asyncrat | hxxps://google[.]com

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2023 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

10^/10

asyncrat toxiceye def agilenet persistence rat trojan

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

def

37.18.62.18:8060

Mutex

era2312swe12-1213rsgdkms23

Attributes

delay
1
install
true
install_file
CCXProcess.exe
install_folder
%Temp%

aes.plain

Extracted

Family

toxiceye

https://api.telegram.org/bot5687152406:AAFin_LYFhJGLydMgYheeUDec-2orew51aM/sendMessage?chat_id=2024893777

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
ToxicEye
ToxicEye is a trojan written in C#.
rat trojan toxiceye

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/4516-542-0x0000000000370000-0x0000000000382000-memory.dmp	asyncrat

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

win-xworm-builder.exewsappx.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\Control Panel\International\Geo\Nation	win-xworm-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\Control Panel\International\Geo\Nation	wsappx.exe

Executes dropped EXE 3 IoCs

Processes:

XHVNC-Client.exewin-xworm-builder.exewsappx.exe

pid process

4692 XHVNC-Client.exe
1664 win-xworm-builder.exe
4200 wsappx.exe
Loads dropped DLL 1 IoCs

Processes:

XHVNC.exe

pid process

4200 XHVNC.exe

pid	process
4692	XHVNC-Client.exe
1664	win-xworm-builder.exe
4200	wsappx.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/4200-581-0x0000000006060000-0x0000000006284000-memory.dmp	agile_net

Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

explorer.exe

description ioc process

File opened (read-only) \??\D: explorer.exe
File opened (read-only) \??\F: explorer.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

XHVNC-Client.exe

description pid process target process

PID 4692 set thread context of 1784 4692 XHVNC-Client.exe cvtres.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

description	pid	process	target process
PID 4692 set thread context of 1784	4692	XHVNC-Client.exe	cvtres.exe

Program crash 10 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4112	4516	WerFault.exe	XWormUI.exe
4000	780	WerFault.exe	SearchApp.exe
3160	3696	WerFault.exe	SearchApp.exe
4440	1912	WerFault.exe	SearchApp.exe
692	4592	WerFault.exe	SearchApp.exe
4104	5112	WerFault.exe	SearchApp.exe
3668	4852	WerFault.exe	XWorm-RAT-V2.1-builder.exe
1712	4200	WerFault.exe	wsappx.exe
2292	4876	WerFault.exe	XWorm-RAT-V2.1-builder.exe
3680	3056	WerFault.exe	XWormUI.exe

Checks SCSI registry key(s) 3 TTPs 28 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exeexplorer.exetaskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

2292 schtasks.exe
4552 schtasks.exe
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

1984 timeout.exe
Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

4092 tasklist.exe

pid	process
2292	schtasks.exe
4552	schtasks.exe

pid	process
1984	timeout.exe

pid	process
4092	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 10 IoCs

adware spyware

Modify Registry

T1112

Processes:

SearchApp.exeSearchApp.exeSearchApp.exeSearchApp.exeSearchApp.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133387425169568666"	chrome.exe

Modifies registry class 64 IoCs

Processes:

SearchApp.exeSearchApp.exeXHVNC.exeSearchApp.exeSearchApp.exeSearchApp.exeexplorer.exeSearchApp.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	XHVNC.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	XHVNC.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	XHVNC.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	XHVNC.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	XHVNC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	XHVNC.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	XHVNC.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	XHVNC.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	XHVNC.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	XHVNC.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	XHVNC.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

Processes:

chrome.exetaskmgr.exechrome.exeXHVNC-Client.exetaskmgr.exewsappx.exe

pid	process
3504	chrome.exe
3504	chrome.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
1740	chrome.exe
1740	chrome.exe
4692	XHVNC-Client.exe
4408	taskmgr.exe
4408	taskmgr.exe
4408	taskmgr.exe
4408	taskmgr.exe
4408	taskmgr.exe
4408	taskmgr.exe
4408	taskmgr.exe
4408	taskmgr.exe
4200	wsappx.exe
4200	wsappx.exe
4200	wsappx.exe
4200	wsappx.exe
4408	taskmgr.exe
4408	taskmgr.exe
4200	wsappx.exe
4408	taskmgr.exe
4200	wsappx.exe
4408	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

XHVNC.exeexplorer.exe

pid process

4200 XHVNC.exe
3700 explorer.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

3504 chrome.exe
3504 chrome.exe
3504 chrome.exe
3504 chrome.exe
3504 chrome.exe
3504 chrome.exe
3504 chrome.exe
3504 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exetaskmgr.exe

description	pid	process
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeDebugPrivilege	2300	taskmgr.exe
Token: SeSystemProfilePrivilege	2300	taskmgr.exe
Token: SeCreateGlobalPrivilege	2300	taskmgr.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: 33	2300	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2300	taskmgr.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
3504	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exeexplorer.exe

pid	process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
2300	taskmgr.exe
3700	explorer.exe
3700	explorer.exe
3700	explorer.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

XHVNC.exeStartMenuExperienceHost.exeSearchApp.exeSearchApp.exeSearchApp.exeSearchApp.exeSearchApp.exewsappx.exe

pid	process
4200	XHVNC.exe
4200	XHVNC.exe
4200	XHVNC.exe
2828	StartMenuExperienceHost.exe
780	SearchApp.exe
3696	SearchApp.exe
1912	SearchApp.exe
4592	SearchApp.exe
5112	SearchApp.exe
4200	wsappx.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3504 wrote to memory of 4952	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4952	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4036	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4504	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4504	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 1844	3504	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc410c9758,0x7ffc410c9768,0x7ffc410c9778
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:2
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4564 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5624 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=880 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2988 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4520 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3060 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1888,i,7259871569416222117,17923783092052088560,131072 /prefetch:8
  2⤵
  PID:864

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4268

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1776

C:\Users\Admin\Desktop\XWormUI.exe
"C:\Users\Admin\Desktop\XWormUI.exe"
1⤵
PID:4516
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4516 -s 1092
  2⤵
  - Program crash
  PID:4112

C:\Users\Admin\Desktop\XHVNC.exe
"C:\Users\Admin\Desktop\XHVNC.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4200

