Malware Analysis Report

2025-05-28 16:49

Sample ID 250116-n77tpszpgl
Target https://github.com/SmokeLoader/XWorm-V5.3/releases
Tags
agilenet discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://github.com/SmokeLoader/XWorm-V5.3/releases was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet discovery

Executes dropped EXE

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Enumerates physical storage devices

Browser Information Discovery

Modifies registry class

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-16 12:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-16 12:03

Reported

2025-01-16 12:10

Platform

win10v2004-20241007-en

Max time kernel

338s

Max time network

333s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/SmokeLoader/XWorm-V5.3/releases

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133815026736460510" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4876 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 1116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 1116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/SmokeLoader/XWorm-V5.3/releases

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9ed28cc40,0x7ff9ed28cc4c,0x7ff9ed28cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2036 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5152,i,3961515195688735816,8090661039512170395,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin.7z"

C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe

"C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5995457818258119670,228852670724390228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1105287445864080207,11796431002992422520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe

"C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWormLoader 5.2 x64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9dd5646f8,0x7ff9dd564708,0x7ff9dd564718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6776549327615416462,12834545557833324336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x414 0x4cc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9ed28cc40,0x7ff9ed28cc4c,0x7ff9ed28cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2232,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4780,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3192,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3416 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3428,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4456,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3728,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5176,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5000,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5404,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5636,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5764,i,8356583716971934996,12668327834502447829,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5788 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 60.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 7.98.22.2.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 telegram.org udp
US 8.8.8.8:53 cdn4.cdn-telegram.org udp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 34.111.35.152:443 cdn4.cdn-telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 152.35.111.34.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.200.33:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.34.21:443 virustotal.com tcp
US 216.239.34.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 34.54.88.138:443 www.virustotal.com tcp
US 34.54.88.138:443 www.virustotal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.178.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 138.88.54.34.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
GB 216.58.213.3:443 recaptcha.net tcp
GB 216.58.213.3:443 recaptcha.net tcp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.213.3:443 recaptcha.net udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 178.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 34.54.88.138:443 www.virustotal.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp

Files

\??\pipe\crashpad_4876_URLKWTMTEQLYZVEQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 84d204fd19a078d296649313f3c0da47
SHA1 7662194bfb20aba2bf245aff6718aa26ab7cd94a
SHA256 9d889e509173c6020ff38b4efcd807c9f0df28f9a1ac4e9b2404c8e3f1176abc
SHA512 9dd27848f213b5a5745c5e4d550bbe9534c0430f9d41d693019ff4b71a389ca70d0d3bba6dbb07ae184e18131f7ec1b6991ef7addec9d1c5ad604840c7272f7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 edf3f2739e800fcb6ef1c74266980890
SHA1 bd70a371b59dd9ee8eb41dfa7230a6c1f8dcc202
SHA256 f68f6cd04845be1241fb5658f6ac2f3f9d05b473e21100c4ab02dfe3ea2c6b00
SHA512 92bc89a8fd20c31c2e362b2a4d36a21625b3a4385fef68285cbf7b247a7b093f64987dd5328f3839fd6e48879071bcc15dca915fcdcbe71bd0c04050077c7324

