Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/SmokeLoader/XWorm-V5.3/releases was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Loads dropped DLL
Enumerates physical storage devices
Browser Information Discovery
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-16 12:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-16 12:03
Reported
2025-01-16 12:10
Platform
win10v2004-20241007-en
Max time kernel
338s
Max time network
333s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815026736460510" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/SmokeLoader/XWorm-V5.3/releases
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9ed28cc40,0x7ff9ed28cc4c,0x7ff9ed28cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2036 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5152,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin.7z"
C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x414 0x4cc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9ed28cc40,0x7ff9ed28cc4c,0x7ff9ed28cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2232,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2468 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4780,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3192,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3416 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3428,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4456,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3728,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5176,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5000,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5404,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5636,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5764,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5788 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.98.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 8.8.8.8:53 | cdn4.cdn-telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.35.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.34.21:443 | virustotal.com | tcp |
| US | 216.239.34.21:443 | virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 34.54.88.138:443 | www.virustotal.com | tcp |
| US | 34.54.88.138:443 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.178.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 21.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.88.54.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 216.58.213.3:443 | recaptcha.net | tcp |
| GB | 216.58.213.3:443 | recaptcha.net | tcp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.213.3:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 34.54.88.138:443 | www.virustotal.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4876_URLKWTMTEQLYZVEQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 84d204fd19a078d296649313f3c0da47 |
| SHA1 | 7662194bfb20aba2bf245aff6718aa26ab7cd94a |
| SHA256 | 9d889e509173c6020ff38b4efcd807c9f0df28f9a1ac4e9b2404c8e3f1176abc |
| SHA512 | 9dd27848f213b5a5745c5e4d550bbe9534c0430f9d41d693019ff4b71a389ca70d0d3bba6dbb07ae184e18131f7ec1b6991ef7addec9d1c5ad604840c7272f7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | edf3f2739e800fcb6ef1c74266980890 |
| SHA1 | bd70a371b59dd9ee8eb41dfa7230a6c1f8dcc202 |
| SHA256 | f68f6cd04845be1241fb5658f6ac2f3f9d05b473e21100c4ab02dfe3ea2c6b00 |
| SHA512 | 92bc89a8fd20c31c2e362b2a4d36a21625b3a4385fef68285cbf7b247a7b093f64987dd5328f3839fd6e48879071bcc15dca915fcdcbe71bd0c04050077c7324 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad636e36b141b9622e31caa2ee98fe22 |
| SHA1 | c313af301d7113c335b1980ec771331ab5651f2e |
| SHA256 | a83ccb3f9cb977afa08265e8a36d7dccc318c94fb6d4743f769e32f3bec62ec8 |
| SHA512 | e2732b641629a4d9a375a78b6eb58c58666ed056d8cf57c4a5d3dc57ac0cdaeb732e26b70b97a0ac4daa42a578fb4dd602d3cb1689b7a815a115ea66b65b0e9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 43ee36483ddeb447ab796a5f12771ddc |
