Overview

overview

10

Static

static

1

xworm-v61.html

windows11-21h2-x64

10

Analysis

  • max time kernel
    1020s
  • max time network
    1011s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/01/2025, 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xworm-v61.html

  • Size

    8KB

  • MD5

    4887cbac58fd2afefa5ca6da4b7e819f

  • SHA1

    2953bc48fc9c89865c52d0d0dde573492ed0c2c8

  • SHA256

    272d03b6c4c13d6f820f077564d6beac437a9caf65505eeccd368f8c3cca0fce

  • SHA512

    dfed78b08ba10f4071e117a6ff93d5dfc6f7c604f3e63719c2a3a55987f1ee0fe45e3218667d2060852fe0d6450bb48c3acd17310e1c85fd51e6b22bdc9d8807

  • SSDEEP

    192:PN2x2BlVOePvygP+6/EWkkho6dRJEHXG7djP5yOWN:AxwOePvN/EWkkG6dRJg27VPlWN

Score
10/10
xwormdefense_evasiondiscoverypersistenceprivilege_escalationransomwareratspywarestealertrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

Wal8lqFM1lNFMF18

Attributes
  • install_file

    USB.exe

aes.plain

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes
  • install_file

    USB.exe

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload 6 IoCs
  • UAC bypass 3 TTPs 1 IoCs
    defense_evasiontrojan
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Uses the VBS compiler for execution 1 TTPs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 1 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 19 IoCs
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 55 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 47 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs
    defense_evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\xworm-v61.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4184
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff88aa53cb8,0x7ff88aa53cc8,0x7ff88aa53cd8
      2⤵
        PID:3440
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2
        2⤵
          PID:400
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4072
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
          2⤵
            PID:4520
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
            2⤵
              PID:1972
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
              2⤵
                PID:2460
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
                2⤵
                  PID:4996
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
                  2⤵
                    PID:2312
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
                    2⤵
                      PID:3136
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
                      2⤵
                        PID:4056
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3396
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4928
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                        2⤵
                          PID:4692
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                          2⤵
                            PID:1844
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                            2⤵
                              PID:4760
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
                              2⤵
                                PID:1360
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
                                2⤵
                                  PID:2184
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
                                  2⤵
                                    PID:3460
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
                                    2⤵
                                      PID:3368
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                                      2⤵
                                        PID:3292
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
                                        2⤵
                                          PID:1848
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
                                          2⤵
                                            PID:2208
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
                                            2⤵
                                              PID:4716
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
                                              2⤵
                                                PID:2480
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
                                                2⤵
                                                  PID:3436
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
                                                  2⤵
                                                  • NTFS ADS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4912
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,9008116641749221213,2083073416747290065,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6716 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1360
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:3676
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:1324
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                    1⤵
                                                    • Drops file in Windows directory
                                                    • Enumerates system info in registry
                                                    • Modifies data under HKEY_USERS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    PID:2316
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87788cc40,0x7ff87788cc4c,0x7ff87788cc58
                                                      2⤵
                                                        PID:3480
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1832 /prefetch:2
                                                        2⤵
                                                          PID:1620
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2140 /prefetch:3
                                                          2⤵
                                                            PID:3788
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2228 /prefetch:8
                                                            2⤵
                                                              PID:4772
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3276 /prefetch:1
                                                              2⤵
                                                                PID:2744
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3304 /prefetch:1
                                                                2⤵
                                                                  PID:2336
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4180,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4176 /prefetch:1
                                                                  2⤵
                                                                    PID:3844
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3116,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4800 /prefetch:8
                                                                    2⤵
                                                                      PID:3996
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4972 /prefetch:8
                                                                      2⤵
                                                                        PID:3916
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4984,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5084 /prefetch:1
                                                                        2⤵
                                                                          PID:3964
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4440 /prefetch:8
                                                                          2⤵
                                                                            PID:4848
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5184,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5192 /prefetch:8
                                                                            2⤵
                                                                              PID:4996
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5208,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5332 /prefetch:8
                                                                              2⤵
                                                                                PID:4536
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5180 /prefetch:8
                                                                                2⤵
                                                                                  PID:1860
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5356,i,14975260137824269458,9575490722460395750,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4804 /prefetch:2
                                                                                  2⤵
                                                                                    PID:3040
                                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                  1⤵
                                                                                    PID:4868
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                    1⤵
                                                                                      PID:4800
                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                      1⤵
                                                                                        PID:464
                                                                                      • C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe
                                                                                        "C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe"
                                                                                        1⤵
                                                                                        • Enumerates system info in registry
                                                                                        • Modifies Internet Explorer settings
                                                                                        • Modifies registry class
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of SendNotifyMessage
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:1036
                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                                                                                          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fo2ub5s5\fo2ub5s5.cmdline"
                                                                                          2⤵
                                                                                            PID:3056
                                                                                            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5986.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc575047727C24490298B0CEACBA92BF4.TMP"
                                                                                              3⤵
                                                                                                PID:4996
                                                                                          • C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                            C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                            1⤵
                                                                                              PID:440
                                                                                            • C:\Windows\system32\AUDIODG.EXE
                                                                                              C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
                                                                                              1⤵
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:1276
                                                                                            • C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Icons\XClient.exe
                                                                                              "C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Icons\XClient.exe"
                                                                                              1⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Checks processor information in registry
                                                                                              • Enumerates system info in registry
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:4784
                                                                                              • C:\Windows\SYSTEM32\CMD.EXE
                                                                                                "CMD.EXE"
                                                                                                2⤵
                                                                                                  PID:4928
                                                                                              • C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Icons\XClient.exe
                                                                                                "C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Icons\XClient.exe"
                                                                                                1⤵
                                                                                                • UAC bypass
                                                                                                • Executes dropped EXE
                                                                                                • Enumerates connected drives
                                                                                                • Sets desktop wallpaper using registry
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                • System policy modification
                                                                                                PID:4864
                                                                                                • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                                                                                                  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mdasxwo1\mdasxwo1.cmdline"
                                                                                                  2⤵
                                                                                                    PID:4928
                                                                                                    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESED9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAC0B822B34804BA59477523A30C31A45.TMP"
                                                                                                      3⤵
                                                                                                        PID:3724
                                                                                                    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                                                                                                      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vrajtorj\vrajtorj.cmdline"
                                                                                                      2⤵
                                                                                                        PID:4680
                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES58A3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD75B3D8C12BA4825818A6137EFB898E8.TMP"
                                                                                                          3⤵
                                                                                                            PID:4052
                                                                                                        • C:\Windows\SYSTEM32\cmd.exe
                                                                                                          "cmd"
                                                                                                          2⤵
                                                                                                            PID:2160
                                                                                                            • C:\Windows\system32\netsh.exe
                                                                                                              netsh wlan show profiles
                                                                                                              3⤵
                                                                                                              • Event Triggered Execution: Netsh Helper DLL
                                                                                                              • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                              PID:3084
                                                                                                          • C:\Windows\System32\taskkill.exe
                                                                                                            "C:\Windows\System32\taskkill.exe" /im ngrok.exe /f
                                                                                                            2⤵
                                                                                                            • Kills process with taskkill
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            PID:1968
                                                                                                          • C:\Users\Admin\AppData\Local\Temp\ngrok.exe
                                                                                                            "C:\Users\Admin\AppData\Local\Temp\ngrok.exe" config add-authtoken Your_Authtoken
                                                                                                            2⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:3136
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
                                                                                                            2⤵
                                                                                                            • Enumerates system info in registry
                                                                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                            PID:6556
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x84,0x10c,0x7ff88aa53cb8,0x7ff88aa53cc8,0x7ff88aa53cd8
                                                                                                              3⤵
                                                                                                                PID:6584
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12539445009705072233,3059186234179284427,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
                                                                                                                3⤵
                                                                                                                  PID:7164
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,12539445009705072233,3059186234179284427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
                                                                                                                  3⤵
                                                                                                                    PID:7072
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,12539445009705072233,3059186234179284427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
                                                                                                                    3⤵
                                                                                                                      PID:7100
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12539445009705072233,3059186234179284427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
                                                                                                                      3⤵
                                                                                                                        PID:7412
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12539445009705072233,3059186234179284427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                                                                                                                        3⤵
                                                                                                                          PID:5868
                                                                                                                    • C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe
                                                                                                                      "C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Xworm V6.1.exe"
                                                                                                                      1⤵
                                                                                                                      • Loads dropped DLL
                                                                                                                      • Enumerates system info in registry
                                                                                                                      • Modifies registry class
                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                      • Suspicious use of SendNotifyMessage
                                                                                                                      PID:3376
                                                                                                                    • C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                                                      C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                                                      1⤵
                                                                                                                        PID:3124
                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:7372
                                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                          1⤵
                                                                                                                            PID:7672
                                                                                                                          • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                                                            "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                                                            1⤵
                                                                                                                            • Modifies registry class
                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                            PID:8116