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 4516 -ip 4516
1⤵
PID:4660

C:\Users\Admin\Desktop\XHVNC-Client.exe
"C:\Users\Admin\Desktop\XHVNC-Client.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:4692
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  - Modifies Installed Components in the registry
  - Enumerates connected drives
  - Checks SCSI registry key(s)
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  PID:3700
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" YPNMK6 127.0.0.1 8000 RVICTQ
  2⤵
  PID:1784

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:780
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 780 -s 4004
  2⤵
  - Program crash
  PID:4000

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 780 -ip 780
1⤵
PID:2716

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3696
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3696 -s 3584
  2⤵
  - Program crash
  PID:3160

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 3696 -ip 3696
1⤵
PID:4592

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1912
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1912 -s 3580
  2⤵
  - Program crash
  PID:4440

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 540 -p 1912 -ip 1912
1⤵
PID:4536

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4592
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4592 -s 3580
  2⤵
  - Program crash
  PID:692

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 4592 -ip 4592
1⤵
PID:4736

C:\Users\Admin\Desktop\XWorm-RAT-V2.1-builder.exe
"C:\Users\Admin\Desktop\XWorm-RAT-V2.1-builder.exe"
1⤵
PID:4852
- C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe
  "C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1664
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"
    3⤵
    - Creates scheduled task(s)
    PID:2292
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp5AE9.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp5AE9.tmp.bat
    3⤵
    PID:864
  - - C:\Windows\system32\find.exe
      find ":"
      4⤵
      PID:3904
  - - C:\Windows\system32\tasklist.exe
      Tasklist /fi "PID eq 1664"
      4⤵
      Enumerates processes with tasklist
      PID:4092
  - - C:\Windows\system32\timeout.exe
      Timeout /T 1 /Nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1984
  - - C:\Users\Static\wsappx.exe
      "wsappx.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4200
    - - C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"
        5⤵
        Creates scheduled task(s)
        
        PID:4552
    - - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4200 -s 2368
        5⤵
        Program crash
        
        PID:1712
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4852 -s 2296
  2⤵
  - Program crash
  PID:3668

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5112
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5112 -s 3600
  2⤵
  - Program crash
  PID:4104

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 552 -p 5112 -ip 5112
1⤵
PID:3916

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 4852 -ip 4852
1⤵
PID:2276

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:4408

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 384 -p 4200 -ip 4200
1⤵
PID:1728

C:\Users\Admin\Desktop\XWorm-RAT-V2.1-builder.exe
"C:\Users\Admin\Desktop\XWorm-RAT-V2.1-builder.exe"
1⤵
PID:4876
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4876 -s 1744
  2⤵
  - Program crash
  PID:2292

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 184 -p 4876 -ip 4876
1⤵
PID:2308

C:\Users\Admin\Desktop\XWormUI.exe
"C:\Users\Admin\Desktop\XWormUI.exe"
1⤵
PID:3056
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3056 -s 1056
  2⤵
  - Program crash
  PID:3680

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 184 -p 3056 -ip 3056
1⤵
PID:1664

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2b05ad71-ef7f-43b6-bbce-f8d786595b87.tmp

Filesize
7KB

MD5
05d7c7a00fd106b99176754494ec4e67

SHA1
f6bad580e26eeb848928de1f143f644d752b12e4

SHA256
56d145f64e026fa106baa7491c09b9b1fa351064ab923ed47115ae99ba5b32e8

SHA512
586037e5a9eecd5aacfeff1ce23c5ceda821bd9271e0c595fcc681855e5a47eacbe5861aa9b63d6156f1df1f1a6f64f823c386f76da06cde9c16888445a2f65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
44KB

MD5
d716b6013bc03f1e4fe2d5cd719c595c

SHA1
01347f66988db64e410b5ce8b8a8c353ff059296

SHA256
fc8a8b1cf010979eb77a33e4c8fcc744a884fed8147a326bcb39f7ee9aeeb32b

SHA512
cad4f0b076fe741297b4d1845013cdb7e7f092202f1e8b9c23532623d7b73bfe8c7c37af5078bc6d571e4b7276e6510a340838d34e84c470f6405281c7f2e9ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
39KB

MD5
bfe589d7b7e3f06cee5351e805ea1af2

SHA1
0880735ee4e30ac4dc25fc2d4d03cd5a45bf9c1e

SHA256
2ff2bcbcff531b220ba593814fbaa833de9d1f72d1a8036d46b3f5b766aec3c6

SHA512
dd183e01261385f2d1602561f51253c37e785d7ca8572d1a1a059a6d9ff723baea014fb3cc2ac39918622d0d3db7dace315d472ff1c403fe21c60e691880a1b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
32KB

MD5
04cb676d26899df8beca1fb9da675b11

SHA1
ef369339c3643b564d8c5234dc24060c8f027700

SHA256
0112d431af82a350fbbf05dc09f67eb57639e82959d31488fef908cfc4df60c2

SHA512
55579fbad58fb0d45c6b077627954acac1772bfec2ee6b91f03e9ebcca046eee4c1fc5de4abadf4af117a43be25a10384f08689daddd7a2ae88cfb6f7337c5da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
26KB

MD5
03f23dea324e6a2027c146d66037d1e2

SHA1
1ddca456e407fc3d07db78be9decb1bb36ccf77a

SHA256
4ad3cbb2f12576fe8a1250c5688ea8a1c29f120f0755c2f66b76d36c9bd7f05e

SHA512
18320e666de94edbaac8df776b3b762449b3daebddb5e99ccfa25b9c02c217878759d0d586c9d72fe10d29b52cf4fc7e96a00bcf270c2d49de92d919df2c5099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
19KB

MD5
49943bc015e9713f646c021a2f9a7f48

SHA1
7bcd637eb823b04c425775fa8c914e8b8f2ac2a5

SHA256
f6e0b13ad81727a0d9317a3049fd06ecf2c473060e9d6e4f8eb564a1d82ad289

SHA512
2203c2dbe9482b0b351a3f70ea0ba9f63dcc87a66d4a4db63a060dd7dd04cb73a73bced407d57c2bcf26cf7ed78b18c7555c87b22db9bd744cb6491cd040305d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
59KB

