9bbc1bc241a56e

                                                                                                                                                          SHA256

                                                                                                                                                          f41828bd13a3a85fdf7a1d688b21ce33d2015c3c5f46b4d92ab6ea8ea019e03a

                                                                                                                                                          SHA512

                                                                                                                                                          2673cd7b927ffc22f3a4b4fbfcb1b4f576c416d67168e486e6d79fdd132129c9e244e36d7b7883a4a1ed51e993cc4384bf24f2fa3129584f2bd43fd16042de20

                                                                                                                                                        • C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe.config

                                                                                                                                                          Filesize

                                                                                                                                                          183B

                                                                                                                                                          MD5

                                                                                                                                                          66f09a3993dcae94acfe39d45b553f58

                                                                                                                                                          SHA1

                                                                                                                                                          9d09f8e22d464f7021d7f713269b8169aed98682

                                                                                                                                                          SHA256

                                                                                                                                                          7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

                                                                                                                                                          SHA512

                                                                                                                                                          c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

                                                                                                                                                        • C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin.7z

                                                                                                                                                          Filesize

                                                                                                                                                          29.5MB

                                                                                                                                                          MD5

                                                                                                                                                          187b25b9e02c2b5d01a70d9d1855dd7c

                                                                                                                                                          SHA1

                                                                                                                                                          d0c7d39012ad0507239a3b060ea42cc13b22eb65

                                                                                                                                                          SHA256

                                                                                                                                                          f26803b764a54a90852b7fd274d5ced7a8a58f1715d3ab4b96900ad4f9dd0410

                                                                                                                                                          SHA512

                                                                                                                                                          bea5cec59d0ebee26a71c78dc38da47a25ea7932d119868caf82b5e4bbbcecd8969abea80ad41b65352f264ced33c457a041c0d9f321c272a8f913802ee254ed

                                                                                                                                                        • memory/560-932-0x000001C774420000-0x000001C7745C9000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/560-807-0x000001C774420000-0x000001C7745C9000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/560-607-0x000001C76F510000-0x000001C7702EE000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          13.9MB

                                                                                                                                                        • memory/560-615-0x000001C773830000-0x000001C77441C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          11.9MB

                                                                                                                                                        • memory/560-617-0x000001C774620000-0x000001C774814000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          2.0MB

                                                                                                                                                        • memory/560-618-0x000001C774420000-0x000001C7745C9000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/560-747-0x000001C774420000-0x000001C7745C9000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/560-934-0x000001C774420000-0x000001C7745C9000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-945-0x000002D67C5A0000-0x000002D67D37E000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          13.9MB

                                                                                                                                                        • memory/2292-942-0x000002D661430000-0x000002D661436000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          24KB

                                                                                                                                                        • memory/2292-1070-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-1061-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-969-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-935-0x0000000000700000-0x0000000000720000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2292-1069-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-1062-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-944-0x000002D662D00000-0x000002D662D1A000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          104KB

                                                                                                                                                        • memory/2292-1067-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-943-0x000002D67B650000-0x000002D67B68C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          240KB

                                                                                                                                                        • memory/2292-1072-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-1066-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-1065-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-941-0x000002D661420000-0x000002D661426000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          24KB

                                                                                                                                                        • memory/2292-1064-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-940-0x000002D67B760000-0x000002D67B7B6000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          344KB

                                                                                                                                                        • memory/2292-1063-0x000002D67BF90000-0x000002D67C139000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                        • memory/2292-939-0x000002D67B700000-0x000002D67B75E000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          376KB

                                                                                                                                                        • memory/2292-938-0x000002D662C50000-0x000002D662C56000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          24KB

                                                                                                                                                        • memory/2292-937-0x000002D662CB0000-0x000002D662CD8000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          160KB

                                                                                                                                                        • memory/2292-936-0x000002D662C00000-0x000002D662C42000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          264KB