| SHA1 | fd178ea166b427bec4f3955377217511dcd151dc |
| SHA256 | 3be893be02b43aeff1535a3c8c015bcbed147b54c0361a432538374018c2dbc2 |
| SHA512 | 1e4f1aea82019e7e1f8311746d19c4ba1d7f3f71bd4a0499f01e8eb3b588037ab21a608e6d8f05c88719a1886d39fbe158e446dc025ed28955e14dc6f06074e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9dad414323451102f68a82011501bd72 |
| SHA1 | bd4cf7e3ab9c893d5b7e4d38806e6bb8f4e78b62 |
| SHA256 | 9192227725cec6581dc53b3a8a2021ecb1d61eec3957119ff946f1b75c85845a |
| SHA512 | 818fbff74ff224a22036b75e69dfdd33cc9a69114fe7511300fdecb4929cfdd79f838578fc4eddf8e23288c80d4e203b0e43f5b0ad2e1c5e200b492c1e85cf6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3d30414a292f8ff90965227cec000d0 |
| SHA1 | 48b96c8bba57fb440fc7de4b3edde30364ddf6d4 |
| SHA256 | 58c444d3a3fda76778327e8f0c8020fae44bb42a462fd486acb92d898fcf0bac |
| SHA512 | 73c37d7a43c12d9aa262bec2046b8388b340868b6e361dbae56f861daac6904fe58bed9ebc8865e123043ce0b1647d5cb12f47d8a317fd56fec7a248376f5ca9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bed068f53c72c3df99c979845521d676 |
| SHA1 | 792ab80ebec4a85e09e52ea45b096f2a4c596807 |
| SHA256 | 57ccadf0cd18dc9d67f430801ee2eca631f9942673b82b7e1478c455a24733cb |
| SHA512 | b24ff8cd233beaa1ee794527a3c6dca627bc6f367494037d2ea8c15c9394b09b0e3a340dea5cd8a212de3d5e5637407f5f238d524b0bf2aca285323ddb6d4cd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5e1fe2aeb0462024b81d4c0544902fe0 |
| SHA1 | 31eab0196980ce11051d286300747c4f8bb4e115 |
| SHA256 | 7538fc517da9d349cf2ffad0c30d41c5b64b146c199f31e12fa00fa9dd4e5636 |
| SHA512 | afab001cf4345dd511c343d7fadcdef158d2996b24423346817a34f4963e10a7799adf6c091b49f71a79d6267be7579a388187cc1150f26c0f92bf802c84cdf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 44f46d0056c9cc823f7b02f14b3639ae |
| SHA1 | 3a265f09dd9641e54f1926a1a8d19178cf7ef71d |
| SHA256 | 12178355f240c4db9ccaaaf0b032ca00fcc32e56abacfc3cff6abfeda5b7d334 |
| SHA512 | b1089d6d7259cd6734bd77ab3fdf9badcd7305c7a40f9d6837872ca79c4e7c8c0cbd34ccad4d4235aebeed61b78e9fe38597b2aaad30e1814c65bb700bdaa2ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2d9b5fba7421994981bef38d083896b1 |
| SHA1 | abc572a8caf66ebcdf89307d4e6c715169449672 |
| SHA256 | 2b1a5da54de62816585aa8cf0013c0e15ae2d845ad86987f37b200636835c892 |
| SHA512 | 54b05345e04fc8f27fdcaaeda836aad204be62ff6f1a21b46255dd17afdff88d9882d356bfc776a62de1348d97f4e2efedb6b6809b3d0ea3aee89530ecb02f3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin.7z
| MD5 | 187b25b9e02c2b5d01a70d9d1855dd7c |
| SHA1 | d0c7d39012ad0507239a3b060ea42cc13b22eb65 |
| SHA256 | f26803b764a54a90852b7fd274d5ced7a8a58f1715d3ab4b96900ad4f9dd0410 |
| SHA512 | bea5cec59d0ebee26a71c78dc38da47a25ea7932d119868caf82b5e4bbbcecd8969abea80ad41b65352f264ced33c457a041c0d9f321c272a8f913802ee254ed |
C:\Users\Admin\AppData\Local\Temp\7zECB6C7908\XWorm V5.3 Optimized Bin\Icons\icon (15).ico
| MD5 | e3143e8c70427a56dac73a808cba0c79 |
| SHA1 | 63556c7ad9e778d5bd9092f834b5cc751e419d16 |
| SHA256 | b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188 |
| SHA512 | 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc |
C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe
| MD5 | 897201dc6254281404ab74aa27790a71 |
| SHA1 | 9409ddf7e72b7869f4d689c88f9bbc1bc241a56e |
| SHA256 | f41828bd13a3a85fdf7a1d688b21ce33d2015c3c5f46b4d92ab6ea8ea019e03a |
| SHA512 | 2673cd7b927ffc22f3a4b4fbfcb1b4f576c416d67168e486e6d79fdd132129c9e244e36d7b7883a4a1ed51e993cc4384bf24f2fa3129584f2bd43fd16042de20 |
C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe.config
| MD5 | 66f09a3993dcae94acfe39d45b553f58 |
| SHA1 | 9d09f8e22d464f7021d7f713269b8169aed98682 |
| SHA256 | 7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7 |
| SHA512 | c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed |
memory/560-607-0x000001C76F510000-0x000001C7702EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/560-615-0x000001C773830000-0x000001C77441C000-memory.dmp
C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\Guna.UI2.dll