                                                                                                                          Network

                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                          Reconnaissance

                                                                                                                          Resource Development

                                                                                                                          Initial Access

                                                                                                                          Execution

                                                                                                                          Command and Scripting Interpreter

                                                                                                                          1
                                                                                                                          T1059

                                                                                                                          Persistence

                                                                                                                          Event Triggered Execution

                                                                                                                          1
                                                                                                                          T1546

                                                                                                                          Netsh Helper DLL

                                                                                                                          1
                                                                                                                          T1546.007

                                                                                                                          Privilege Escalation

                                                                                                                          Abuse Elevation Control Mechanism

                                                                                                                          1
                                                                                                                          T1548

                                                                                                                          Bypass User Account Control

                                                                                                                          1
                                                                                                                          T1548.002

                                                                                                                          Event Triggered Execution

                                                                                                                          1
                                                                                                                          T1546

                                                                                                                          Netsh Helper DLL

                                                                                                                          1
                                                                                                                          T1546.007

                                                                                                                          Defense Evasion

                                                                                                                          Abuse Elevation Control Mechanism

                                                                                                                          1
                                                                                                                          T1548

                                                                                                                          Bypass User Account Control

                                                                                                                          1
                                                                                                                          T1548.002

                                                                                                                          Impair Defenses

                                                                                                                          1
                                                                                                                          T1562

                                                                                                                          Disable or Modify Tools

                                                                                                                          1
                                                                                                                          T1562.001

                                                                                                                          Modify Registry

                                                                                                                          4
                                                                                                                          T1112

                                                                                                                          Credential Access

                                                                                                                          Credentials from Password Stores

                                                                                                                          1
                                                                                                                          T1555

                                                                                                                          Credentials from Web Browsers

                                                                                                                          1
                                                                                                                          T1555.003

                                                                                                                          Unsecured Credentials

                                                                                                                          1
                                                                                                                          T1552

                                                                                                                          Credentials In Files

                                                                                                                          1
                                                                                                                          T1552.001

                                                                                                                          Discovery

                                                                                                                          Browser Information Discovery

                                                                                                                          1
                                                                                                                          T1217

                                                                                                                          Peripheral Device Discovery

                                                                                                                          1
                                                                                                                          T1120

                                                                                                                          Query Registry

                                                                                                                          3
                                                                                                                          T1012

                                                                                                                          System Information Discovery

                                                                                                                          4
                                                                                                                          T1082

                                                                                                                          System Location Discovery

                                                                                                                          1
                                                                                                                          T1614

                                                                                                                          System Language Discovery

                                                                                                                          1
                                                                                                                          T1614.001

                                                                                                                          System Network Configuration Discovery

                                                                                                                          1
                                                                                                                          T1016

                                                                                                                          Wi-Fi Discovery

                                                                                                                          1
                                                                                                                          T1016.002

                                                                                                                          Lateral Movement

                                                                                                                          Collection

                                                                                                                          Data from Local System

                                                                                                                          1
                                                                                                                          T1005

                                                                                                                          Command and Control

                                                                                                                          Exfiltration

                                                                                                                          Impact

                                                                                                                          Defacement

                                                                                                                          1
                                                                                                                          T1491

                                                                                                                          Replay Monitor

                                                                                                                          Loading Replay Monitor...

                                                                                                                          Downloads

                                                                                                                          • C:\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v98_NET4_x64\System.Data.SQLite.DLL
                                                                                                                            Filesize

                                                                                                                            1.6MB

                                                                                                                            MD5

                                                                                                                            1b1a6d076bbde5e2ac079ef6dbc9d5f8

                                                                                                                            SHA1

                                                                                                                            6aa070d07379847f58adcab6b5739fc97b487a28

                                                                                                                            SHA256

                                                                                                                            eaadfbcafd981ec51c9c039e3adb4963b5a9d85637e27fd4c8cfca5f07ff8471

                                                                                                                            SHA512

                                                                                                                            05b0cb3d343a5706434390fe863e41852019aa27797fe5d1b80d13b8e24e0de0c2cb6e23d15e89a0f427aaeaf04bf0239f90feb95bfc6913ca4dc59007e6659e

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                                                            Filesize

                                                                                                                            649B

                                                                                                                            MD5

                                                                                                                            d03d445e77ef4f516660ac0ce41fcac5

                                                                                                                            SHA1

                                                                                                                            4777844b820ed0c782f8d6d27564386784bb1e80

                                                                                                                            SHA256

                                                                                                                            50c1dc29d79cb2b8fe346d9443d0c84866d0366a4a9fb39433628749c1044237

                                                                                                                            SHA512

                                                                                                                            eb13fa2db2b6574c90f1552745cde4c866f66d264aeedaee7a6cdad86c892c839ba62f6ba3a3fe93ab63e29b14c32872f90695fe7f356efe4aebc086ae7226ef