MD5
3af456969e5ffd8955773b6e522c1ad6

SHA1
c0fb7efcd404d59dfe85ede5d10f06f101d57b02

SHA256
226721c69e4e18a9f10e3362ce12b57762472f9f5e49196454e8f0a1364c76c2

SHA512
eaee632e2bb840477bd7f1d67a62ac5f79afb3cffc181092b9460cf972ab685952176d769903863c84d270c1baf2226abbf44802bcdc3d58a5271ea8170c9d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
17KB

MD5
2ed573fa7bbf4c0d0cdb8759a5c07f59

SHA1
e3f97dd2260d1d3eb9d58fcde64bb83c3966e969

SHA256
01beb0df4815b98a01628003ce71809680cfe4044a25d3e0f16f0f2e70a8d50f

SHA512
5fc3f840dab2da001fbfe6dd8fb33d44882ae4781f1ef88e84ca9b31d7128fdb5e794bfe3741487e7a9575b7b720d1a49b59a56374b94664b8e2ab35cdc36c26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
27KB

MD5
b3651e618098746c8784d8f2feb975da

SHA1
f84dc5e2231456a8eb6741f0a7d3d737d64abc14

SHA256
78faf57d9f3ab2ef0a7acf46fac725982c6fc12602464119adcc8a13d8374c13

SHA512
ae540878b51a58b19c50ec17f1a80cb9ad242e9fda9ce8cba67c7f5f982ffd9a3befba651c45bd2efa99a78811c3ed850ec3ef27846457099ab043a48454f682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
19KB

MD5
c32520f88e9a2706bf30bade0cd137ec

SHA1
b3cc901b533fb0bd77da03502c748114d87b8b91

SHA256
0861dd49a443ed0611f8ca39d833742cb04703af35280eba4ad6be5e7a6ff17b

SHA512
cd63a24ab81e60ccf9040437485769787a6dcffd4887895e89a0687880003e1cd5cbde2a332985821b1aac24740880f29bf4a699680929cbd720b698c1d9e804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0d1c87bc5f6b3897_0

Filesize
25KB

MD5
8fd210ea28eecca620af643aa0e3a4b0

SHA1
d12c9439b55cbec0f6b908dd4d557792ce7965d7

SHA256
ad1c3439672c4389de690a67f48e1e033c8b476459ebc5aa4f2c829c7b279c32

SHA512
e7ed102a3f820abe992f5390d2795cf8366131d23ebe59866deb1df3d723dcc492a5d27c6919eaf5259875f179bb0667f91ada83893907d8ef674f3cd2b057be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0d3baf0145808a1f_0

Filesize
360B

MD5
2797206e5766f27b583aa172fa5caa89

SHA1
d9162fae81c2ae7452d4edea1930fa471d1117e2

SHA256
782cb022aea102a5fefb95ee523597872043b2eda5ac430278ee1bbba6e1310e

SHA512
980fbae5ca8e63be2a8fc7a96ac13adc55b898135196d8d80239746ee89ca7005444ba2c342fc9f4949d412b7648dc88838be58f21de29fdb47821f0b60b2ada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0da4c76a2fd3a7f0_0

Filesize
1KB

MD5
a9e4689573e73de5c767fc5074d38c1a

SHA1
f394581eb96e16c375678e346e91a445b2952a07

SHA256
7684d074f14d74bb1f2b6547217b6156df1e79f9f7560685e28672964374223f

SHA512
0a9448db80a516bf52a513fa25462d1096de6d40fdee266f36d21f7c8512779e9b8ed41570b28f2cef5b1eab4ec840747a0c3faa2497e1e6b3c7e42b6e2a1b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\100911439723f98a_0

Filesize
10KB

MD5
28817dffa6c53f1176b3ab61c1a6a8c5

SHA1
00502a4d7761b6d678a6ba8c9d10eab2fc16bfb0

SHA256
4c6f42cf47223b1ad92019938c7beecc2a0c5cf8a31e75272b1b98c18529a024

SHA512
3c771194d46222d6c2c1af11cc7114c0c19326fb8f9a56ba8d55f8618ac090af441ef3e927fedcffc626d1367386c714e2404efd94e9d5a208c2819be43b0059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1523f90f6da9c097_0

Filesize
8KB

MD5
1035fd2b4c29428e58b5fb2dfbdf2214

SHA1
bc8cc0f87bd3027c16cc7aa06487ca54138633de

SHA256
f6cfde48c5f5c1247d612de09924fd967141fe7e589e8c184ab59b05807d5f59

SHA512
68ec710bb8be56cc7fdeb6931d128441447f30e851eb4de2b0d2629f945e2ed53ead40001282b44921214c592b1f2d941698a80b38e593a12514fc49052721fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\152cfb00947eddc2_0

Filesize
2KB

MD5
782e8ba36613056827e0d994d03e0ae2

SHA1
f9fa5a3456e08ec0621ec1899ed53ef96596ebb4

SHA256
d9590a3817b2ae2eca5c17c51a57f0693eca967d0e1a30f23111fb12ac613a67

SHA512
25151c2018c8e01de5aee36b922dbc41d6a06405b51e7599a09d0429208a1bde0798d5b05e85b06988aab0c0990b9ecd9cbd655c71eafa93ecd7a5f4590e47b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\19b126bb1273f1c6_0

Filesize
366B

MD5
37b7cea9de2f131f4fab24c77edeaa5d

SHA1
1f9a14db02740755b31c5ae1a8b466f0419e0f09

SHA256
ab1b3efcab0a45bb8de76ba371f1cda936deef02a441fe2db98c6e1e5b7425ff

SHA512
8f9321ca11af0f08680f936c080c4b6c1268e969306b2ebf93f9f9435fc2f30216359d36409ad1cd823c35ffbb4d63d76007df11dbbf57e370c45cfe9499aa25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1c4a25b63626e5bf_0

Filesize
38KB

MD5
37ad7db2a2b8263439c4b209d1358c61

SHA1
8be7e86eb0d51eaf1ab5db54b5350daabedfe25e

SHA256
dedb48cdbae7ee91fdafacc338e637649acbcc481f800d9e18e7275c3c92cd5f

SHA512
5eb36d4dd5a1950156eef7867b5a642fa519bad05d0e87c493f025fcf56300d2df4b5bc47d36a8cb4f006bf623058baec444aba631f74964f9cb9ec874cc2e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1c7769d95363b410_0