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad636e36b141b9622e31caa2ee98fe22
SHA1 c313af301d7113c335b1980ec771331ab5651f2e
SHA256 a83ccb3f9cb977afa08265e8a36d7dccc318c94fb6d4743f769e32f3bec62ec8
SHA512 e2732b641629a4d9a375a78b6eb58c58666ed056d8cf57c4a5d3dc57ac0cdaeb732e26b70b97a0ac4daa42a578fb4dd602d3cb1689b7a815a115ea66b65b0e9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 43ee36483ddeb447ab796a5f12771ddc
SHA1 fd178ea166b427bec4f3955377217511dcd151dc
SHA256 3be893be02b43aeff1535a3c8c015bcbed147b54c0361a432538374018c2dbc2
SHA512 1e4f1aea82019e7e1f8311746d19c4ba1d7f3f71bd4a0499f01e8eb3b588037ab21a608e6d8f05c88719a1886d39fbe158e446dc025ed28955e14dc6f06074e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9dad414323451102f68a82011501bd72
SHA1 bd4cf7e3ab9c893d5b7e4d38806e6bb8f4e78b62
SHA256 9192227725cec6581dc53b3a8a2021ecb1d61eec3957119ff946f1b75c85845a
SHA512 818fbff74ff224a22036b75e69dfdd33cc9a69114fe7511300fdecb4929cfdd79f838578fc4eddf8e23288c80d4e203b0e43f5b0ad2e1c5e200b492c1e85cf6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3d30414a292f8ff90965227cec000d0
SHA1 48b96c8bba57fb440fc7de4b3edde30364ddf6d4
SHA256 58c444d3a3fda76778327e8f0c8020fae44bb42a462fd486acb92d898fcf0bac
SHA512 73c37d7a43c12d9aa262bec2046b8388b340868b6e361dbae56f861daac6904fe58bed9ebc8865e123043ce0b1647d5cb12f47d8a317fd56fec7a248376f5ca9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bed068f53c72c3df99c979845521d676
SHA1 792ab80ebec4a85e09e52ea45b096f2a4c596807
SHA256 57ccadf0cd18dc9d67f430801ee2eca631f9942673b82b7e1478c455a24733cb
SHA512 b24ff8cd233beaa1ee794527a3c6dca627bc6f367494037d2ea8c15c9394b09b0e3a340dea5cd8a212de3d5e5637407f5f238d524b0bf2aca285323ddb6d4cd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5e1fe2aeb0462024b81d4c0544902fe0
SHA1 31eab0196980ce11051d286300747c4f8bb4e115
SHA256 7538fc517da9d349cf2ffad0c30d41c5b64b146c199f31e12fa00fa9dd4e5636
SHA512 afab001cf4345dd511c343d7fadcdef158d2996b24423346817a34f4963e10a7799adf6c091b49f71a79d6267be7579a388187cc1150f26c0f92bf802c84cdf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 44f46d0056c9cc823f7b02f14b3639ae
SHA1 3a265f09dd9641e54f1926a1a8d19178cf7ef71d
SHA256 12178355f240c4db9ccaaaf0b032ca00fcc32e56abacfc3cff6abfeda5b7d334
SHA512 b1089d6d7259cd6734bd77ab3fdf9badcd7305c7a40f9d6837872ca79c4e7c8c0cbd34ccad4d4235aebeed61b78e9fe38597b2aaad30e1814c65bb700bdaa2ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2d9b5fba7421994981bef38d083896b1
SHA1 abc572a8caf66ebcdf89307d4e6c715169449672
SHA256 2b1a5da54de62816585aa8cf0013c0e15ae2d845ad86987f37b200636835c892
SHA512 54b05345e04fc8f27fdcaaeda836aad204be62ff6f1a21b46255dd17afdff88d9882d356bfc776a62de1348d97f4e2efedb6b6809b3d0ea3aee89530ecb02f3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\Downloads\XWorm.V5.3.Optimized.Bin.7z

MD5 187b25b9e02c2b5d01a70d9d1855dd7c
SHA1 d0c7d39012ad0507239a3b060ea42cc13b22eb65
SHA256 f26803b764a54a90852b7fd274d5ced7a8a58f1715d3ab4b96900ad4f9dd0410
SHA512 bea5cec59d0ebee26a71c78dc38da47a25ea7932d119868caf82b5e4bbbcecd8969abea80ad41b65352f264ced33c457a041c0d9f321c272a8f913802ee254ed

C:\Users\Admin\AppData\Local\Temp\7zECB6C7908\XWorm V5.3 Optimized Bin\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe

MD5 897201dc6254281404ab74aa27790a71
SHA1 9409ddf7e72b7869f4d689c88f9bbc1bc241a56e
SHA256 f41828bd13a3a85fdf7a1d688b21ce33d2015c3c5f46b4d92ab6ea8ea019e03a
SHA512 2673cd7b927ffc22f3a4b4fbfcb1b4f576c416d67168e486e6d79fdd132129c9e244e36d7b7883a4a1ed51e993cc4384bf24f2fa3129584f2bd43fd16042de20

C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\XWorm V5.2.exe.config

MD5 66f09a3993dcae94acfe39d45b553f58
SHA1 9d09f8e22d464f7021d7f713269b8169aed98682
SHA256 7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7
SHA512 c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

memory/560-607-0x000001C76F510000-0x000001C7702EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RFZzY\RFZzY.dll

MD5 2f1a50031dcf5c87d92e8b2491fdcea6
SHA1 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA256 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA512 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

memory/560-615-0x000001C773830000-0x000001C77441C000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\Guna.UI2.dll

MD5 bcc0fe2b28edd2da651388f84599059b
SHA1 44d7756708aafa08730ca9dbdc01091790940a4f
SHA256 c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef
SHA512 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

memory/560-617-0x000001C774620000-0x000001C774814000-memory.dmp

memory/560-618-0x000001C774420000-0x000001C7745C9000-memory.dmp

C:\Users\Admin\Desktop\XWorm V5.3 Optimized Bin\GeoIP.dat

MD5 8ef41798df108ce9bd41382c9721b1c9
SHA1 1e6227635a12039f4d380531b032bf773f0e6de0
SHA256 bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740
SHA512 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d2c4f40f47672ecdf6f66fea242f4a
SHA1 4bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256 b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA512 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8749e21d9d0a17dac32d5aa2027f7a75
SHA1 a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512 c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d669a4c77937531860672b630769b431
SHA1 796c2fa60d109a87ef52de059ebd4386d59ebdb5
SHA256 1682d4ca4ac89ce728fd693b76659fde5c894be2a35545ab8a0382d6cbc15ce9
SHA512 391450b4f858db074867e632ab3c3fe339fb644bb17c2a6cd125e52cb450d1e37347cec9252e4110459bf543fdfbc95b2ad44b9218c5548d025f97ee597ee776