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            120B

                                                                                                                            MD5

                                                                                                                            9736387e38cde442b4a048b26c0cf8a2

                                                                                                                            SHA1

                                                                                                                            b1805ee35fe03e84ce9f9eb466e3ba60d1b5fde8

                                                                                                                            SHA256

                                                                                                                            c66671e2ac3df3f26fc7c80fe968efa033fbca5dbfa6c976c90828d96b226d79

                                                                                                                            SHA512

                                                                                                                            57e8a77b9d9152dc4d03c30b846e5264fe43ea2bad25ca1014027fa891868dac2460f9efc3ee309ac5163f2f0ef6c13471868c05ab17d17e754c6c83ae2a97ef

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
                                                                                                                            Filesize

                                                                                                                            264KB

                                                                                                                            MD5

                                                                                                                            f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                            SHA1

                                                                                                                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                            SHA256

                                                                                                                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                            SHA512

                                                                                                                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
                                                                                                                            Filesize

                                                                                                                            851B

                                                                                                                            MD5

                                                                                                                            07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                            SHA1

                                                                                                                            6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                            SHA256

                                                                                                                            6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                            SHA512

                                                                                                                            7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
                                                                                                                            Filesize

                                                                                                                            854B

                                                                                                                            MD5

                                                                                                                            4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                            SHA1

                                                                                                                            fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                            SHA256

                                                                                                                            6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                            SHA512

                                                                                                                            939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            05fccbfa93913248c4a3eabf4bf222be

                                                                                                                            SHA1

                                                                                                                            0e4eef6683f256f81f2ddab1065ae041b3e0374c

                                                                                                                            SHA256

                                                                                                                            b9ff7b4ed1885fa42412fce7a27cb9a21aca7d217115f66a55886378ae2a96e7

                                                                                                                            SHA512

                                                                                                                            4cea9c7193903c649d07503c370611f4b442a6247d703b16828de937221d8beced917420ff08a1df74986d36624fa02a0e438409aa43c1fec50b40cd44f86a91

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                            Filesize

                                                                                                                            2B

                                                                                                                            MD5

                                                                                                                            d751713988987e9331980363e24189ce

                                                                                                                            SHA1

                                                                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                            SHA256

                                                                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                            SHA512

                                                                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            356B

                                                                                                                            MD5

                                                                                                                            b28028fc29039871e6d9c62bce410a13

                                                                                                                            SHA1

                                                                                                                            a8876930b54a16cf808a95d01f4b4979a3942387

                                                                                                                            SHA256

                                                                                                                            2b4791f2575afe4595f4f65730d4ff25caec5ec14eeb2339d6e4711d4bc8a21e

                                                                                                                            SHA512

                                                                                                                            d284bf98248e7d09a666f7f368b4c6caa42fa01d7bd8e16b2746d4dc1093df79fd5578ffe036e2fa5ba9f308fcc6c644245ae2232caad28d033e2c5fdd06fe5e

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            9KB

                                                                                                                            MD5

                                                                                                                            9469943adc79ed86a4aa1bb60f6dfe1c

                                                                                                                            SHA1

                                                                                                                            b1c5a888ffd5fb41c3e014f9abc55725d2030136

                                                                                                                            SHA256

                                                                                                                            1f61d17e7bd72652bcda1f33e955f2d6e1471f02151cbf4db08d795003cb7385

                                                                                                                            SHA512

                                                                                                                            cc85b1665c0c5d32054a04ed2cc11cc1d963207b805465a23dab77327a4c56986ba816c62dd693b828296d93b40a04c8091aed41d7d3d7a1160436095be86639

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                            Filesize

                                                                                                                            15KB

                                                                                                                            MD5

                                                                                                                            9461c1e6494a89862034838a3658118f

                                                                                                                            SHA1

                                                                                                                            ae19606c893e78cead3d26bfe87a0bc89d4a251c

                                                                                                                            SHA256

                                                                                                                            410b1401c2af6e5aec5581e1369257664ed0ea4dca2b07bcc43709875638f939

                                                                                                                            SHA512

                                                                                                                            fda5f2ec5e74bb34307c941159a599b7ec85aba9fca483bdcb67a8c13245dca57f0130b7ae08040405fa05065e7d6236939882222bd960e742170656d305d18c

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            72B

                                                                                                                            MD5

                                                                                                                            698749f3aef905fac7a36d78de99d439

                                                                                                                            SHA1

                                                                                                                            59df763cc8ba46342deae6757e7f768cb11ab891

                                                                                                                            SHA256

                                                                                                                            115cc3624fb00314fe45da24678ffaaeaed73bfb47b7702d5eb598bfea8f3728

                                                                                                                            SHA512

                                                                                                                            0d46dd8a8509119e875d7f5b474558e4a4ff216dac4f1b1ed4a73e5381f375256bdc2983eb85084c0ee50abb39f2b3f38b9a328a024328d3f064b28942cf957f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            236KB

                                                                                                                            MD5

                                                                                                                            614cf3a36964f50e22c1e6398a31a552

                                                                                                                            SHA1

                                                                                                                            f33930583738b07d3e2d0cb14cefc0acebf8a051

                                                                                                                            SHA256

                                                                                                                            d67ae87bc677705cc2e05a9adb2a45f79ff7c043a8367bae4a8a78ceeb469b20

                                                                                                                            SHA512

                                                                                                                            e9a80373969871e77bb40a7988620afe5da24041a4fe492f570dc00b30994211d486d74b7b03e249e006f871a04d5c753eb22dacb591e1e5e30d1c4baf68cc03

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XClient.exe.log
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            17daa6ec74f55b1f21e153dacf0be451

                                                                                                                            SHA1

                                                                                                                            117df829063691a030869a88447767675fa73e88

                                                                                                                            SHA256

                                                                                                                            1d51dbad2b5085061d9665cca1dd81382691a5b09c403ece1a1e4db0a09a7ee5

                                                                                                                            SHA512

                                                                                                                            0cb1704f6379d3d3aed12c6ed710ee099c68ddc288395a50ba76866b5c564b17c539813cce7a89c77e13f84f9be5a43bff7740b35d402b38e7daf112ac34b563

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                            Filesize

                                                                                                                            152B

                                                                                                                            MD5

                                                                                                                            fb80a7ba97e22b5f06ed36763a926d2b

                                                                                                                            SHA1

                                                                                                                            219a260ff06097ae822eb1c40ece80eef31dba1d

                                                                                                                            SHA256

                                                                                                                            194590a9e01c8690ea40bce3529765e7283127dd922a70a587c39d1c524448b6

                                                                                                                            SHA512

                                                                                                                            7d7563008ca353f88b594f2b17ec6f1d51179329be0721d01a7d12a91c1758084c7d47d309c05f92e57c1c875002c376abe60d10a1835fe95e0f513ae3c6e231