Filesize
271B

MD5
22d6a59bcd301b46babd01d4d4804e91

SHA1
aa15fccd3ebda23bba65bc9844b0ef1849f38786

SHA256
77663389edf52ab705379e01faada3920b35b8936aeef68096a0255312c71579

SHA512
e1791bfdf3631673d6e28db54abe5dee49cd3b25c93db2e9e960f79531d04c2c7d86110a60e54de62835ed89c5e05ff8cd6a60a477754bd2771890ff74501459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2325563521116e55_0

Filesize
45KB

MD5
49cbc46c1969e79de5527ec394bb6a61

SHA1
bce0a91e1da075dde96e59fe2a509fd358ee84e8

SHA256
1a884c00f1b0d6dcbbc800774ce768f07efa670ded170f53cb64bcf99ca47e4c

SHA512
874c14d89953b0acb3582a5f422229e1542932ebd3def8754c3564abda0e87306565e9b2a75eee70dfd214010c1a046bd9c99a6cefdb63dc26538f222b80d94f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2546e5c722646368_0

Filesize
360B

MD5
ace6c22b70b33074fd5f9a9f9bd181cb

SHA1
599ae2777836fbe1985f7d44901c64f626153e35

SHA256
88ee0ff700b169380f6e95fb21ebd70270599d4f87794821da42aa5bd490b6b2

SHA512
d94cb5d4e5a34708d99873ce9087236399bce34f365160451ad4260db6149199c0a1a9f7520c656ef7e0d7e99d2bb9e82ab8268e562179054d4576291809df49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\27d9b995ba321c74_0

Filesize
275B

MD5
9b03694f49825760d536a0182d677ade

SHA1
8331613666af9e0cedba1e223f81129a015c9759

SHA256
0916480ad5f0a73209ac1cb7a3a3502ca8046569bf3434a05c8708be43778148

SHA512
c44c2f5382dd933a3c9231681d892fae59ae506f81dca2dc63eb727113983a4830813617c30b8be40f0e03ad3171e828dfb9e3fd70c4f10512542e43884a83ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2c6c08fc8c53b748_0

Filesize
26KB

MD5
30696eafc6ac053fd3d24849a57df5dd

SHA1
bacfdffb6cd870b4d9d61c803eaae38b73a5d758

SHA256
bc593312127ad161ddab8fa78d518cdeb8fdfb5fe12e37abd59b8c0096440e78

SHA512
d0bbd395f281532c61c9b69a643ef601c265a4ecfba1c2a29373e90f72205d2a45ec7a830b3429853695fba68505b74440a6939cb31159fe88933e01c75fb79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3403e556d9b74b5f_0

Filesize
19KB

MD5
f64c8590ff010fbac22bf8dcac19474e

SHA1
ec57ba864eb6b6a7d8ae090cbf6d5f9b95ff10ff

SHA256
4614b3a857c41d670e330f7bfef77e49034aa9255e098dc03860546a4d03e408

SHA512
aa6ddfc936faca717f4291bccb6f92661c5e34aad94e32140c18e9ce7eaf7754d9994e1b0b86055d118ceac5e0f2f7f69787461dd1370a1b63f8b9eccd5554d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\380c8fe4ad404630_0

Filesize
37KB

MD5
e01387ee5a970d4428c091a6959aa55b

SHA1
5accc099893ac29b905eeba30fbf833072e55793

SHA256
e3a56ddf393298167b24b61135ff4dea75bcd8832656e8f97c4cdb26bcbfe6aa

SHA512
9c56764f6371422493184aedea15e59d7908e542cdf6e6208936850eee0d6e8bd2d6327d3bfecfc4100b5bc76ec7262606edaf51a543b1d1541c9a3dc8ac1448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3d2f594c4ebdff5b_0

Filesize
2KB

MD5
2ca9a43bc625dcf575de76bd7e773c15

SHA1
0b833fd24a06aee94474fb17535f3d1590153909

SHA256
afcfc3728cb11bd2ffc2dbf5dfb6df3c203a01410926953d1232cb846ae750c9

SHA512
db5e3d3bde1bff3a1562d6fd5f0c2ced78653d87f343ef67effff55385669a8567b26f1e381e8dc8ef067241b61b82e65256e2a2ebde4abb00c8b1fd322ccaa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3e7bec1cda760974_0

Filesize
10KB

MD5
06e9d30568cc150ddaccaf7031d36d79

SHA1
881af88f43a2dde4c5e2f6913af5c69d0cba6d6f

SHA256
ee3a8a2ab532c3ce975679753a1a2d581e816a1f4c5e2a8f3b6e56cd4cffecec

SHA512
8a3053ddc13ac53b5bf7a21ff28f189a023e19787f66d64cb9655e436c1d1f5a32c6832b9e2996ad26501d33a3147e5dae7d884298fd296211adf2138e6129d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\439eb6759928b2cf_0

Filesize
1KB

MD5
352621d394de8b7fc8639b15bde58a1c

SHA1
74c88f3c80adaa5812aa9e3cd2757e59f456cace

SHA256
b4b611dd1e6c31197eabbbd329ee997fb8f717c61029dff261a8e5f5e15f3ef1

SHA512
b74b9e548e632265f7eb0025166ecd9766d63c149e89244968320d1a662e8bab39b5663c26a1f224b5334e4a87c9cbb0106fb6f2889a4383f926a125bb64a1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\471e2a5f63eec3ea_0

Filesize
15KB

MD5
cef1b8f4cdfc3ea0930f41626fec49f7

SHA1
c871ff578bcde1acb3375d0f4a5df0b25bf79fa0

SHA256
722c1f7b7dc3aa08ac1e07de625350456a0682794aca5febae50beb0e83cf64f

SHA512
86f573ac74baea78e51929e0574a2a34285a893112e9f61c365705dc14cfbe57a84d03095b4c780ea5a90c92907ecd600b01d728a2e2e0f89ce2e9cc76f8f7b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\480d7854ff270ef9_0