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb4d6a5ea0720c2b1bf58b156620161d
SHA1 3bbf2012af9800d8847d6962102387fcb0d9eb7f
SHA256 07a21416b330be17f9c846776202ac4672c9c2ea66e98d36144f889462720af9
SHA512 2dceb401eb43c8780b61f0abfaf8f70384c843f0080b14fce8c0f74b2b1ed5dc031370d311e8e9e5a6f45c46b42d3482aa98a0942847c88c7d41974e0e357a8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 48987ddea13fa396a14e56febebf76d1
SHA1 ef674bb3d0889bece3d5d4b19dd185cde672265d
SHA256 a6fb4a1c6cd291f9670beb51a9ebbfe95f88b794f010324e1661597831023ddd
SHA512 141856a0f0f5c0dddc2c1b8fe188107646c4fa3c3e7eb5d7623e210ed77c43aa895130245727c7cdf2e332e98a784952f3f4916c4d6f6fcb3ed766c036367d3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 679247ea7d24ac0a751874a147f60a15
SHA1 dfb65c01417399580688680f475210d199b95a37
SHA256 d0f693159568af4248697064b2e7cbe305ed59463dae453e577bc87cfa929118
SHA512 8293e962748045ac6d0933dbb5a19af275e961e6f52ea6f2af2db4477ebf351692f5478911208ab99e3aaaf50ac88405377ba147d037ef4efdf2a0ecdc7c7b99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 520591e3d9d5faedf80696f049784e7a
SHA1 c55225233217f797d455aae12fbaf66e4aec6630
SHA256 65c02fc1130dd1ef75aebf4775facd9e9b4019fa685060c559c54bc1f77cb1f7
SHA512 3e14aaad9123d1d33289708277b15b8f43a9c4aa18443cb1df3933bde3267216134f1d8e17a5b444de353073226459322dc104847a6c60cfc89843be596f3a63

memory/560-747-0x000001C774420000-0x000001C7745C9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 9f68fae8fed183f858ccb1a44ce5bfae
SHA1 a93677787f2354f107eb84b21911a1931da5e25d
SHA256 231b29c82b0805d8327b69109343ad1d45f4c085273bb9bb5ec9d5e4c1c486ce
SHA512 57283580ecbd9157de8b8c9f8d423dc31cf11f6d8d1531b3ccdfaae8c70e13ac4eb924e05288e0c1fda131198f7add897304537c8a461c77a8da66fd99297544

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 2280bbd50abfc3fc48e71e5d57835c06
SHA1 37b7fd729f0ed273803bb1d3f25db6c3be0c15fe
SHA256 5f2ca8f34c9a89d58ea55bcbfba8ef4cd599290694dae4679ffd566e272fe408
SHA512 84d4696d0c3553290d69be4ab5e2f21927c44f43d50bd26c290fd665fe6d6011a52a838ece26dd3cd3f34a72cc2cfe22b0ce95c0857e8d0d09a4d660f7f7f4d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381502736604343