| MD5 | bcc0fe2b28edd2da651388f84599059b |
| SHA1 | 44d7756708aafa08730ca9dbdc01091790940a4f |
| SHA256 | c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef |
| SHA512 | 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8 |
memory/560-617-0x000001C774620000-0x000001C774814000-memory.dmp
memory/560-618-0x000001C774420000-0x000001C7745C9000-memory.dmp
C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\GeoIP.dat
| MD5 | 8ef41798df108ce9bd41382c9721b1c9 |
| SHA1 | 1e6227635a12039f4d380531b032bf773f0e6de0 |
| SHA256 | bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740 |
| SHA512 | 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d669a4c77937531860672b630769b431 |
| SHA1 | 796c2fa60d109a87ef52de059ebd4386d59ebdb5 |
| SHA256 | 1682d4ca4ac89ce728fd693b76659fde5c894be2a35545ab8a0382d6cbc15ce9 |
| SHA512 | 391450b4f858db074867e632ab3c3fe339fb644bb17c2a6cd125e52cb450d1e37347cec9252e4110459bf543fdfbc95b2ad44b9218c5548d025f97ee597ee776 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bb4d6a5ea0720c2b1bf58b156620161d |
| SHA1 | 3bbf2012af9800d8847d6962102387fcb0d9eb7f |
| SHA256 | 07a21416b330be17f9c846776202ac4672c9c2ea66e98d36144f889462720af9 |
| SHA512 | 2dceb401eb43c8780b61f0abfaf8f70384c843f0080b14fce8c0f74b2b1ed5dc031370d311e8e9e5a6f45c46b42d3482aa98a0942847c88c7d41974e0e357a8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48987ddea13fa396a14e56febebf76d1 |
| SHA1 | ef674bb3d0889bece3d5d4b19dd185cde672265d |
| SHA256 | a6fb4a1c6cd291f9670beb51a9ebbfe95f88b794f010324e1661597831023ddd |
| SHA512 | 141856a0f0f5c0dddc2c1b8fe188107646c4fa3c3e7eb5d7623e210ed77c43aa895130245727c7cdf2e332e98a784952f3f4916c4d6f6fcb3ed766c036367d3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 679247ea7d24ac0a751874a147f60a15 |
| SHA1 | dfb65c01417399580688680f475210d199b95a37 |
| SHA256 | d0f693159568af4248697064b2e7cbe305ed59463dae453e577bc87cfa929118 |
| SHA512 | 8293e962748045ac6d0933dbb5a19af275e961e6f52ea6f2af2db4477ebf351692f5478911208ab99e3aaaf50ac88405377ba147d037ef4efdf2a0ecdc7c7b99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 520591e3d9d5faedf80696f049784e7a |
| SHA1 | c55225233217f797d455aae12fbaf66e4aec6630 |
| SHA256 | 65c02fc1130dd1ef75aebf4775facd9e9b4019fa685060c559c54bc1f77cb1f7 |
| SHA512 | 3e14aaad9123d1d33289708277b15b8f43a9c4aa18443cb1df3933bde3267216134f1d8e17a5b444de353073226459322dc104847a6c60cfc89843be596f3a63 |
memory/560-747-0x000001C774420000-0x000001C7745C9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 9f68fae8fed183f858ccb1a44ce5bfae |
| SHA1 | a93677787f2354f107eb84b21911a1931da5e25d |
| SHA256 | 231b29c82b0805d8327b69109343ad1d45f4c085273bb9bb5ec9d5e4c1c486ce |
| SHA512 | 57283580ecbd9157de8b8c9f8d423dc31cf11f6d8d1531b3ccdfaae8c70e13ac4eb924e05288e0c1fda131198f7add897304537c8a461c77a8da66fd99297544 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 2280bbd50abfc3fc48e71e5d57835c06 |
| SHA1 | 37b7fd729f0ed273803bb1d3f25db6c3be0c15fe |
| SHA256 | 5f2ca8f34c9a89d58ea55bcbfba8ef4cd599290694dae4679ffd566e272fe408 |
| SHA512 | 84d4696d0c3553290d69be4ab5e2f21927c44f43d50bd26c290fd665fe6d6011a52a838ece26dd3cd3f34a72cc2cfe22b0ce95c0857e8d0d09a4d660f7f7f4d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381502736604343
| MD5 | 05d957dcc9d1a5737f3a3c7bc9af7e39 |
| SHA1 | 328f38369488708bd9d044f63187917e79d2e631 |
| SHA256 | 2e215f65c15811aadabc6fbe33420c773eb9bf06ff9e8793a90bd2382c5653bc |
| SHA512 | 6cb7900b3555b4393556da02a9bcbc756920d7bf2528b88aced332a69c506fbc1c174951c9a9b9fa44c3f53e638815bbde5276c5e6717a461d2895fe7032fd76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 1002b0ee7a3cb46c88c5989e39a3fa2e |
| SHA1 | 6978b9782fa3bade3f88f746467cbe0b3ddb11b7 |
| SHA256 | 7bc7c68694a8f16a85d00e58e752655092bad314b99fc4ec96f95ac9a26bcb01 |
| SHA512 | 2bf13d516b2fa0563f7dbc541c18fa89c677704cc3c37145ad54afaf38cebfc134708125a268d9bd839e437de840806efc2e5c5987534e8e68b4c9f838b4719c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 637bb1a02e76d05efb9a2015b602e35c |