Filesize
1KB

MD5
fbbbc3e34478496ce83c9546382c0470

SHA1
3a8395d8e09b7cdbe4ccc7dbcd49a68fca7c0c0a

SHA256
14cd59b18980744b3e3e75eac61e7a09e3c945fd2d176ac6526d31d346451a67

SHA512
43755e4d6b7a36d534c59341ffc49a41f14937c31c539e99a4b268c8c80ca66a93b4b63e1bef476e72572bc54a931210d6855b88ec103cfd6bb5c14d0e3555f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4997ac6074f68190_0

Filesize
16KB

MD5
98d8cbfa641379b6fe5cecdddac02c28

SHA1
6f3a2b73ead5d14eeb10fc5156b8eb6fecb7819b

SHA256
1ac741ddb3b291feda4e5818213dd91f74b90d9e015dfc134c917bc70cdd6ba9

SHA512
eae6245c9d55223ff1699f62c46f2fb0b61bc38604e571ea6c67e917b1b5b865ada87090823d4447a6f0d8656c520f31f06a0b0085c1e0d4c763a4966a2a8118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\518b970e6e8d42aa_0

Filesize
8KB

MD5
4cdce3bd5180e61e4e0af7e47872889d

SHA1
579459456703a4780b1d476a179132a541220eb3

SHA256
9992fa4e4742916f9f237302ec8b9388e9a75d16b5513b68ae0e51abbda3d880

SHA512
a9129367984df305d43287cc0059b23ce79dfafafa9b9802d8189be7e36eb11b63c1af1b58888f61e54944d057a287da407d1b025019dba6844cf99c4dc92ce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54bb98527ed6b377_0

Filesize
9KB

MD5
8b3cce639127a83c7e5a6872fd32811f

SHA1
8d93ae043a0b020305d88639d863390579a6ca31

SHA256
7b0d9476df37a459255e7fb9e5fece15440051cef283a823d45c04d5b7e9f589

SHA512
b04d8aa2d0f22e6f2e7fd297e5837c00df20f7a8afa8905537085da869b4a63cec675857753b48b75099aad6fc0c816ac801c090a7daec89ed0cf0e6c48e2e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\553925570d428578_0

Filesize
3KB

MD5
78e949cd0bd13ff1e726743034fb8621

SHA1
3cca42692e9ba5ab6cc6ba1b5e6e078a770b4d24

SHA256
c276ecea2363468a046aa2fd2ceb3fb5ecc49850918a3722a59c70000e97ad61

SHA512
661fb300ba1b64a7b5d4c3e42b4b71de75c0482194421fcea97864dd3638e405f15cfa81c8d1ce57577de83878184a9615d8ce7b9199c25906cfe62fb6d420fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\57d34944d7ccd140_0

Filesize
318B

MD5
b65b451c588fc35f42191a1ce21b22ee

SHA1
dc5d43a0df33420004daf954eb44270b67400d76

SHA256
3ff931ac8ac6a47d6fe51b7cfd23275aa10b3524e3afd96fb8cfcd2bea8cf2f8

SHA512
2ea3f570c711fc225b7c2db83330012cf3a798e88872b98c330929ff429f7d18fc3177c5eea4aa4ec08016caba16d16abe5d19b352d22d7cdf236e041278561a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5b52ebcc89b419b8_0

Filesize
28KB

MD5
a7e54cb53e728fa8d189805cd20eac6a

SHA1
4e75379c568e2a2f7ca5bcc1cbb6c768338c98e1

SHA256
20c3d52a1c5dd3ff19bae8a100a83c0a0874a16224570cd0548d2d78e2db6d68

SHA512
9211fea9479c97b0b10259b80b4e13206c914173c08ffb55f6cbdb2e565da997690e9944c17318518968ec544adc7cb7d4a93d5a743b64d92bb7aba2a99ba740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5b96786765fcd3ca_0

Filesize
17KB

MD5
7ad0a4dc799a3ba19747433c2ee1831b

SHA1
05a2f4d1078537217ba87bf97921bfe9d5dbbe71

SHA256
59ab3ce24b917a059eb1ca9546c9ce5e5ec9cfefbc07966d0f3e6d9f816c6837

SHA512
efdb2de08e812b30975b9836c6bc4212931ab0e485ca1a9290e10b694671065a2fbd6ed3cc2c3b57dcb31d721d175aef3a035533a48b790d93a97fbdea050015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5e426f9e1ba0811d_0

Filesize
12KB

MD5
14ce2db22800257a7b5b5d8b3eb6b62b

SHA1
87c988828cd29253477cb3898a6051a10e118ad4

SHA256
e8b89a2edab6930b7c57ecb1e1ca273a02558c8bce30676e3c77001d074d5e40

SHA512
ab0e095b7f845e391a9fea42c91287aa5257e5e7548f9bc1bd281e34864e4fb17ad615e7103c4ab0c138500c5cbfbbd1121eeed1c6b3e57e747045509a58c45b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\639d3a1d4df6ccb2_0

Filesize
37KB

MD5
7670cc8dc661fff3d888c96cb5232df7

SHA1
a2c5961b4c9cf2a2dad87d6b12587e555c9a3dda

SHA256
4f91a4850ed45d64d30573e4071da91d9f8f5ad83c0348ee24f9dd53b856e907

SHA512
f6b4e8763ab5427eac323085abb4e4058644b51bf5d24bb009cfd6bd92848d8ffe558ec98f35b53a9c112532f0188a817193e7d15f812a353b305cfbf26bd19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\66f4b1443146b0b0_0

Filesize
9KB

MD5
bb603e68d06fefe6bf8c2945dafb50fb

SHA1
a0fd35fe3015984713c67a3b8327d64f68c424ee

SHA256
9f2282357d59c78113eb07b98543e9b783a93f4439775878c05852cf120f1407

SHA512
fd17b6fa80840462bf206d464c545b2e72e287b2aa04c023f6b0a29aecd74afef56df2a58f366b387c4ddebeb7621edfbc2800fe0e0ac8c1c77c584a50975e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b4b35d820554ebd_0

Filesize
305B

MD5
e1384cc661e1595287430d50a2759838

SHA1
ebad206eaf50f0b2ac8a6db98846c79f33c0f3f0

SHA256
9ba9958c024659263b34150e6ba7273931376dee21d0881b906fd3026d12ffcc

SHA512
620f4f9fa731873f95b7147612bb9cd34da5e5513612722b1e85483933c5bdc749edc9b487ae57f84af2b5b228d67f1ec1469ebb3ef25f342e52844523b3ca21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7652939bd303ea46_0