MD5 05d957dcc9d1a5737f3a3c7bc9af7e39
SHA1 328f38369488708bd9d044f63187917e79d2e631
SHA256 2e215f65c15811aadabc6fbe33420c773eb9bf06ff9e8793a90bd2382c5653bc
SHA512 6cb7900b3555b4393556da02a9bcbc756920d7bf2528b88aced332a69c506fbc1c174951c9a9b9fa44c3f53e638815bbde5276c5e6717a461d2895fe7032fd76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 1002b0ee7a3cb46c88c5989e39a3fa2e
SHA1 6978b9782fa3bade3f88f746467cbe0b3ddb11b7
SHA256 7bc7c68694a8f16a85d00e58e752655092bad314b99fc4ec96f95ac9a26bcb01
SHA512 2bf13d516b2fa0563f7dbc541c18fa89c677704cc3c37145ad54afaf38cebfc134708125a268d9bd839e437de840806efc2e5c5987534e8e68b4c9f838b4719c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 637bb1a02e76d05efb9a2015b602e35c
SHA1 219bc46b8532e8cb57e687c8dca32c6987da37d0
SHA256 cbce373432fa17352ffc8ef27ff241f3b1e606c7e0b03b235a3b3c779c35dc35
SHA512 beddc55a4d300a2de7f26925d8744a9d8a7e35ac6939154618f02a8f8a0a105089f2154f0c822938b19c4bccbae188ad42d774e24a1ce0298156c6a8ab26b7ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 9487bfa1a367e86e262da613ea780b40
SHA1 dc30fbdb5e878663986811b38f2fc45f327318d4
SHA256 ea06f96a6fc1d8d667e65a2f0f350ee32fc1bb2ca58612fb148e55fd6f96bfd6
SHA512 355a935b1c4353c35ff9743f212f503f4530c2405899220eb258999317e6eb81f92d0c79f5317c34bb8315c751a7835054b87b6ee999451c9e184b64cdf35b1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 21b9963b784bc49dc6b4711b6b0218c9
SHA1 1ca7cb376061d95cb059cd3f325c75cb7e5fe47b
SHA256 b3321a535496e9ff1046262b085eb4e244095a931a36b8fd9a059630c829765e
SHA512 8db78936a0b9f4bdd0d76fa7cd4ffcdfe4c2cf87dfcea8e23b52697f6ad21caa69c29afdcf29ae918a52db765f881a6c77a16fd7dba7eccd0d751b13fa29d555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 25929431469cc4a4d27999d44d818ab8
SHA1 a51d8d9f3710833b047a57420e992c844b6f5236
SHA256 f946e3ddc94ad24a54a6cfd3c7326c54d9f3f30d90b96af941e7f46dc2edce10
SHA512 fd6ce4934a62fe388aa263161bb88307bb97dccd0f26f3947b39e5b62707a08a6e3c35fd7a1343a62af2c76d118b92132593b47f1009cbf85a0e9488ec03b6b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07859fe4-fbe8-4a16-a7bb-5e58c988c582.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a62d3a19ae8455b16223d3ead5300936
SHA1 c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256 c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512 f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69f8cbb6a9d14c60b73d20c6211bc00c
SHA1 4997fc4fe3800c080aacb4d71ad1f615c60acc31
SHA256 eaf671f72aa71fe2d43d158b43d151b3356d56cd731f7ffdb0b3d6afed729fa5
SHA512 e131d8c3a7096b592a638a7a5381a16b1024904f84c1cfa7cf73c31063a001b30abfc2a8730d0e1aa0292ad6f98ecad2cbb279631870259bffeb3eecceb6039e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 7e702d6c32ff1d9ab23e6680aaeee1df
SHA1 b77da6834b2ef771145280157728e4ab1046e1a8
SHA256 9ad572d2464454a18400e605621ce8da55182dadeba908b1bcc53cdaf866e857
SHA512 28966f19d35336697d37c95dd276e11065129c1e93b809dbcc706ef419d85377b0cab76aff3bdd6f2e25808b46ea86d4f4273fa51754adccc58bf131f5a52684

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 cbda18b5e37b6a79b81e27bd5f179bf4
SHA1 9cf93451a81c8f66692eada855d5f3ce3c02ff59
SHA256 6f5f8c27b0a78fb99d8c91be451ee93c44d890b7714dda1292aa19605e82e512
SHA512 5ba5b3cb32111bb195ef8e5b47fcd1bd10f69a2df39d1e545955566c98182b224f7f8775c134bd92496d0a549f0261218317eb73be7225b7b6842a144a3ce2ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 a48763b50473dbd0a0922258703d673e
SHA1 5a3572629bcdf5586d79823b6ddbf3d9736aa251
SHA256 9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd
SHA512 536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 c6f5710b5e061e0af4aecabd0f5876c0
SHA1 75f452733610f8852ed40a3c50db4f0d51c6987d
SHA256 30f5da117896b75ace5e7b0af1e5a0779c08adb6ad01ba1c04e8821d66c3d2cc
SHA512 4c11aacf6e07e5799e5e07e521c5fc479bc0a57bf5359c7a12d635b1e7ce42e0c6c7965e317fb97349a1c2c942b38ebb4145753e9c4efe9d5020f192a54b3665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 c766bafbd00b8fd83323b088f81d2ac5
SHA1 da8aae979958edc04245647a7f752663f9187ca9
SHA256 3e9b72ab11f8db7cf0e52442b73d5c6d15f50e05f1c3923b1fe9ddf27b0c630d
SHA512 55afcf6863ed4c730fac3a05d6b8c280c6099d2bde85629be77fb51f239eeda027d0cecbd21da6e8f7a53b6c122e75a33b1fe767c4cbfcdc50b63d03fe41947b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 071b99c1e57d5becf5e5e4acefeccb1f
SHA1 ec6b1239479a9ba559a63abc8176a698ba111236
SHA256 37c3fb2b2e474e6358f16edf852b82a3cb7ca6aad27fc56a9ff8249982a2cada
SHA512 f9bed0cfdc7c8a14e9f227ba55ed2aea4b79575b9173e8e31d7cd586670bcb644a5b2844e63b6b2ba5bd08d94c4d3b25a51018eadad5d4ba4e9c632e585f9295