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                            Filesize

                                                                                                                            152B

                                                                                                                            MD5

                                                                                                                            05d0a2f3df9acc75eefccd09f17a957b

                                                                                                                            SHA1

                                                                                                                            1c50c26b0f7a0730e5aa7c1550a12a45fccbc830

                                                                                                                            SHA256

                                                                                                                            d58aa65ae1a217683a6430fbf1cb090c605b7e1d3583949544659e52afa38fbe

                                                                                                                            SHA512

                                                                                                                            840ea785c3cae93b61486c65bc423e24d965145d4f2ac5ad400fd88acaee18c93e2e522358cdb812bff4c342faca8799042aa69f02d095d19845af8cd9880cea

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                            Filesize

                                                                                                                            152B

                                                                                                                            MD5

                                                                                                                            5431d6602455a6db6e087223dd47f600

                                                                                                                            SHA1

                                                                                                                            27255756dfecd4e0afe4f1185e7708a3d07dea6e

                                                                                                                            SHA256

                                                                                                                            7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

                                                                                                                            SHA512

                                                                                                                            868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                            Filesize

                                                                                                                            152B

                                                                                                                            MD5

                                                                                                                            7bed1eca5620a49f52232fd55246d09a

                                                                                                                            SHA1

                                                                                                                            e429d9d401099a1917a6fb31ab2cf65fcee22030

                                                                                                                            SHA256

                                                                                                                            49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

                                                                                                                            SHA512

                                                                                                                            afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            552B

                                                                                                                            MD5

                                                                                                                            782c2c3dba9eb0af5544a1e7216fb659

                                                                                                                            SHA1

                                                                                                                            a23b700f8ec3bbf79cd6bf53618a5cabf4b68b87

                                                                                                                            SHA256

                                                                                                                            02b7bc15be8c5901df6ce0a671ba860dd7fb35ac5656d81c168531dfe2bd3dc7

                                                                                                                            SHA512

                                                                                                                            540094b6b1594dab50222d5d6a9a42be3b627ea902e64c6c403c5312feec7ce838202c986a7079fccd6d418abd7eb5a30f1d3474ec434178f0defe00227d965d

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            528B

                                                                                                                            MD5

                                                                                                                            47e7881812b7a81b30c5478020cfd380

                                                                                                                            SHA1

                                                                                                                            5ee2a63a6657069d0b5a6577beb185f08799ca5c

                                                                                                                            SHA256

                                                                                                                            37d13c83f7cad4c9c3100f823ee6d6973442f6415d9c8c06bb783354ec4f46a7

                                                                                                                            SHA512

                                                                                                                            0efada2b55253bb443ca430a2b79cb9783ef96e9c6a7dbc4554a287fdfb2a66718ea4c82af4259992ebc8a957debaaefbf5a8ce0eec08e0d470074580c1a98dc

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            8f346a8a78b0a51ab3cefc10ea03a2fd

                                                                                                                            SHA1

                                                                                                                            4a34c31a4f2651e61d6c21eeeef9cdf71904a4ea

                                                                                                                            SHA256

                                                                                                                            0f6fb4a0c1d686fd35563ba5094eb3785817b0ef495ebc18c5f2cfd8d6861d94

                                                                                                                            SHA512

                                                                                                                            eb9fdd1dc260e21f061dd0893027953b0b24cefbd117cc67938363d5b8a5846caacb0b462d8d64a134aea7c25d56afc9be83708602b4338925a85ce0d8e78c18

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            a1c43f373c2f88343f0bca87e6449b50

                                                                                                                            SHA1

                                                                                                                            92448d10ffa9f2fe0279cc40a3b7778a827191f2

                                                                                                                            SHA256

                                                                                                                            9052cf5fd691525eb2724c499c7c2288ece0131c1916b9ff4df09e2fa233030f

                                                                                                                            SHA512

                                                                                                                            99aa59eb16e91c6ea170d8ad25085771c6ba9cbe57c5ad45312260af819735d8e9b77e2c93d094f07b1beb53fce5fce415c0f74355b4fc5bf495bd09ebb7152b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            b15dffd77855ebd0db5ce1cf7b7c906d

                                                                                                                            SHA1

                                                                                                                            afbf10f0d8e96f47283b8ddb3d0b4834ea8cfa30

                                                                                                                            SHA256

                                                                                                                            990abc65a1e742eacd82da089fae261877d18eecf65d06777b46e74566e06266

                                                                                                                            SHA512

                                                                                                                            98cb43b7308b8447b4d89249745f7174ca9887be5d81ce66eca93c4e1b802d69aee761f8ddda908272fe068b9d039f1165986fd2a710c6b1fb4ec061221d84c5

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            7KB

                                                                                                                            MD5

                                                                                                                            c0ff748b3e0497daaf5dd774069d8ab0

                                                                                                                            SHA1

                                                                                                                            3d908bd1f4dc5d770106959177c35039d2736881

                                                                                                                            SHA256

                                                                                                                            00853cffb593fe0c8d8f7e03755b33d7550593f8c05bac6471c87c99a71b4a13

                                                                                                                            SHA512

                                                                                                                            44bccabdac2ccec63956f259fc52a03fa9b7b5d0b5339b762c6fcb8407447a10b6a24a807e90eca7182fb046099ffded5211c29582e478900007403722e170d7

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            5KB

                                                                                                                            MD5

                                                                                                                            65b45805d329f8f50d5be41e66a1c32f

                                                                                                                            SHA1

                                                                                                                            fb07ade07b87e3aaa9deb2641a45a9785716e7fc

                                                                                                                            SHA256

                                                                                                                            63d6d37781f33d3f39598ee9b70407ef9a5cd967ab78565fd85934be5ae497ec

                                                                                                                            SHA512

                                                                                                                            b5c69b0f50907af16834b7ba22e719d886e3beff43c55bb745095f971c7a5938475e73cee318f8414d679c690f3108e16b181066b3773d83cb77e0ef3b07e8ad

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            7KB

                                                                                                                            MD5

                                                                                                                            24fa186431f6ad11da595c2e80da21c4

                                                                                                                            SHA1

                                                                                                                            ca0ff04bc5580167e3e3bc17358e7e198609bd69

                                                                                                                            SHA256

                                                                                                                            860889296ff9f6ba3150c00d44cc69541358ea463f54470a20fd3ef965d65fa5

                                                                                                                            SHA512

                                                                                                                            9bd5dca1065eb75fea78133ce531b1a81f6699d90793db93c13f111b6e3cefdeca3e74d1bd3df4eabda85008f13ef9e91440567b0a807c9ca5dd7a802bbc7430