Filesize
303B

MD5
741587ad70a27c08b2cd8080c7e43c1a

SHA1
b50c519ada64e577f707e83e4a30fcf60c7b87e7

SHA256
8ad927b6869b4863fb1799f012fdfca7de161e2e2e6ad078c8d71dcbc1e7591b

SHA512
f138a4dfb3269fef9d9ff10b838af2b55bc36cf16ff855b3dd43d9272c111f7cb759b28571ee64e7de7be40e45b181e7835ad69f126608a33738527f37a52038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7c42f2830ac2f32e_0

Filesize
92KB

MD5
604ed3c3ee8a0810e4f85a6caaaea2eb

SHA1
9bffafcdce55ae27dbf62d6916806d68ea74a112

SHA256
c6d024d0e416be677859374cfe2b6d068034f408a1abaac78fed33ab52335682

SHA512
f12b032772670ed49402edb070ae955213c6193ea77ce5512f260a551adcf93b13e5374ff00555d371f7bbe340d3a858489982249f39f2bed1e086845ad58393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7d1a4e80e3fed2af_0

Filesize
11KB

MD5
516b743f888ed2f0a1430c27de8a33db

SHA1
d0f451a977b1cf9fa261d056449c1a796f25e221

SHA256
c136912819bf56cb0cee29ca2f938790d2f05ea97b56f8c42355c58a80b2a93e

SHA512
8991818835b8c7d80a4b96942d59033b6a45d88f5ca16d615b1cda47611b42e7ae6dcaec16898a68d536295827e9c55afc013e6a42ba2fb9d8a10214063b84aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8853b7c46db6a047_0

Filesize
323B

MD5
de558c7cb52a0c0f8703d978d75e4556

SHA1
ec4f647d01a4f04c39c620ab68c12e1544e04e91

SHA256
f7626ffc61e414e222d50974e264a146770933122a5107ccc53be512cca75ce0

SHA512
be321c2a9f636761ca146c45dc0bca46c745dd47b6761bb2c8d2df372bc69802238033c47c98dd55686cb83c3e5a892c86a1ee3bcf8cb2d4f10025cc1454fa9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\88e098fb4046845e_0

Filesize
171KB

MD5
fcb7375c5f91f939a416f6b0363d03b1

SHA1
1fcca5c20243946fc2b9d4a574e28ab8329585d4

SHA256
4e2f66f30cbfb72728b3857a7105099574c32142f86465b69ef6daf478715cc2

SHA512
e46519a6f60607049bf63cd7026e7d5ec3a4993a308b7d71fbb470bed0ddf7844a4bd7e9657b1ac33c66dd17d66db4dd52e40634a0b6d3175ba4f84b324e9f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\af0c9c147e183d02_0

Filesize
276B

MD5
70873ebcc8a0fd6202d647a7d4e3cea0

SHA1
c1e8667ee7c3cd148140107b56a2702e96bb43ba

SHA256
9b9c5e2c1562a29bc72cef7484ac5823346695d1262aed53444669c7ca105b9a

SHA512
14264bff38aeaeffb925268ed9cea842cb92464383d2bfd7a26a33aac3acdf50fa4cbfb69d4e955a02c912aed91914d5e5255c73a37ec345f762c6a005cb1383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b38066c6bcc6936a_0

Filesize
16KB

MD5
7b4bb10c4a243674fbd33aaf143c50e7

SHA1
d75d1187650eb97f91d9c0a75c71fefb08df142f

SHA256
430fa3a69c3c194ee34037f7a7305dee6fa20aec87c820ff6a2a1e6feeb4376a

SHA512
f3144a98abb00ef33b0994ef0b69fb94b5c4ff4b36a34578704014ff983526ceede0e329fd435921a800ee61165aaf6b679826ccf374d74c2580b9e1fdcb44b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ba0f23ddacffdbdd_0

Filesize
292B

MD5
2adf6cb4da49f90e9bfef9e60687c89b

SHA1
9b182d4a2cd12e17c24d65b678bfaac4f02d06bc

SHA256
70812db7152cd56d1f13ac79cb0d68f6c1cdd7dee2808df998e58b7e8a778c64

SHA512
50abc5337d0e3986683f2f2bfe44d6e0f0d228a69f67abdb912a8a61db9ef6ffdd91dd35158cd5dff4a2fa79ae526d8a01da8456979bd0dd665981205de62290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ba97eace90cf298b_0

Filesize
360B

MD5
fd7f17d72dfe928a1083618052872cbc

SHA1
9b053fccf25ebd682a17a03032fd522f44f61077

SHA256
317ce076f50d8f01c54b89b3f9dd3793d071a198644c443f534e02f26d23e36b

SHA512
04012079ed388725580faab6898ebebf43b9cc83544fdab47b43190b0233ebfe5722dd166bc44fbe26fb405a89676724874fb46cb9c8c233be8104a7252154cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c0752712b8a5176e_0

Filesize
1KB

MD5
3f40140c59b3087609e5f258f11c75af

SHA1
d2a6c2091e7cb34a53054fe867f0ed344c41139b

SHA256
b8ac02027d2c851592bb62460f757cfc48b6a3e282757f6e2e5fed671cc7cf1b

SHA512
984c4610a794459adbeb1d04f543ee34731151adb42047370f9822af9aab1054f65675d66406f0ca95ffee797db2d38e226fe137b8eead4c0400ff65530612a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6828751297f7426_0

Filesize
360B

MD5
927b30c3cd90e4542b22ad0c983f92e9

SHA1
b67c8b2ee04290f11735c22dce073c0c942446c0

SHA256
b46163450ab7e7e0be2d60b123e856b1e0dcd44b5cca1000573e7f4f5e3a4c6c

SHA512
cae3f8c3d8ccfc598d3277685d942499fa8a6bff39d701b9767b81ffb6405bea291d33a08582d4793cc4ab4a8ad14d04c48ccd73f96ceceac63685b3842ef1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6b36d3d80511c9d_0