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 093244be81dfe8521957033d6826745b
SHA1 59db7c139a371e8f987520111e08bdc9a4e8180e
SHA256 ace76c81fc05b06b5807c398591ab0425388a78eb54f23dca49e96f648b3867f
SHA512 f4fd1b50f0f33675141724a5fc85473abd5c30878b033fa07ac9a69e2a176161b02671ec05cb172b1b33182e3ea5440e15d583503ba75c40ffb6bd3ab4e0ca9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 3fa641867977126c2c7b5c5e1d23969b
SHA1 9a6850bb77dcd408ac422b6672f6c670970d3809
SHA256 d15ff53e525e463f13aafb9cd302d3ba7ad42390e6432b526092abd0769a2aa5
SHA512 778c288a44e3d39a3176c07f9882ebeed39a0d9a7c3140977c3204d98a3396854870545eb6e1b7432435753306d13fac84b1bd2e535e6452d0dc5ae26dfcf2f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 a1a2b9d42661ccac1d00ad3e4c0fc39d
SHA1 00e272d025decf59df252adde38d8c63cdc14f18
SHA256 f7e9e39f6e918b4820f33a07cd8c6c5cfbda8a799c6ff1cfe4b801ba4dde5826
SHA512 dffdaea62ceba0652759ded5ed6082978bc1d3d33b34c464909869c46b55ed659a6511b87a334949026546e3bd4b088e05305d3e126ef1ea8b15e3ba5bf0577f

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 5baaf44b82f4c44eb18a5f6740dc4d51
SHA1 4892228dc71a2d975320a21f66b74f2ccdb1c195
SHA256 db4782d6ad08a8b337804c0534664216e525f44b50a8ace168ce0ae8dac4a9b3
SHA512 9adae2fe99f59fa07aef152321b7ed539747f275e176310dd923303868fe6fe154c78ba08b6535adcc46966f3413ccda1081978a8767c0893c38e02ff2b3c14e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

MD5 f55234db88c6538e3f4ad45c114435f1
SHA1 c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6
SHA256 bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a
SHA512 8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be1048f59bf6b3b009ca2383ee4602ec
SHA1 4a2a19ed2b5424a7668d9506bf5681624e11dcd6
SHA256 cb4db4009ab6e7d887f484925f061e8cc3d129b8bc0a0bdbe1c049b284dd7100
SHA512 93d81cc1e440663355ecfbe62393a83b57cf8ed1f078abb5f469563f78b1d4cf39bb1ad73146b3dda8abfcf6ce158c7888749bc6bbdd21064cbe4ff015046300

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

MD5 4517391bc8c55acdbe1f4c2f0d1c1fc8
SHA1 ac51fcf3271333d222e4cb526431817f48345a43
SHA256 3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d
SHA512 e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 14ffe9e8ed75f4bccdc608b6d76f27d4
SHA1 006b32641e51bda391773d579a8b6ba1428a5213
SHA256 70716dd3933c39ae84648e1583a64acbf57a9b4bd709ea2160605a4c3a5c161f
SHA512 969a0bd40d86cb2fdd258feca71ab4abda60088f401d2b3c8e904946c01947083c31259ade5787cfd90d221e90fbeee9affdb0dc2778abd327bd1db793796619

memory/560-807-0x000001C774420000-0x000001C7745C9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

MD5 8feb503d057a1dfc7121b0aa2c7cc10f
SHA1 0d25b47e8482de37b7f615205b8a45162e1049d4
SHA256 e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713
SHA512 a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 23ac92f3b8fbaa7ab668aaecdeef71e4
SHA1 2afd769c1dc09ce37d8a2411708a524049f04189
SHA256 b51a44830b751da2b3812ddfc5fce5993613596c8534fd69ac0e0312f44b6d5b
SHA512 e4145452d893b85e81a96ac1cebbe2873322724af109bf42c78716ba3de7669ec3d2722fcbb7e3773ce35c7305d227ead2bead1c01a9079191d8d4255a57cac6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 ab10610f89b98e0de5590f17943ae440
SHA1 d49f4251273c4dec9d0d62dab0e94230a3c473a1
SHA256 e632bd7ae1bc993ba3da727317133721ee521dab9e89355f370218710e03b8ca
SHA512 2ef05aedfc64bd6458196ad24df124098889a55110c95e8abe8664a4f918a1cd79b54163e0edd702e1036ae4e2231d0926bb11d329df2056cb95ce1148f5822f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 4edd0e14f10bc5e1c31690c423b71fa5
SHA1 90c72d10fcbf7a371158c2fdc7209da13f0f8d90
SHA256 56d3e3e8e565801f8aa79d13bdf14b6a2eb1517e2843ba53e39c914f02521d0e
SHA512 ecc948d0e04977694c6d175c08e99817cd6ae4c31cc5059936803b5350f588f2593d885cc3091c2b7921f30ac3ee89baa6a34b162d1ea1e068cf2d0f52cb804f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 4651d27909dd3a3a7d5a2f7af4c6979f
SHA1 cd681ac3d1a5fbb1cacdb55334fe8b51656850df
SHA256 97a0c460f83089f8570a7d87b83d354e15d6b1006543971f6570c0e70f1c6994
SHA512 1d0b700d98c9a8b6758e446db904670250bb313620fa9855a5a5836b5393a5bbd1d54ab63ddc9178af912c8c0fac874a7a139f20f46cb1b093c88ba44a397434