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            5KB

                                                                                                                            MD5

                                                                                                                            fafeb2cea7af72fde00e120c980f5ed8

                                                                                                                            SHA1

                                                                                                                            5de1b51bf628ef0a94356fbbef84b098f8466a87

                                                                                                                            SHA256

                                                                                                                            db5e344a32ff13b60ac5fdcd6184508c81607318da20512c7d30c4b145597dac

                                                                                                                            SHA512

                                                                                                                            917f2c42b2691d80df01ac92d77c78be17f409997af49ad1c27c3dc01995dedbffd1525b79e8abd8249d43601fccd843b98703a353b57e91705d8640c03fe593

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            7KB

                                                                                                                            MD5

                                                                                                                            245a0f4698afb33598b60020abee2e0a

                                                                                                                            SHA1

                                                                                                                            1bcd0931a45ad44985e6a1b1e6d6e225759b0cf9

                                                                                                                            SHA256

                                                                                                                            f2df23090d0cdef79ef5f42aae2c380cc353f836fdf1532e7884c67599c04de3

                                                                                                                            SHA512

                                                                                                                            5b3490a8f40af686ca7f794a6fa5a97c616f1dd3f4f92f9ba5a30d58ae2f812ca3107cc4026e9615ab1ff44940f13ff3ddeefd654627ef05923dae92700db92a

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            7KB

                                                                                                                            MD5

                                                                                                                            99a768549294c35826d829ddceffcdf6

                                                                                                                            SHA1

                                                                                                                            e43bde6ab28e2ba5dba575893ee37ea3ca55c7c4

                                                                                                                            SHA256

                                                                                                                            5b26d5e00353cd02923cc3bfc8bc9fe8440d2746926f92506529e8c729049c23

                                                                                                                            SHA512

                                                                                                                            72a7ebe196cf537e8db04142a7c87d45f39154823834c564383b53fa631e7d1dcb713f6a09e22291e1988917ede474d09f8cb2c141a1ef738107204221e782a0

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            bf6dfb55719ed3de2128069dcaf5bbc0

                                                                                                                            SHA1

                                                                                                                            68c9c57e2254d9e43f80099595e4b13a9f766101

                                                                                                                            SHA256

                                                                                                                            c3c192c3d747b0c64331260aff565a1edf1ea66888781a0fae5896521e6debc0

                                                                                                                            SHA512

                                                                                                                            f8ee29e7bb707fdd3cf857c0cbc4c7563c2e79c6ff6aad56caeaf2db35566c9c04b844b83f0779398d27b057cf0ea7c20e461a4e014f1ab892ddd22df8554ff0

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            8078a8aa2955ae811a82f0d1bff5e476

                                                                                                                            SHA1

                                                                                                                            8e2174ac7be8b13880441d8e8e7556d07cd9cb7b

                                                                                                                            SHA256

                                                                                                                            83ed75873ab0a8aec9499234b9af3877c7c3fe37c3fdf3152e5d0288387f2f44

                                                                                                                            SHA512

                                                                                                                            a0baf80f64c44b1b49bcc87601354d3943a9e975cfa13f89dfefa8ad500164e8402e51ddac47a2fc693bc290b066595909e36d0c255f00717fb265646f546f7a

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58eb65.TMP
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            c4093abd6dc97a80e6110daa17bf615c

                                                                                                                            SHA1

                                                                                                                            12bedd591a6a67e4b83f2442e1b691d87373a28f

                                                                                                                            SHA256

                                                                                                                            740bfa277e88e2119b63121283b38a5538d6cd3ef97b63b7658d3cd4798b01da

                                                                                                                            SHA512

                                                                                                                            8c0f9f0367be60476714904086efb776b25a5d4c074e874c0d7fd5672f88f776321495059904952e113728143decc2e3586d5c8ed3d42e765490360e17ed5e4b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                            Filesize

                                                                                                                            16B

                                                                                                                            MD5

                                                                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                                                                            SHA1

                                                                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                            SHA256

                                                                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                            SHA512

                                                                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            f0e3b03fbf8d569c3c454e5beccba0d7

                                                                                                                            SHA1

                                                                                                                            78e5838d3a83be373a2d6c3446eb58c53286577e

                                                                                                                            SHA256

                                                                                                                            d2a0fe827b0169ae4c64dffa9f928005ad91323ff8fba3ec49c5d21af5becf53

                                                                                                                            SHA512

                                                                                                                            6a0b6f6de7985fd93983d4344962b80fc8751115e9a6265cda5078f698a2c29be3fcd0d6c49bd5b73c7741bda4cd5c82f60011a9d9dd139c81f33491b2ee96ae

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            10KB

                                                                                                                            MD5

                                                                                                                            f0a628e65c65fdbb2b0b55f32cad9d07

                                                                                                                            SHA1

                                                                                                                            eabeb81f479bfc34e5810f88f05ec845c2d9133f

                                                                                                                            SHA256

                                                                                                                            265515fe3bf11e7b0997acbab495976cc546fafc4e413e2919e3871b33e2f230

                                                                                                                            SHA512

                                                                                                                            56adfcccac5dc58b0a863e31720fb60e44e3968e3160d2cbb15136f0b206b860c2eb69d9a7f03e046336b5daa9a8ae15d66f0b1c17cbc9b203eeffcc34111f5b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            fcfb2b3e401ad2b4c3e8547173146f87

                                                                                                                            SHA1

                                                                                                                            9a6f0ce68019959b835dbd5e43d989e698818dc7

                                                                                                                            SHA256

                                                                                                                            890926e7c1c6bfdc0d2d1970158a67b0a6ee0da2ef3a1a0cb15c72f4b50551b3

                                                                                                                            SHA512

                                                                                                                            15279da04276fb4aa39641b28fab8e8dd70523f3aedda5c8232c4fa2772e47b34d60cb211285323949d430ee06c698fed8bbba260b994a32567590785a30d780

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                                                                                                                            Filesize

                                                                                                                            28KB

                                                                                                                            MD5

                                                                                                                            a182a9a5c13b53473b82c2303e2056d3

                                                                                                                            SHA1

                                                                                                                            38b670a991ca3137caa68e0e78f9408463c00dbc

                                                                                                                            SHA256

                                                                                                                            4ee4962f0cff79a2f8e7465b741ed60244eb8f98eea4d0ad7fb299739c9b3d68

                                                                                                                            SHA512

                                                                                                                            3c660b24741e3be4595eec234435343dc186c9e9393ff7a160875e9cd7420a4fdb74bf0c22700077d7353828605e304da8f6f123bfced150f70ffde0d3ff6ba1

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                                                                                            Filesize