Filesize
318B

MD5
798918f47d5444cb6d1c82ea46c0a7f9

SHA1
666d301b03a4fe0cc7484e32dec732af2ffbccb8

SHA256
6defd8422b7e85a686d40c9c0347ac72200922c549430724b4ffb8dd5e0ef2d5

SHA512
b9eceed31a8880b47cbc48ccfbdec3a4e90136cbe04495b4fbf0a6448965fbd4f7f389cba9e23385fcc9992645d3ef6d4d2e8fd433975722b1b9fc2e506ab2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb67de0fed57b752_0

Filesize
23KB

MD5
b34f5eba25d90cea8b619e420ad2c83a

SHA1
711f3c028c052e2ac37a044378a0d22ed7363cc0

SHA256
7cb5540348891c052e0ca9283631c94a28d40de6ca44eef2a9d8cc29ef0cc495

SHA512
c62af9edeb4e879bd600d7cfdf98de763ee4421eba4c84bd483bf350ed1435db823823f6232aa81ebf36bd5789877e3588aa6c3fb7ba46fd176a5f56e8400ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cc79705b7b6a5d0b_0

Filesize
270B

MD5
212482965faaa03e2907dfc1634e7244

SHA1
9c252f1a26af4e4f066cf9f0c60bc140900ffdd2

SHA256
5e9099e43b5029f8438f4c5043e59813bac1c440dad955109caa7b65e841301d

SHA512
a3f5325163e112b139a1d6fba17d96a25a370c68c2556192931edd86ada18a29fdf38e4f61e031be4a1606dc922286ce1ef974ce866f0d5a32a394cd059375be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cfd74de831d929a5_0

Filesize
10KB

MD5
5962fc9e9c9d6b8e810d7bb011657eb2

SHA1
53c98016d3b9a91176c454f350c402712c86232d

SHA256
497257ade19d26a8e3ff22bfa60d54b9b2c73f94914695e0309d35144c3234c5

SHA512
c7a9247daa91f19d6bbc93c7dccec359e4b6c5f01c8e40770ce8f5a4f8180d11c0ff3150c5f0b199810f08e9b4e148cfd6882930219727f176fda2aea3758d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d37c776463395bfb_0

Filesize
78KB

MD5
1f7c3c09315f28a6e953f9b0462d23f2

SHA1
f88691a8e0f7c86294eb59a0d9677cb369576076

SHA256
151450dcc89795c3a683388a0096397868f4f6b0b838e3764cecd0162b3bce94

SHA512
bb90abecfd69b4cbe68ddbb7b91571f016181bacc9aa12a366f85de016d37fc023f7a344df7f85c37c9df74b366fb19b5a7f0d8b733201c9a1ad2326f13af3b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d4d72e795a13fdd8_0

Filesize
269B

MD5
13c141ddfcbd43ce60f230c5f7de03b0

SHA1
d84848ffe9d277491b1e00b2c10d9986c315fafb

SHA256
f210dc5c364acb1b0ff9ab0d9d3549fae6423a2d3e7ebd30e34260904bc02a49

SHA512
d544e22ebd37e3cbe174c97ba0fe376762eaf958233b17ae24cb42230d2c2faa6812daf8eb313222fe8ef7662f73b8acf7f6fbaac67ec79c3620530e1a26e0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d93d13f4413d857e_0

Filesize
12KB

MD5
5ef2502fdab167317d5e0f8400feda79

SHA1
6ab9ef9c11a61f0042f5a2af8a0f07c6e6324283

SHA256
7a5cbd93a86d8e3e504641e3a9a6b8e44b2bfdf216e64e86fb70c656b2bfb32b

SHA512
66baaf321f13f20db6f5cd2c8c1d0d6137515ce5518407e7af5f881db968faa335fc660aeba73af560e0896016ff4c010596b0836932e7095893a63ca96fb441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dcba6e50090dee4e_0

Filesize
4KB

MD5
78cfc7da347f078b41690f4d355a5253

SHA1
fa832215e931000419c347ea90e3157ce9872c3c

SHA256
9cdf959574d4d9fe7d12e2fcc1448271ed542ef3208683f4bbc0145fbefce6de

SHA512
8276496183e8b7126b038131b151e2e167a9db209fd728296d17d7ee089ca33f526d193fe20a9fe5ae491c9e34f9017d8edc1567a209c76ee1d0e7eb17dab11d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e015869ac89e40e9_0

Filesize
9KB

MD5
0e629e5ab9bc76100615a1f69597d701

SHA1
df84557e0425a0b4baea398853015715c7f1973a

SHA256
22ab083ef3547c39ce257e31ebaccb0cde8cda95542a2349f27411c1ba9102b0

SHA512
b2ae5e63cc705548bb4dd140edebb1eef8e579a527051a880ad02da177fb79d82c411726df3db02aee001fe6e603b69b63af1983a1b775970983e8d0d628bd64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e29691bd5ddd3ff1_0

Filesize
18KB

MD5
72819c06cddcc6d10a0e69aadb737f90

SHA1
b3d1bbfa25e8bc527f9eedf1cedb737ec516ed33

SHA256
b9bf839dc6d36495962d83f73a1927aee098b7fd97558bd44fd3a0a9c99a7ee9

SHA512
8b33ad1ba580f44b8bbc56446168874b768bb73889e29e1ca6b8715709e0cc84a68140758ad0753830230bc0a63117c83932e1a52c098d3cd90d957d21c458ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fb18705d585d8808_0

Filesize
11KB

MD5
1b5555c7fa4b618b400df0c111a99181

SHA1
1128886a40f39c6fa64b8c6202ae9e98c4c8cd43

SHA256
c85fce9af3d5c73f83923b08aa95c512378a5e43950c1adc606bc2019058fe51

SHA512
d71c0c69d6770c25b3a679383a4af8f8e159fb87c499cdd796846a11b2a5849bb53873917affb19963d2f76a5e0f5e67693bb75631ce76d23b80ad87522811ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fbd32456ef082993_0

Filesize
113KB

MD5
608bc8185705de2e2c183d59ca088a21

SHA1
65444711eb4f3995f6a453109418bda432d13592

SHA256
80f68652789b24c5c261892304795efc9a035e1282ca585ca7bea5b4d07922c8

SHA512
8aece5bc96542da24859aaebc9a64b88758d0bebddfd9528c3c09ea6b1971098e424f308cc887728dd47f9eb3b300c5ad33a5a024fe7cff2440fd70611738488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd5349d49201aa13_0