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 78b70183f51c7f9639faa630f5d8ee3c
SHA1 232d38e6c221f175ad2b8ac5601079e94c587bc6
SHA256 2f4e3fbfe1c94f1e5b00e8779401b3bc50cb57dc9d0dbbe81318f9af841b2804
SHA512 28e8549a0708a64764c5420c8cf0a813489158434c33e2f8b28baa68e6a1050966249703dc5ab059b5f423b8b38f2a97beacf2ffde6e93aa863a0317e51ac696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 14e39be019da848a73da7658165674cb
SHA1 e016473c4189a8cc3dbff754a48b3e42d68af25a
SHA256 39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd
SHA512 828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 f10c37d77d36e96a16728e74796b711b
SHA1 8ed11aacba485806971a017b6d008787b5a3c6e2
SHA256 92ef87710f3329116be314daab24b45d5fa302a1a5d4b94c63117d7926e82abf
SHA512 59793d2a3c08c285c1b97cefbde75880e5c07b6fb4d381f272a65a748b0d2bea7016e2b709a925b8901e2a028c0630330cbfa3e0aba77898291a5c339a75c9bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efa986235cc38916_0

MD5 6943c7a731f89b4b90bf5568da44882a
SHA1 7c053397e1d8729a97dcaee729534efda664ea01
SHA256 cbeab8c8e168aa4f856ff363cf9227e624ea82ce3a6bc8679f882203c95c8483
SHA512 679198e4610fee6fed9bcec8276416d878b10d587d69d23d20df56b1ff9c5bd93f21fd4648ad20c89232ad03aa424fee7f561efe36ba0e948b782b7da0f8115c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c1d12ba9922229a32a9f1496a6ad4f49
SHA1 b0d697e1b89a10579e24f719e9cc971c6be6aabc
SHA256 92ebe3a089eebde442c89624484b461535f00d1d8edcf637dcb56c87327e76fc
SHA512 aea2aa778b0e93d9dc1f31ecc56ffe4cae0405becd349fab713d838d968a7aacb482f20ce698358833a4771c2d8ec1a559cf7152193348f97860bf120270c1a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 02c387144a1919697ecafa6ec1d7e4e0
SHA1 f9f6d260195d310f63b90f277d929c2aa5788385
SHA256 a5f900c8faf6293acffb2454df63bfa60a798505865fc199caba94c0551350ae
SHA512 d8f2a7aa72b3476ed1388bca92da02be19d2fc814ecbda66887e74024f9196b40f59df7ed53a800ed3134807dbd890820301e8fcbe30bd501d92c0c6ae017675

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab9fb3c8e8274c4be97d560bbddf1124
SHA1 43241d7e2dba30e6c70c534d39334173c6c005e8
SHA256 ee2af9ca073dd9e49a4170d8ad5df7d3324f6f37663679c728d44dba645c310c
SHA512 9659e3f9dad828ebe0a56526706c4a0dcdf1ddff8aaf2e725b58852be2d8cdc936d2a62a12cee578facaaffddaa22a94f531bc975497d52afa26a21a81a7e2b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e2eaae0ef587decd7d6c0a5cb0b0f08c
SHA1 55e34cd51c61ae485285653c11b973108881e0a8
SHA256 cc6a968a3d10f08a0474c3d61d6dacd511706ab80deb289035ec07aaa3dfce46
SHA512 7152c005a3e0a5d585af4b76558ac2bb0abc93bd5672c6a0e5405299c8e1fc1e1bc67d2c3bcd5f69852a58f1c6b25ecfeedfca2693ca3d73f586c1c458673ec3

memory/560-932-0x000001C774420000-0x000001C7745C9000-memory.dmp

memory/560-934-0x000001C774420000-0x000001C7745C9000-memory.dmp

memory/2292-935-0x0000000000700000-0x0000000000720000-memory.dmp

memory/2292-936-0x000002D662C00000-0x000002D662C42000-memory.dmp

memory/2292-937-0x000002D662CB0000-0x000002D662CD8000-memory.dmp

memory/2292-938-0x000002D662C50000-0x000002D662C56000-memory.dmp

memory/2292-939-0x000002D67B700000-0x000002D67B75E000-memory.dmp

memory/2292-940-0x000002D67B760000-0x000002D67B7B6000-memory.dmp

memory/2292-941-0x000002D661420000-0x000002D661426000-memory.dmp

memory/2292-942-0x000002D661430000-0x000002D661436000-memory.dmp

memory/2292-943-0x000002D67B650000-0x000002D67B68C000-memory.dmp

memory/2292-944-0x000002D662D00000-0x000002D662D1A000-memory.dmp

memory/2292-945-0x000002D67C5A0000-0x000002D67D37E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bf2509d2e739db36dcd5d01a09431815
SHA1 16b863551083f728849881f221dac67dabb73858
SHA256 fe5a40c6673dfb187ea7adbbd7a9137f56a3e40b40690466b9caf0b4b7f8c111
SHA512 be221396de95bae3a1444bc396edeef26589dcdf1eda2e4fce12fa0b0742f4511cdbe67629c128941a80770687ae30a10ac7e5f33036ee885d7245d5a817f645