                                                                                                                            10KB

                                                                                                                            MD5

                                                                                                                            1301a13a0b62ba61652cdbf2d61f80fa

                                                                                                                            SHA1

                                                                                                                            1911d1f0d097e8f5275a29e17b0bcef305df1d9e

                                                                                                                            SHA256

                                                                                                                            7e75ad955706d05f5934810aebbd3b5a7742d5e5766efd9c4fc17ee492b2f716

                                                                                                                            SHA512

                                                                                                                            66aa4261628bb31ee416af70f4159c02e5bbfbe2f7645e87d70bb35b1f20fa915d62b25d99cd72c59580d1f64e6c6b5ad36ace6600d3bcdb67f45036d768ed8b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\RES58A3.tmp
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            445dcb03c3fc841d47dde4462dd5aa2e

                                                                                                                            SHA1

                                                                                                                            6f184c1cea59743b5436475316bcb6d126510291

                                                                                                                            SHA256

                                                                                                                            71222fcfa5625dc7a1d3006e9b633e1cac15fed9a7fcc01303888c1c73ac6ce3

                                                                                                                            SHA512

                                                                                                                            e6b20cccc11173cf5dc5f2a1d8ae8e3f4e3794a3adc3daa9af74d8b4197bd47ecdc4a95a66349411f25926d9aecea715e38c3aa37047ab3f3999bfe12088f203

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\RES5986.tmp
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            76134e0f5b9e6cc7cc0782746a8cf91b

                                                                                                                            SHA1

                                                                                                                            5b141a305b90312c94d2eb0bab3d707e53ba5b69

                                                                                                                            SHA256

                                                                                                                            1266a09c3444128117fc38fc49d4638903b935c4d2dc33532d2023028247db19

                                                                                                                            SHA512

                                                                                                                            4ed32a34e90edfffcf0d34d28a5cb708cea261e3560c08612535fdce1066969413ea91d3df63f68179e7c291326127600623007248784204c9ed9356cc4ec103

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\RESED9.tmp
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            6a5f705417dcd5a37a56edc195806610

                                                                                                                            SHA1

                                                                                                                            ad10ae8b27b41504009e930c446e63f88d1b3cbd

                                                                                                                            SHA256

                                                                                                                            b7962a550cfeee569eae55fea67e87ca17c8c1e0b5b0b5344c01d8de08e20bc1

                                                                                                                            SHA512

                                                                                                                            ca604115b352d9d95de69b47c96df7b050bba5314fc59ce8c62e917013d65075398fff783415f9fd83d5a1fed0d8cdb1567aa7ebabcf89daf23d2d050d3d6dd4

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\a2be3b7a-ab8c-40ca-8e5b-9affadd268b0.tmp
                                                                                                                            Filesize

                                                                                                                            1B

                                                                                                                            MD5

                                                                                                                            5058f1af8388633f609cadb75a75dc9d

                                                                                                                            SHA1

                                                                                                                            3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                            SHA256

                                                                                                                            cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                            SHA512

                                                                                                                            0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\fo2ub5s5\fo2ub5s5.0.vb
                                                                                                                            Filesize

                                                                                                                            78KB

                                                                                                                            MD5

                                                                                                                            4873f448dae6a242495f32f80d01ae96

                                                                                                                            SHA1

                                                                                                                            f2123bcce3bc26f578d792f47cc709ae666a52a5

                                                                                                                            SHA256

                                                                                                                            ad4fb1972a6d331f644936696e3c37ebd50812a975425aa4360ca885b1626858

                                                                                                                            SHA512

                                                                                                                            476605d4fe597b29846c108f8f15c4c3288e0fa6a7414307af10b61b007443829db784bebb15647baa1c8596e9d7bc399cb03ba3c8e0946b5370f8fb3657deb9

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\fo2ub5s5\fo2ub5s5.cmdline
                                                                                                                            Filesize

                                                                                                                            331B

                                                                                                                            MD5

                                                                                                                            9f6822907f9403b464d7982c5181d793

                                                                                                                            SHA1

                                                                                                                            fcfc56a698d82869e0c0a31d18a3ccb747ce04dc

                                                                                                                            SHA256

                                                                                                                            957171c7062d1b5aa7313603a90c7cdc098f6902fbcf26feac0f8290d610f382

                                                                                                                            SHA512

                                                                                                                            6a6ac62080e210f9754813b05a4b7952ae08cd0adbf0adfd8d5e09c3b30d0e947a6f9b4cf3d94cc159ea936630fe2c4e2733eb1a3b36f13921e009c65852e308

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\mdasxwo1\mdasxwo1.0.vb
                                                                                                                            Filesize

                                                                                                                            376B

                                                                                                                            MD5

                                                                                                                            e32efea1e2b33b33225e92cd18fc82e4

                                                                                                                            SHA1

                                                                                                                            f4ae7aa567b413be2b16547438f451b32187246f

                                                                                                                            SHA256

                                                                                                                            0deebe8e09f6d1d95e588feee8d2a1f9191696f91571ee99059e92911053c51f

                                                                                                                            SHA512

                                                                                                                            2bcde0ef06bfbbc49e3a94dd4bb3476d8527ebf1271532668b4b45900c35e921b5bf16a3eb8c6c2b6d816d32e0bb99eb74c69a58b110641e7f80b778ec6aee64

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\mdasxwo1\mdasxwo1.cmdline
                                                                                                                            Filesize

                                                                                                                            313B

                                                                                                                            MD5

                                                                                                                            006e0ab7b1eb55136cd2bc6e11e3393d

                                                                                                                            SHA1

                                                                                                                            7ae2661c0605dde5416db24d4ae677ba9483cd92

                                                                                                                            SHA256

                                                                                                                            f2da88eb7a715b01a5491651cf319bfe99f0f22ced9ea8bb1c5313be8d58f3cb

                                                                                                                            SHA512

                                                                                                                            034df14c83a1df0a536661865ff7e0f11ca49e0355ada05185516f5f7921018f5170cfb4a4e3743e952d0f6dac135bc36dbcb8f42e6732c5e1504c199e82a4da

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\mdasxwo1\mdasxwo1.exe
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            8e934fb53760fd6471b364f9012b5be4

                                                                                                                            SHA1

                                                                                                                            9a076aec4bf21a2f6fd791f0834c9989dee93c8d

                                                                                                                            SHA256

                                                                                                                            862b1deb0a8fde8bc5503092303ff58c788b793bb20eb3a1b3eac60fb0a85f1d

                                                                                                                            SHA512

                                                                                                                            02f34a76e2252b91c4b6ee126fc4454370fdc1826043b7cdd6498ded42c129024cb0201aac0ef53b6881914ed398563adbc0ad51096cf3dd8f7bc3cdae6da51c

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\ngrok.exe
                                                                                                                            Filesize