| SHA1 | 219bc46b8532e8cb57e687c8dca32c6987da37d0 |
| SHA256 | cbce373432fa17352ffc8ef27ff241f3b1e606c7e0b03b235a3b3c779c35dc35 |
| SHA512 | beddc55a4d300a2de7f26925d8744a9d8a7e35ac6939154618f02a8f8a0a105089f2154f0c822938b19c4bccbae188ad42d774e24a1ce0298156c6a8ab26b7ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 9487bfa1a367e86e262da613ea780b40 |
| SHA1 | dc30fbdb5e878663986811b38f2fc45f327318d4 |
| SHA256 | ea06f96a6fc1d8d667e65a2f0f350ee32fc1bb2ca58612fb148e55fd6f96bfd6 |
| SHA512 | 355a935b1c4353c35ff9743f212f503f4530c2405899220eb258999317e6eb81f92d0c79f5317c34bb8315c751a7835054b87b6ee999451c9e184b64cdf35b1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 21b9963b784bc49dc6b4711b6b0218c9 |
| SHA1 | 1ca7cb376061d95cb059cd3f325c75cb7e5fe47b |
| SHA256 | b3321a535496e9ff1046262b085eb4e244095a931a36b8fd9a059630c829765e |
| SHA512 | 8db78936a0b9f4bdd0d76fa7cd4ffcdfe4c2cf87dfcea8e23b52697f6ad21caa69c29afdcf29ae918a52db765f881a6c77a16fd7dba7eccd0d751b13fa29d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 25929431469cc4a4d27999d44d818ab8 |
| SHA1 | a51d8d9f3710833b047a57420e992c844b6f5236 |
| SHA256 | f946e3ddc94ad24a54a6cfd3c7326c54d9f3f30d90b96af941e7f46dc2edce10 |
| SHA512 | fd6ce4934a62fe388aa263161bb88307bb97dccd0f26f3947b39e5b62707a08a6e3c35fd7a1343a62af2c76d118b92132593b47f1009cbf85a0e9488ec03b6b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07859fe4-fbe8-4a16-a7bb-5e58c988c582.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | a62d3a19ae8455b16223d3ead5300936 |
| SHA1 | c0c3083c7f5f7a6b41f440244a8226f96b300343 |
| SHA256 | c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e |
| SHA512 | f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69f8cbb6a9d14c60b73d20c6211bc00c |
| SHA1 | 4997fc4fe3800c080aacb4d71ad1f615c60acc31 |
| SHA256 | eaf671f72aa71fe2d43d158b43d151b3356d56cd731f7ffdb0b3d6afed729fa5 |
| SHA512 | e131d8c3a7096b592a638a7a5381a16b1024904f84c1cfa7cf73c31063a001b30abfc2a8730d0e1aa0292ad6f98ecad2cbb279631870259bffeb3eecceb6039e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 7e702d6c32ff1d9ab23e6680aaeee1df |
| SHA1 | b77da6834b2ef771145280157728e4ab1046e1a8 |
| SHA256 | 9ad572d2464454a18400e605621ce8da55182dadeba908b1bcc53cdaf866e857 |
| SHA512 | 28966f19d35336697d37c95dd276e11065129c1e93b809dbcc706ef419d85377b0cab76aff3bdd6f2e25808b46ea86d4f4273fa51754adccc58bf131f5a52684 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | cbda18b5e37b6a79b81e27bd5f179bf4 |
| SHA1 | 9cf93451a81c8f66692eada855d5f3ce3c02ff59 |
| SHA256 | 6f5f8c27b0a78fb99d8c91be451ee93c44d890b7714dda1292aa19605e82e512 |
| SHA512 | 5ba5b3cb32111bb195ef8e5b47fcd1bd10f69a2df39d1e545955566c98182b224f7f8775c134bd92496d0a549f0261218317eb73be7225b7b6842a144a3ce2ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | a48763b50473dbd0a0922258703d673e |
| SHA1 | 5a3572629bcdf5586d79823b6ddbf3d9736aa251 |
| SHA256 | 9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd |
| SHA512 | 536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | c6f5710b5e061e0af4aecabd0f5876c0 |
| SHA1 | 75f452733610f8852ed40a3c50db4f0d51c6987d |
| SHA256 | 30f5da117896b75ace5e7b0af1e5a0779c08adb6ad01ba1c04e8821d66c3d2cc |
| SHA512 | 4c11aacf6e07e5799e5e07e521c5fc479bc0a57bf5359c7a12d635b1e7ce42e0c6c7965e317fb97349a1c2c942b38ebb4145753e9c4efe9d5020f192a54b3665 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | c766bafbd00b8fd83323b088f81d2ac5 |
| SHA1 | da8aae979958edc04245647a7f752663f9187ca9 |
| SHA256 | 3e9b72ab11f8db7cf0e52442b73d5c6d15f50e05f1c3923b1fe9ddf27b0c630d |
| SHA512 | 55afcf6863ed4c730fac3a05d6b8c280c6099d2bde85629be77fb51f239eeda027d0cecbd21da6e8f7a53b6c122e75a33b1fe767c4cbfcdc50b63d03fe41947b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 071b99c1e57d5becf5e5e4acefeccb1f |
| SHA1 | ec6b1239479a9ba559a63abc8176a698ba111236 |
| SHA256 | 37c3fb2b2e474e6358f16edf852b82a3cb7ca6aad27fc56a9ff8249982a2cada |