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b70166ebc65545ecee13885269956582
SHA1 ecdeeb104527cd109fbcf52869f589a346956adc
SHA256 c0f002b12733a6686836fc11cdc8c3f8e5235a9a604a3887c049a8689ee0d8ae
SHA512 48c55bda5b1e568510eb5f26699b92dd24c8c3210961d19f998568eea5a465675ce71cc40d89c5d677ed2b7ec5efca83acc123d4d6899b71e6e3fff98988b44d

memory/2292-969-0x000002D67BF90000-0x000002D67C139000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0c4f8ea762b7f52b506ba07681536a70
SHA1 43646441cc21a4c9512a911cf7bbbf75de442dc9
SHA256 0e066358f03354c6dc0f019584449967460c4b0aa89b5c2c11458f5f134069c7
SHA512 55c63130c78bf7c1bb20a571bad67e79368162a5da0cbe2d28424a68e4e3bd175a128ec11ea173f46cda35fad29537b1aa874ee252f5e7f8e7d2f7266b1bfde8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 355da9ee5b7c8586ee88e024004d503e
SHA1 f50ddf8ed098acab3156198d74db4cd8d3d796a1
SHA256 07f95e7bb58100811ad7fd1f30012d93f461af8c34d0fdaf6229ecceb10185ab
SHA512 beb51483e1dc79ad6f5dba9619263c5e78576ae58dd5d00bc1778da286e663a03c1a50f36024419529e4d1f5a95664321f43a00045d2e083625b897c0e7891d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf96f0e47998d2b7a9756e01868a2d91
SHA1 b54ef79403938bd6349cacee7fe7844933bdf3fb
SHA256 74a2b949e1b4877146c749c320d22b41d6554557cbc2ba87f0e0032a0cd58212
SHA512 a5d8bb789de969e544c78ea7fcf956d5d752cd69eaab965900ea2016662e6991653c00e83dfe42dc4263e38413a4ef806086d79571de677b18d6322b2e5603aa

memory/2292-1061-0x000002D67BF90000-0x000002D67C139000-memory.dmp

memory/2292-1062-0x000002D67BF90000-0x000002D67C139000-memory.dmp

memory/2292-1063-0x000002D67BF90000-0x000002D67C139000-memory.dmp

memory/2292-1064-0x000002D67BF90000-0x000002D67C139000-memory.dmp

memory/2292-1065-0x000002D67BF90000-0x000002D67C139000-memory.dmp

memory/2292-1066-0x000002D67BF90000-0x000002D67C139000-memory.dmp

memory/2292-1067-0x000002D67BF90000-0x000002D67C139000-memory.dmp

memory/2292-1069-0x000002D67BF90000-0x000002D67C139000-memory.dmp

memory/2292-1070-0x000002D67BF90000-0x000002D67C139000-memory.dmp

memory/2292-1072-0x000002D67BF90000-0x000002D67C139000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 186ccc6761714f7e88de1fff069b95fb
SHA1 c7dec1fff5e2f359cccf94875265f96757865b34
SHA256 abb5c7113a03fa5d3a4d6d25007f875d5189c85054252a03a3c9d2cc64a5f59e
SHA512 5f346abd0068d56df1bc7236a8f8ae6e0397cd35c7e8a6554f90724bc4936ed6a1f127aef797391d34ab458ba9ff3337bade05334155aae7473e6c463b0499c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 d474ec7f8d58a66420b6daa0893a4874
SHA1 4314642571493ba983748556d0e76ec6704da211
SHA256 553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69
SHA512 344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

C:\Users\Admin\AppData\Local\Temp\scoped_dir4528_1418597071\599e1e9c-9a22-43b7-9ad0-484066467a50.tmp

MD5 14937b985303ecce4196154a24fc369a
SHA1 ecfe89e11a8d08ce0c8745ff5735d5edad683730
SHA256 71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff
SHA512 1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