                                                                                                                            44.5MB

                                                                                                                            MD5

                                                                                                                            8e6ab3ded66876494abeaa2b0caab9ca

                                                                                                                            SHA1

                                                                                                                            98fb6c98e29d6ed4ab435236152c87f29e61b186

                                                                                                                            SHA256

                                                                                                                            092d2f1e67583218bb81f63c51b0bfa9d64042e7601403074a648472a3e3bb76

                                                                                                                            SHA512

                                                                                                                            97c48a55738a0e0ed1a5b3d097511a611c50c91ed05bc30ef00c10b372a46f1ef188ff4e3d78d75d1f3c7eeae1a18e619a2ae00295d6c42cfad00c91961d2c6b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\scoped_dir2316_490408403\2493a754-c7c6-4b2c-a152-364aba4ed334.tmp
                                                                                                                            Filesize

                                                                                                                            150KB

                                                                                                                            MD5

                                                                                                                            14937b985303ecce4196154a24fc369a

                                                                                                                            SHA1

                                                                                                                            ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                                                                                            SHA256

                                                                                                                            71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                                                                                            SHA512

                                                                                                                            1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\scoped_dir2316_490408403\CRX_INSTALL\_locales\en\messages.json
                                                                                                                            Filesize

                                                                                                                            711B

                                                                                                                            MD5

                                                                                                                            558659936250e03cc14b60ebf648aa09

                                                                                                                            SHA1

                                                                                                                            32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                            SHA256

                                                                                                                            2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                            SHA512

                                                                                                                            1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\tmp2D5C.tmp
                                                                                                                            Filesize

                                                                                                                            100KB

                                                                                                                            MD5

                                                                                                                            1b942faa8e8b1008a8c3c1004ba57349

                                                                                                                            SHA1

                                                                                                                            cd99977f6c1819b12b33240b784ca816dfe2cb91

                                                                                                                            SHA256

                                                                                                                            555ccb7ecd9ae52a75135fdd81ab443a49d5785b0621ed6468d28c4234e46ccc

                                                                                                                            SHA512

                                                                                                                            5aee3d59478d41ddd5885c99b394c9c4983064e2b3528db1a3f7fc289662bced4f57d072517bbe7573c6d1789435e987ef1aa9cc91f372bcfd30bc016675fa43

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\vbc575047727C24490298B0CEACBA92BF4.TMP
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            d40c58bd46211e4ffcbfbdfac7c2bb69

                                                                                                                            SHA1

                                                                                                                            c5cf88224acc284a4e81bd612369f0e39f3ac604

                                                                                                                            SHA256

                                                                                                                            01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

                                                                                                                            SHA512

                                                                                                                            48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\vbcAC0B822B34804BA59477523A30C31A45.TMP
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            36a8332aed4a22115f967fb64c51f3a6

                                                                                                                            SHA1

                                                                                                                            b29fe7f4b7b14d4d5d48ca894ec1e735ad1b5c66

                                                                                                                            SHA256

                                                                                                                            5acac28498505be57c4d0d60db9bad0e03177c2d44678512712e907f27a3b268

                                                                                                                            SHA512

                                                                                                                            68c380f03dcd592facc574bbd341820a6e2c65ae202023702e1521239b014d4aa728b4dd6f3ca35934c1b4425ab79b866968539c19df126a21d01af6c23daf91

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\vbcD75B3D8C12BA4825818A6137EFB898E8.TMP
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            46d87789c20ab0dfdb48ea8628333668

                                                                                                                            SHA1

                                                                                                                            c26bcb22ffa20a7d9e8f225ce5720e215237eca1

                                                                                                                            SHA256

                                                                                                                            c8eb3dc2143b7a9f115e28fef69ca7f1d1769a8cf85645abc1d9a16ee0060ec4

                                                                                                                            SHA512

                                                                                                                            64b1f01d03de400ba79299582bd83245869a51c16d5cd33181e51787e0ba958b66f528bbe9ed3da9d613a49cea14a1affd40c6ffbc13dd50110c0ffd2e700375

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\vrajtorj\vrajtorj.0.vb
                                                                                                                            Filesize

                                                                                                                            433B

                                                                                                                            MD5

                                                                                                                            ad9ffe5146b939b7e5b4947098fe2e36

                                                                                                                            SHA1

                                                                                                                            9105a260d9d760cb975b0976f4ca5e43a5ae2c3d

                                                                                                                            SHA256

                                                                                                                            8ac32901110517ec0f7876cda0287c0187d522929cbee9ff67fe70646ff7e0e2

                                                                                                                            SHA512

                                                                                                                            1e6550165bd32e49ca9d71b30a98fced9f1e132b2fbe668ca039db725b45f21932a732e3a34ce845605bc2a4418797331cedba53f0f142b0b1747e177bd2f1e3

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\vrajtorj\vrajtorj.cmdline
                                                                                                                            Filesize

                                                                                                                            313B

                                                                                                                            MD5

                                                                                                                            9d8c92d2890794468c140e5c9a14fc02

                                                                                                                            SHA1

                                                                                                                            c019673e4de2995c29473c659c8e0f9709602845

                                                                                                                            SHA256

                                                                                                                            c9e8946b9e65622c326a2941e3c474bbcc7d62afa8ce6e283dfb5dbeceb94b28

                                                                                                                            SHA512

                                                                                                                            aebc716ca2b6bd33d2485e096b4f837459ad04a465768a6c1914e38327075d107c81d6c6a208bb244681f6b302eb58857300859a46e1b0432902f4971bf22614

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\vrajtorj\vrajtorj.exe
                                                                                                                            Filesize

                                                                                                                            7KB

                                                                                                                            MD5

                                                                                                                            f4a855a42415af6c108373bd93acea4e

                                                                                                                            SHA1

                                                                                                                            ecce4f2b62f9600b78730c6c3248bddf6c492cf8

                                                                                                                            SHA256

                                                                                                                            1ef40539fc556d09456947ee6cbd3bd62f0016608ab315699f71d1e21007453a

                                                                                                                            SHA512

                                                                                                                            14c9e6e193f15f0510ad42fc1a1e3166c1efc909015bf33d6c28933008af9fa71d461ea199bc37cb3c532138699319f74f820e6daa77b3eb36dbca85173a62ce

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            0b3d0d7f3aa1ee91649e7feeb24d2f7f

                                                                                                                            SHA1

                                                                                                                            4582d3780fc8a6cee41ebf02362fe7c2d4282802

                                                                                                                            SHA256

                                                                                                                            eba855c49a6fb8daae48b277ea3d21ece747b05afcaa0ea536622007956aaa01

                                                                                                                            SHA512

                                                                                                                            4c2029de824b31da75805cadfd878a3223948f78b22b8a0886b8aa3e777cc330f83c7f3769395ee40f31a7ba505ab80c2ad2a1f2ebdc843bffc5a09c7036de59