| SHA512 | f9bed0cfdc7c8a14e9f227ba55ed2aea4b79575b9173e8e31d7cd586670bcb644a5b2844e63b6b2ba5bd08d94c4d3b25a51018eadad5d4ba4e9c632e585f9295 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 093244be81dfe8521957033d6826745b |
| SHA1 | 59db7c139a371e8f987520111e08bdc9a4e8180e |
| SHA256 | ace76c81fc05b06b5807c398591ab0425388a78eb54f23dca49e96f648b3867f |
| SHA512 | f4fd1b50f0f33675141724a5fc85473abd5c30878b033fa07ac9a69e2a176161b02671ec05cb172b1b33182e3ea5440e15d583503ba75c40ffb6bd3ab4e0ca9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 3fa641867977126c2c7b5c5e1d23969b |
| SHA1 | 9a6850bb77dcd408ac422b6672f6c670970d3809 |
| SHA256 | d15ff53e525e463f13aafb9cd302d3ba7ad42390e6432b526092abd0769a2aa5 |
| SHA512 | 778c288a44e3d39a3176c07f9882ebeed39a0d9a7c3140977c3204d98a3396854870545eb6e1b7432435753306d13fac84b1bd2e535e6452d0dc5ae26dfcf2f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | a1a2b9d42661ccac1d00ad3e4c0fc39d |
| SHA1 | 00e272d025decf59df252adde38d8c63cdc14f18 |
| SHA256 | f7e9e39f6e918b4820f33a07cd8c6c5cfbda8a799c6ff1cfe4b801ba4dde5826 |
| SHA512 | dffdaea62ceba0652759ded5ed6082978bc1d3d33b34c464909869c46b55ed659a6511b87a334949026546e3bd4b088e05305d3e126ef1ea8b15e3ba5bf0577f |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 5baaf44b82f4c44eb18a5f6740dc4d51 |
| SHA1 | 4892228dc71a2d975320a21f66b74f2ccdb1c195 |
| SHA256 | db4782d6ad08a8b337804c0534664216e525f44b50a8ace168ce0ae8dac4a9b3 |
| SHA512 | 9adae2fe99f59fa07aef152321b7ed539747f275e176310dd923303868fe6fe154c78ba08b6535adcc46966f3413ccda1081978a8767c0893c38e02ff2b3c14e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | f55234db88c6538e3f4ad45c114435f1 |
| SHA1 | c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6 |
| SHA256 | bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a |
| SHA512 | 8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be1048f59bf6b3b009ca2383ee4602ec |
| SHA1 | 4a2a19ed2b5424a7668d9506bf5681624e11dcd6 |
| SHA256 | cb4db4009ab6e7d887f484925f061e8cc3d129b8bc0a0bdbe1c049b284dd7100 |
| SHA512 | 93d81cc1e440663355ecfbe62393a83b57cf8ed1f078abb5f469563f78b1d4cf39bb1ad73146b3dda8abfcf6ce158c7888749bc6bbdd21064cbe4ff015046300 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | 4517391bc8c55acdbe1f4c2f0d1c1fc8 |
| SHA1 | ac51fcf3271333d222e4cb526431817f48345a43 |
| SHA256 | 3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d |
| SHA512 | e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 14ffe9e8ed75f4bccdc608b6d76f27d4 |
| SHA1 | 006b32641e51bda391773d579a8b6ba1428a5213 |
| SHA256 | 70716dd3933c39ae84648e1583a64acbf57a9b4bd709ea2160605a4c3a5c161f |
| SHA512 | 969a0bd40d86cb2fdd258feca71ab4abda60088f401d2b3c8e904946c01947083c31259ade5787cfd90d221e90fbeee9affdb0dc2778abd327bd1db793796619 |
memory/560-807-0x000001C774420000-0x000001C7745C9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
| MD5 | 8feb503d057a1dfc7121b0aa2c7cc10f |
| SHA1 | 0d25b47e8482de37b7f615205b8a45162e1049d4 |
| SHA256 | e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713 |
| SHA512 | a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 23ac92f3b8fbaa7ab668aaecdeef71e4 |
| SHA1 | 2afd769c1dc09ce37d8a2411708a524049f04189 |
| SHA256 | b51a44830b751da2b3812ddfc5fce5993613596c8534fd69ac0e0312f44b6d5b |
| SHA512 | e4145452d893b85e81a96ac1cebbe2873322724af109bf42c78716ba3de7669ec3d2722fcbb7e3773ce35c7305d227ead2bead1c01a9079191d8d4255a57cac6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | ab10610f89b98e0de5590f17943ae440 |
| SHA1 | d49f4251273c4dec9d0d62dab0e94230a3c473a1 |
| SHA256 | e632bd7ae1bc993ba3da727317133721ee521dab9e89355f370218710e03b8ca |
| SHA512 | 2ef05aedfc64bd6458196ad24df124098889a55110c95e8abe8664a4f918a1cd79b54163e0edd702e1036ae4e2231d0926bb11d329df2056cb95ce1148f5822f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 4edd0e14f10bc5e1c31690c423b71fa5 |
| SHA1 | 90c72d10fcbf7a371158c2fdc7209da13f0f8d90 |
| SHA256 | 56d3e3e8e565801f8aa79d13bdf14b6a2eb1517e2843ba53e39c914f02521d0e |