C:\Users\Admin\AppData\Local\Temp\scoped_dir4528_1418597071\CRX_INSTALL\_locales\en\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 642ff3986d9cd390b9e96b23f35863fe
SHA1 58355c908fba6a85c6645603c4344d77ff07f853
SHA256 aa612e4fbad502f9131229b020a36cb358126842bfcb69d4cd34c2905d3f1dcf
SHA512 a33d4d4df71142a9dc63115eb554422bcd6df0278ad59b1975001846258ab55d3f183414094d0d127843a66b9a1b24569fe6616d459820f688cf11e957d707eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d454c1ae3d8e9bc3de56fce80a7bdac9
SHA1 3023669e2bb6b440c1456c713616211a4171b86b
SHA256 b4905e739a467fc341c89d6e4d4063776eb57046bacf66645c238fe5b029d69b
SHA512 fc29a8014eb573c108aaef18483668dc48594396764d2399f742b9bc0aa9869d5b3036b8ed3dbf0885d6804893b3737ed379fca2830ae0211a2c4cc6cdd1fa5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a00c70f52ed05f1eb4f635e4949920ae
SHA1 9020117b33c85d0e8e7038edeb57f223904b5bad
SHA256 35a33a07966b85dfa4c3a4fef9022c6e2186d3ae4e3279582f65da24867f56b3
SHA512 88cee913ae932f080b1882e572b58c9e8c20871d606ec14e16ec467b65994bb945f1e0cc520f00abb0d86b8a4f91503a24b240714f3ec300aa424048d2c224f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 ca9e4686e278b752e1dec522d6830b1f
SHA1 1129a37b84ee4708492f51323c90804bb0dfed64
SHA256 b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26
SHA512 600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4c0d25efb3d5be38c57ffb7ce1b95ad4
SHA1 3462e582483a162be66f0a79b4f871dc76d40311
SHA256 293d22fa2d5b84f4c7e7941637d81485cb78c10f624b5fb3bdd63bfc22d66aec
SHA512 8ce99bc221e57f7d03e1cd5a3b800fbb80b2330d77455251d3b2a446c1941526a5c831272b1e2f95a31c91ef6078257d57eabde20a98b808dff257b0634cdd6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f436884c1a0e9a3a7ea524d64773e8d4
SHA1 2c413507722be27bffe511340706523beab2cf0b
SHA256 ac7e03b707df7f686c2342938c742ae2e1d857fefa9faf0fc6d8f774d0b39670
SHA512 954edd133d011980cbf83668e4cde0cbb1d7cbdcb27cdc4bc5c57f791ad344cd456fddfeef25f3bd072d52661e679387c192828757945f7637b3506eab0fdf13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e9a010afb77a6afc0ef689c980253ef3
SHA1 07345d22bb0be8772230168a44ec6aa3e6ea6904
SHA256 a807933cee5aa85b1a39deb21e715dcbf467ccfe3f8f30934ada6cea98d6d93a
SHA512 debf174ac89a170e28d6c686e2a3cec69e5ddd3e5d93b8771721ae1b86cde5cc608366bd395badedc166ccfb46843beedfd6867f6f45e216d6c55890213577eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2e28f48f6a1eb3b934d121211d7f5273
SHA1 d3c2e0bd00e5d78fc968bf6a94370dd21608c57e
SHA256 8de6a40baa5ee78ae3eb75e12f020bb97249e23ff68e7c29c72eedb2bfb30439
SHA512 89f9096b8262876c25fa701616ec1b37ea532474316ec67bb3d26422b7cc4247aa2348e2d7bb39f18a1e3ad8ee3f7e2132bc5361e4a198c78c01b6a26d7d8cf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0493090dd94276286b77b443ad4760e8
SHA1 b8b0e4c3f6fb78184c2c7713d383b8027cf4477d
SHA256 5231515b96b6cbcc4f3b874c1b43b4915f886883343c32876571bb8d999ee6d2
SHA512 53fca16bccb92a70bc128768ceda1b3bb70e39758344e276d8dbf5f63ad795fe85f271f842f6d7fb84badd8710fb10bb69fdb7215711b333cd55cefb7979e9a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d483c7b9dee9ca781bdf2d84e756d2ae
SHA1 ef3fc82685c58a13a72d447b1a90709d6b2da59c
SHA256 0cffae7ff14d76405e8f8c9be4d66eb15312888228c9f4ec11f6f638c211e68f
SHA512 b184b68e3dee2929225123ef4de5a0f1c01bcf26d7bcc384ada539ddea268c2c94308bc2b4a87c76d704ee8faf804fe88d157d8dcae0114795432b3f28f3a7c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b66234d83640123b661b8a88c2e5500e
SHA1 c353a405203fba5da85a7a304308120e6a6ff96f
SHA256 d9dd6147c07e10ea838034043ff281524027def0e070ed6cab203595a88b7b1c
SHA512 a78af68342fa90e98d77eef0081a3ef1fe38a91e17457c48f04993d02fce1d2dc6fbf9b49effeb703893eb9410126101e51ee1a7f15472f16ad616ba2e764d02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e5616d03017a8802c6aabebe148a9653
SHA1 cbf4639151e8e2dd97ddf268c2a88fc0c1f27c8b
SHA256 1542eefd60443c329f7e546608be622d16f6d2336006f9eb960d481463eb0852
SHA512 ca17635026ea12944db3657127b4b8fda0a984aa62b3282deff718b11b0d80dac984242998858a78d932cb6a163c1c98c6a51ccab452a9e983579e5128df2e89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7eb0b5d031a4430121c824fbcad499da
SHA1 1c887353ca03a69a5c7d47efe86672043d5d35d8
SHA256 cdab61d3725f58b6961151f1f051484d8fe5c22a7e47a67db2a7661872380399
SHA512 d496a19d8f2aa4a18ff5391e0e553764b36d416b934c92656eaafd30c3b1741007e5f38e777ff0094ec4352d54ddc25fe3c379b3865e69beb443b99c34ca28e6