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Xworm-V6.1.zip:Zone.Identifier
                                                                                                                            Filesize

                                                                                                                            26B

                                                                                                                            MD5

                                                                                                                            fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                            SHA1

                                                                                                                            d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                            SHA256

                                                                                                                            eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                            SHA512

                                                                                                                            aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Icons\XClient.exe
                                                                                                                            Filesize

                                                                                                                            32KB

                                                                                                                            MD5

                                                                                                                            858e7582f9f77146878687c60a4a8989

                                                                                                                            SHA1

                                                                                                                            331c7c8a76550f16a24708eadb2922d313ec8885

                                                                                                                            SHA256

                                                                                                                            a10a6dc897bf77ba7e3159b2de19a7719bbeada6c07696ee4471a36e2f3138b4

                                                                                                                            SHA512

                                                                                                                            7efe05f6bae87d2a341d29f10aba5fc114ab1d84f97cc11fb1d4fb6a4a15a85107cf8e70b2c8143fa86198173eafb9ed842a4290b17b325c9c41d5826befa7da

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Xworm-V6.1\Xworm-V6.1\Xworm-V6.1\Icons\XClient.exe
                                                                                                                            Filesize

                                                                                                                            49KB

                                                                                                                            MD5

                                                                                                                            c359f51d595ce2b9dd0dcd18ce5a5fdd

                                                                                                                            SHA1

                                                                                                                            2c457dbdc3ce48777554b1f5f435cc1c1d3a59d0

                                                                                                                            SHA256

                                                                                                                            c46e9e6ad653c9c0489e9f94787e83ebb193a3bc3ab37c5443e385a3dba635cb

                                                                                                                            SHA512

                                                                                                                            0537323a7341949038c91de57d7f27d4def302663e326cb62a89eabd93255b1a0d80516a6884e919ef0a666599a3559e0134fd346027af44ad0d9ea13fb7ba52

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\NTUSER.DAT{2fa72cf3-34ca-11ed-acae-cbf1edc82a99}.TMContainer00000000000000000001.regtrans-ms.ENC
                                                                                                                            Filesize

                                                                                                                            16B

                                                                                                                            MD5

                                                                                                                            1940d9335431ffd1fa3ebdcbe8550cc8

                                                                                                                            SHA1

                                                                                                                            6ce436f326712689149a0387e442c9b147d19852

                                                                                                                            SHA256

                                                                                                                            5d634afbf777f6a2aabdcdbc85d68aed8fc93085ab708f722e4b2bfc1f4cb94c

                                                                                                                            SHA512

                                                                                                                            632bba97286cca3443f0ea032e0597ce90738dc31808b22bef34159e7e60fefcf1108d6f5f85a387d6cb69e2a231f98728a10c8f85143102b380938adfb74b13

                                                                                                                            Download Submit

                                                                                                                          • memory/1036-864-0x000002E5B3E00000-0x000002E5B4CE8000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            14.9MB

                                                                                                                            Download

                                                                                                                          • memory/1036-1045-0x000002E5D5510000-0x000002E5D556A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            360KB

                                                                                                                            Download

                                                                                                                          • memory/1036-877-0x000002E5DCCC0000-0x000002E5DCE28000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1.4MB

                                                                                                                            Download

                                                                                                                          • memory/1036-866-0x000002E5D08B0000-0x000002E5D0AA4000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            2.0MB

                                                                                                                            Download

                                                                                                                          • memory/1036-903-0x000002E5D9670000-0x000002E5D9722000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            712KB

                                                                                                                            Download

                                                                                                                          • memory/1036-902-0x000002E5E0080000-0x000002E5E0362000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            2.9MB

                                                                                                                            Download

                                                                                                                          • memory/1036-1039-0x000002E5D1060000-0x000002E5D1072000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            72KB

                                                                                                                            Download

                                                                                                                          • memory/1036-900-0x000002E5D91D0000-0x000002E5D9252000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            520KB

                                                                                                                            Download

                                                                                                                          • memory/1036-901-0x000002E5D9170000-0x000002E5D919C000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            176KB

                                                                                                                            Download

                                                                                                                          • memory/3376-1106-0x0000029E75130000-0x0000029E752CB000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1.6MB

                                                                                                                            Download

                                                                                                                          • memory/4784-905-0x0000000000EE0000-0x0000000000EEA000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            40KB

                                                                                                                            Download

                                                                                                                          • memory/4784-904-0x0000000000FF0000-0x0000000000FFC000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            48KB

                                                                                                                            Download

                                                                                                                          • memory/4784-1028-0x000000001F760000-0x000000001FC88000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            5.2MB

                                                                                                                            Download

                                                                                                                          • memory/4784-1029-0x0000000001050000-0x000000000105A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            40KB

                                                                                                                            Download

                                                                                                                          • memory/4784-1030-0x0000000001040000-0x000000000104C000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            48KB

                                                                                                                            Download

                                                                                                                          • memory/4784-1031-0x0000000000D00000-0x0000000000D8E000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            568KB

                                                                                                                            Download

                                                                                                                          • memory/4784-1040-0x0000000000DE0000-0x0000000000DF2000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            72KB

                                                                                                                            Download

                                                                                                                          • memory/4784-912-0x0000000000F30000-0x0000000000F3A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            40KB

                                                                                                                            Download

                                                                                                                          • memory/4784-906-0x000000001C2B0000-0x000000001C2EA000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            232KB

                                                                                                                            Download

                                                                                                                          • memory/4784-899-0x0000000000680000-0x0000000000692000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            72KB

                                                                                                                            Download

                                                                                                                          • memory/4784-1027-0x0000000000F40000-0x0000000000F4C000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            48KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1060-0x0000000002CE0000-0x0000000002CE8000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            32KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1083-0x0000000001470000-0x00000000014DA000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            424KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1102-0x0000000001510000-0x000000000151E000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            56KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1101-0x0000000001290000-0x000000000129C000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            48KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1116-0x000000001C7E0000-0x000000001C7EA000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            40KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1120-0x000000001C1E0000-0x000000001C1EC000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            48KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1121-0x000000001C3F0000-0x000000001C3FC000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            48KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1103-0x000000001C7D0000-0x000000001C7DA000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            40KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1044-0x0000000002E80000-0x0000000002E8A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            40KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1082-0x000000001C660000-0x000000001C66A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            40KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1081-0x000000001C650000-0x000000001C65A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            40KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1080-0x000000001EB80000-0x000000001EED0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            3.3MB

                                                                                                                            Download

                                                                                                                          • memory/4864-1079-0x000000001C9A0000-0x000000001C9AE000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            56KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1078-0x000000001C550000-0x000000001C5DE000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            568KB

                                                                                                                            Download

                                                                                                                          • memory/4864-1076-0x000000001BEB0000-0x000000001BEB8000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            32KB

                                                                                                                            Download