| SHA512 | ecc948d0e04977694c6d175c08e99817cd6ae4c31cc5059936803b5350f588f2593d885cc3091c2b7921f30ac3ee89baa6a34b162d1ea1e068cf2d0f52cb804f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 4651d27909dd3a3a7d5a2f7af4c6979f |
| SHA1 | cd681ac3d1a5fbb1cacdb55334fe8b51656850df |
| SHA256 | 97a0c460f83089f8570a7d87b83d354e15d6b1006543971f6570c0e70f1c6994 |
| SHA512 | 1d0b700d98c9a8b6758e446db904670250bb313620fa9855a5a5836b5393a5bbd1d54ab63ddc9178af912c8c0fac874a7a139f20f46cb1b093c88ba44a397434 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 78b70183f51c7f9639faa630f5d8ee3c |
| SHA1 | 232d38e6c221f175ad2b8ac5601079e94c587bc6 |
| SHA256 | 2f4e3fbfe1c94f1e5b00e8779401b3bc50cb57dc9d0dbbe81318f9af841b2804 |
| SHA512 | 28e8549a0708a64764c5420c8cf0a813489158434c33e2f8b28baa68e6a1050966249703dc5ab059b5f423b8b38f2a97beacf2ffde6e93aa863a0317e51ac696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 14e39be019da848a73da7658165674cb |
| SHA1 | e016473c4189a8cc3dbff754a48b3e42d68af25a |
| SHA256 | 39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd |
| SHA512 | 828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | f10c37d77d36e96a16728e74796b711b |
| SHA1 | 8ed11aacba485806971a017b6d008787b5a3c6e2 |
| SHA256 | 92ef87710f3329116be314daab24b45d5fa302a1a5d4b94c63117d7926e82abf |
| SHA512 | 59793d2a3c08c285c1b97cefbde75880e5c07b6fb4d381f272a65a748b0d2bea7016e2b709a925b8901e2a028c0630330cbfa3e0aba77898291a5c339a75c9bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efa986235cc38916_0
| MD5 | 6943c7a731f89b4b90bf5568da44882a |
| SHA1 | 7c053397e1d8729a97dcaee729534efda664ea01 |
| SHA256 | cbeab8c8e168aa4f856ff363cf9227e624ea82ce3a6bc8679f882203c95c8483 |
| SHA512 | 679198e4610fee6fed9bcec8276416d878b10d587d69d23d20df56b1ff9c5bd93f21fd4648ad20c89232ad03aa424fee7f561efe36ba0e948b782b7da0f8115c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c1d12ba9922229a32a9f1496a6ad4f49 |
| SHA1 | b0d697e1b89a10579e24f719e9cc971c6be6aabc |
| SHA256 | 92ebe3a089eebde442c89624484b461535f00d1d8edcf637dcb56c87327e76fc |
| SHA512 | aea2aa778b0e93d9dc1f31ecc56ffe4cae0405becd349fab713d838d968a7aacb482f20ce698358833a4771c2d8ec1a559cf7152193348f97860bf120270c1a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 02c387144a1919697ecafa6ec1d7e4e0 |
| SHA1 | f9f6d260195d310f63b90f277d929c2aa5788385 |
| SHA256 | a5f900c8faf6293acffb2454df63bfa60a798505865fc199caba94c0551350ae |
| SHA512 | d8f2a7aa72b3476ed1388bca92da02be19d2fc814ecbda66887e74024f9196b40f59df7ed53a800ed3134807dbd890820301e8fcbe30bd501d92c0c6ae017675 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab9fb3c8e8274c4be97d560bbddf1124 |
| SHA1 | 43241d7e2dba30e6c70c534d39334173c6c005e8 |
| SHA256 | ee2af9ca073dd9e49a4170d8ad5df7d3324f6f37663679c728d44dba645c310c |
| SHA512 | 9659e3f9dad828ebe0a56526706c4a0dcdf1ddff8aaf2e725b58852be2d8cdc936d2a62a12cee578facaaffddaa22a94f531bc975497d52afa26a21a81a7e2b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e2eaae0ef587decd7d6c0a5cb0b0f08c |
| SHA1 | 55e34cd51c61ae485285653c11b973108881e0a8 |
| SHA256 | cc6a968a3d10f08a0474c3d61d6dacd511706ab80deb289035ec07aaa3dfce46 |
| SHA512 | 7152c005a3e0a5d585af4b76558ac2bb0abc93bd5672c6a0e5405299c8e1fc1e1bc67d2c3bcd5f69852a58f1c6b25ecfeedfca2693ca3d73f586c1c458673ec3 |
memory/560-932-0x000001C774420000-0x000001C7745C9000-memory.dmp
memory/560-934-0x000001C774420000-0x000001C7745C9000-memory.dmp
memory/2292-935-0x0000000000700000-0x0000000000720000-memory.dmp
memory/2292-936-0x000002D662C00000-0x000002D662C42000-memory.dmp
memory/2292-937-0x000002D662CB0000-0x000002D662CD8000-memory.dmp
memory/2292-938-0x000002D662C50000-0x000002D662C56000-memory.dmp
memory/2292-939-0x000002D67B700000-0x000002D67B75E000-memory.dmp
memory/2292-940-0x000002D67B760000-0x000002D67B7B6000-memory.dmp
memory/2292-941-0x000002D661420000-0x000002D661426000-memory.dmp
memory/2292-942-0x000002D661430000-0x000002D661436000-memory.dmp
memory/2292-943-0x000002D67B650000-0x000002D67B68C000-memory.dmp
memory/2292-944-0x000002D662D00000-0x000002D662D1A000-memory.dmp
memory/2292-945-0x000002D67C5A0000-0x000002D67D37E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bf2509d2e739db36dcd5d01a09431815 |
| SHA1 | 16b863551083f728849881f221dac67dabb73858 |
| SHA256 | fe5a40c6673dfb187ea7adbbd7a9137f56a3e40b40690466b9caf0b4b7f8c111 |
| SHA512 | be221396de95bae3a1444bc396edeef26589dcdf1eda2e4fce12fa0b0742f4511cdbe67629c128941a80770687ae30a10ac7e5f33036ee885d7245d5a817f645 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b70166ebc65545ecee13885269956582 |
| SHA1 | ecdeeb104527cd109fbcf52869f589a346956adc |
| SHA256 | c0f002b12733a6686836fc11cdc8c3f8e5235a9a604a3887c049a8689ee0d8ae |
| SHA512 | 48c55bda5b1e568510eb5f26699b92dd24c8c3210961d19f998568eea5a465675ce71cc40d89c5d677ed2b7ec5efca83acc123d4d6899b71e6e3fff98988b44d |
memory/2292-969-0x000002D67BF90000-0x000002D67C139000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0c4f8ea762b7f52b506ba07681536a70 |
| SHA1 | 43646441cc21a4c9512a911cf7bbbf75de442dc9 |
| SHA256 | 0e066358f03354c6dc0f019584449967460c4b0aa89b5c2c11458f5f134069c7 |
| SHA512 | 55c63130c78bf7c1bb20a571bad67e79368162a5da0cbe2d28424a68e4e3bd175a128ec11ea173f46cda35fad29537b1aa874ee252f5e7f8e7d2f7266b1bfde8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 355da9ee5b7c8586ee88e024004d503e |
| SHA1 | f50ddf8ed098acab3156198d74db4cd8d3d796a1 |
| SHA256 | 07f95e7bb58100811ad7fd1f30012d93f461af8c34d0fdaf6229ecceb10185ab |
| SHA512 | beb51483e1dc79ad6f5dba9619263c5e78576ae58dd5d00bc1778da286e663a03c1a50f36024419529e4d1f5a95664321f43a00045d2e083625b897c0e7891d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf96f0e47998d2b7a9756e01868a2d91 |
| SHA1 | b54ef79403938bd6349cacee7fe7844933bdf3fb |
| SHA256 | 74a2b949e1b4877146c749c320d22b41d6554557cbc2ba87f0e0032a0cd58212 |
| SHA512 | a5d8bb789de969e544c78ea7fcf956d5d752cd69eaab965900ea2016662e6991653c00e83dfe42dc4263e38413a4ef806086d79571de677b18d6322b2e5603aa |
memory/2292-1061-0x000002D67BF90000-0x000002D67C139000-memory.dmp
memory/2292-1062-0x000002D67BF90000-0x000002D67C139000-memory.dmp
memory/2292-1063-0x000002D67BF90000-0x000002D67C139000-memory.dmp
memory/2292-1064-0x000002D67BF90000-0x000002D67C139000-memory.dmp
memory/2292-1065-0x000002D67BF90000-0x000002D67C139000-memory.dmp
memory/2292-1066-0x000002D67BF90000-0x000002D67C139000-memory.dmp
memory/2292-1067-0x000002D67BF90000-0x000002D67C139000-memory.dmp
memory/2292-1069-0x000002D67BF90000-0x000002D67C139000-memory.dmp
memory/2292-1070-0x000002D67BF90000-0x000002D67C139000-memory.dmp
memory/2292-1072-0x000002D67BF90000-0x000002D67C139000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 186ccc6761714f7e88de1fff069b95fb |
| SHA1 | c7dec1fff5e2f359cccf94875265f96757865b34 |
| SHA256 | abb5c7113a03fa5d3a4d6d25007f875d5189c85054252a03a3c9d2cc64a5f59e |
| SHA512 | 5f346abd0068d56df1bc7236a8f8ae6e0397cd35c7e8a6554f90724bc4936ed6a1f127aef797391d34ab458ba9ff3337bade05334155aae7473e6c463b0499c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | d474ec7f8d58a66420b6daa0893a4874 |
| SHA1 | 4314642571493ba983748556d0e76ec6704da211 |
| SHA256 | 553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69 |
| SHA512 | 344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4528_1418597071\599e1e9c-9a22-43b7-9ad0-484066467a50.tmp
| MD5 | 14937b985303ecce4196154a24fc369a |
| SHA1 | ecfe89e11a8d08ce0c8745ff5735d5edad683730 |
| SHA256 | 71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff |
| SHA512 | 1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4528_1418597071\CRX_INSTALL\_locales\en\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 642ff3986d9cd390b9e96b23f35863fe |
| SHA1 | 58355c908fba6a85c6645603c4344d77ff07f853 |
| SHA256 | aa612e4fbad502f9131229b020a36cb358126842bfcb69d4cd34c2905d3f1dcf |
| SHA512 | a33d4d4df71142a9dc63115eb554422bcd6df0278ad59b1975001846258ab55d3f183414094d0d127843a66b9a1b24569fe6616d459820f688cf11e957d707eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d454c1ae3d8e9bc3de56fce80a7bdac9 |
| SHA1 | 3023669e2bb6b440c1456c713616211a4171b86b |
| SHA256 | b4905e739a467fc341c89d6e4d4063776eb57046bacf66645c238fe5b029d69b |
| SHA512 | fc29a8014eb573c108aaef18483668dc48594396764d2399f742b9bc0aa9869d5b3036b8ed3dbf0885d6804893b3737ed379fca2830ae0211a2c4cc6cdd1fa5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a00c70f52ed05f1eb4f635e4949920ae |
| SHA1 | 9020117b33c85d0e8e7038edeb57f223904b5bad |
| SHA256 | 35a33a07966b85dfa4c3a4fef9022c6e2186d3ae4e3279582f65da24867f56b3 |
| SHA512 | 88cee913ae932f080b1882e572b58c9e8c20871d606ec14e16ec467b65994bb945f1e0cc520f00abb0d86b8a4f91503a24b240714f3ec300aa424048d2c224f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | ca9e4686e278b752e1dec522d6830b1f |
| SHA1 | 1129a37b84ee4708492f51323c90804bb0dfed64 |
| SHA256 | b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26 |
| SHA512 | 600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4c0d25efb3d5be38c57ffb7ce1b95ad4 |
| SHA1 | 3462e582483a162be66f0a79b4f871dc76d40311 |
| SHA256 | 293d22fa2d5b84f4c7e7941637d81485cb78c10f624b5fb3bdd63bfc22d66aec |
| SHA512 | 8ce99bc221e57f7d03e1cd5a3b800fbb80b2330d77455251d3b2a446c1941526a5c831272b1e2f95a31c91ef6078257d57eabde20a98b808dff257b0634cdd6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f436884c1a0e9a3a7ea524d64773e8d4 |
| SHA1 | 2c413507722be27bffe511340706523beab2cf0b |
| SHA256 | ac7e03b707df7f686c2342938c742ae2e1d857fefa9faf0fc6d8f774d0b39670 |
| SHA512 | 954edd133d011980cbf83668e4cde0cbb1d7cbdcb27cdc4bc5c57f791ad344cd456fddfeef25f3bd072d52661e679387c192828757945f7637b3506eab0fdf13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e9a010afb77a6afc0ef689c980253ef3 |
| SHA1 | 07345d22bb0be8772230168a44ec6aa3e6ea6904 |
| SHA256 | a807933cee5aa85b1a39deb21e715dcbf467ccfe3f8f30934ada6cea98d6d93a |
| SHA512 | debf174ac89a170e28d6c686e2a3cec69e5ddd3e5d93b8771721ae1b86cde5cc608366bd395badedc166ccfb46843beedfd6867f6f45e216d6c55890213577eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2e28f48f6a1eb3b934d121211d7f5273 |
| SHA1 | d3c2e0bd00e5d78fc968bf6a94370dd21608c57e |
| SHA256 | 8de6a40baa5ee78ae3eb75e12f020bb97249e23ff68e7c29c72eedb2bfb30439 |
| SHA512 | 89f9096b8262876c25fa701616ec1b37ea532474316ec67bb3d26422b7cc4247aa2348e2d7bb39f18a1e3ad8ee3f7e2132bc5361e4a198c78c01b6a26d7d8cf7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0493090dd94276286b77b443ad4760e8 |
| SHA1 | b8b0e4c3f6fb78184c2c7713d383b8027cf4477d |
| SHA256 | 5231515b96b6cbcc4f3b874c1b43b4915f886883343c32876571bb8d999ee6d2 |
| SHA512 | 53fca16bccb92a70bc128768ceda1b3bb70e39758344e276d8dbf5f63ad795fe85f271f842f6d7fb84badd8710fb10bb69fdb7215711b333cd55cefb7979e9a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d483c7b9dee9ca781bdf2d84e756d2ae |
| SHA1 | ef3fc82685c58a13a72d447b1a90709d6b2da59c |
| SHA256 | 0cffae7ff14d76405e8f8c9be4d66eb15312888228c9f4ec11f6f638c211e68f |
| SHA512 | b184b68e3dee2929225123ef4de5a0f1c01bcf26d7bcc384ada539ddea268c2c94308bc2b4a87c76d704ee8faf804fe88d157d8dcae0114795432b3f28f3a7c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b66234d83640123b661b8a88c2e5500e |
| SHA1 | c353a405203fba5da85a7a304308120e6a6ff96f |
| SHA256 | d9dd6147c07e10ea838034043ff281524027def0e070ed6cab203595a88b7b1c |
| SHA512 | a78af68342fa90e98d77eef0081a3ef1fe38a91e17457c48f04993d02fce1d2dc6fbf9b49effeb703893eb9410126101e51ee1a7f15472f16ad616ba2e764d02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e5616d03017a8802c6aabebe148a9653 |
| SHA1 | cbf4639151e8e2dd97ddf268c2a88fc0c1f27c8b |
| SHA256 | 1542eefd60443c329f7e546608be622d16f6d2336006f9eb960d481463eb0852 |
| SHA512 | ca17635026ea12944db3657127b4b8fda0a984aa62b3282deff718b11b0d80dac984242998858a78d932cb6a163c1c98c6a51ccab452a9e983579e5128df2e89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7eb0b5d031a4430121c824fbcad499da |
| SHA1 | 1c887353ca03a69a5c7d47efe86672043d5d35d8 |
| SHA256 | cdab61d3725f58b6961151f1f051484d8fe5c22a7e47a67db2a7661872380399 |
| SHA512 | d496a19d8f2aa4a18ff5391e0e553764b36d416b934c92656eaafd30c3b1741007e5f38e777ff0094ec4352d54ddc25fe3c379b3865e69beb443b99c34ca28e6 |