Filesize
15KB

MD5
5b7e14784ebbb5b4f676128f5318cd2a

SHA1
66443992617c63a98a6f2bf1a259a8f9c40b78e7

SHA256
8882f7bfbc993133bf64be2589497b6b36eb821ad3a8265bcdd8452c436f5370

SHA512
04e86c92110f877f215a939b9198bd0fd839058bf910336bffb05ace2082e7763dda729c236cf6480e64ff8fccd330d971272a6ddba0251cfc1c0642f3f4f116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ffdcf617e2e2d636_0

Filesize
6KB

MD5
d683e86f38d1d3e820b1b6eacb852fb1

SHA1
920f475459f0f0ce5b73f1a644dd0c237c42434f

SHA256
a7f581c3cad7664aa84c9dd3a3816df05132812819ff8e0181a4b663fce274d9

SHA512
b35fd22d01b3fc80122a3eafe8c092e07ec14ab482ddd7a52cc10ec527806ec1596d3126c767471766bbff5bb4dd099b54c5593fc9492f4825a3a99c9149b98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b6056064d34362f9d8c8ecb9684af1a8

SHA1
ca4b2b6ec977af49e60dd2797f16ce52920e7f15

SHA256
482fd427478c7acbba2bb39ed7163e409e3853a8422f5ddf896721745d7d16c6

SHA512
1729408a567f49d9f78bfdd1709c8500b2f8eade44e72a977dbc8558ce3b0ca361958c3360521cfa6e097ea56930b12889a9c35aa71fb497c0c167135ad2b75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9d6a26fc2a7d3c4485ee64b6cd888726

SHA1
0e1d7cbcbcbe01404aeec5a03afdaec4f986493b

SHA256
4ed7f76ebd1732a4b4725118e675d2553d983aae02dc4afcc81634e51bef14bb

SHA512
38bfdc28941759a31352fd2027e6cd0f93ad295702286f7577a560fd4235177374263bd35f1e7dcd4455e2afbae6885aeecf1d76095f3fb12444dee86c554d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
87540a6cc40f43ac64a3389f88717398

SHA1
c29a96b33a6d2c41380b3c6a9a3502f47ae6a1d0

SHA256
d16f83f4ddde7d03ccc6e94985c47a03878dbf19d657c28f414b0b8768b5e1f8

SHA512
0e552be9b4cb7a47ecadfd302bc8ff2e464004371c6fde1261aed6c97bd0e54b5aa1746542fb1413412817d19fda4d0db1cff062823b7b7bf098682bdbe7c519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2b2dd4a67837c39c1d06d459fa6a4f9a

SHA1
918416955c89c5c0eccd57a6b0a060f6285df711

SHA256
b47f009cb43af8437f00765641bb7d55666a9d2dd6258c880b4375d10bc6604c

SHA512
94df376ac74d75dcbb1c6723841b16a352aded9a07f6304641adee3efb913527dfebab2a15dd256c408934675cc7d04726dbfde6cab5b590d2b3aac07ccdb4b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e17591eed26da65cec71a2b9e6d9d304

SHA1
10c141346d20a0cec62f6f88ab792ec0f038287e

SHA256
647a9bd11ab4710a47fde93ba8c33879381265adc501d6c219341d71b2153fc2

SHA512
4597ec02faf223e710cf747896c1d1eca5712496d9043b8a79946e7f2594a2d8ac65154f87fd68d608e2cdcfd950cdc014c358fef15d0db621562358676c5913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d2251e8509065e0930921dd271a208ea

SHA1
c332366ed4bb8d3afb8e9e87875b293893c5ab14

SHA256
4cbc0bd06c0bc98d5c7dbee8875aa969a7584c8ad849b9207d4ec37eda39c910

SHA512
057d678e3d8fee090e684c58db6f368df9e9bba29a326567ba604987201dd0acc6df67a0c64ac5f6811e9720836aca3712676b331007cd5227203eb31467277b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5f000b224be4d1adc39e0d4887bfb733

SHA1
40b2d3ee10c75a8519d8d822ee7d644f58781099

SHA256
0002f4708d0594d935a9d546a3558fe7e078eb5a1c3f609a62835551e2979450

SHA512
159b8534d595658b30bb30c22c5819eccb191a367f28df4b73e2779c84426a73f7a2f2bcda85a806bd82d4fe2c21f3d0fe6bf4258b1c7832c9fee329e97071cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dfad8ebfa2cda189049cf32769816d5e

SHA1
8d17e7f7f8f733c6d978472ae7f0d5306cdb613c

SHA256
2a93905b7abb8a0fb90b88142a8c3ec1efc8ecb935ec5893ecf6c6f3e29b988f

SHA512
2ce7b3cd77c2a19622e9bed72e9a6d1a68813039639ca137bd235b228a9c7cdd729207e08efbf0606fdd690e6dc134fa66cd00f552699d459a9d19102db92872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
aa3b34a12a646db0163a6a713cd82514

SHA1
cb759c37f314c86a0ce6913f7605782c1d75e13f

SHA256
b83266e37bf1096502a647bd2c099f3ae28f9aba53bfc66ccb510c34a3a25953

SHA512
a625e3bceda267f9e1081936cd5ca0993d2547425fb3baacd861d5165169833519ecd8e4862cc8c40990358a3eb22e47f6345c44eed2dfe5c34797e250136913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
095995f3a3f39fb7c97e4ac8558b74fe

SHA1
cf7dfbfbad08c03ef4893f8900d2012ef559e286

SHA256
b9f01d8c812d36d2c8b1c2f36762c335131048a87b654be73fd0bca93f76fead

SHA512
e62e815c01755cb18c574fc07e07a52fef56c7aee77d35b0763348765c72e9b218e4e1c3189bcadb054376a4238c64b157c9987448aed88cc6c2dd1568fc7fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3c2398186e3cdb25ede4601503fb05e0

SHA1
8831bf2ec45d6a4fb0ea3ab72bfc658e8df70665

SHA256
3bfebea0761f1b01a4de58483b9d62d6d2040cb0f53802256e8bb8246837e068

SHA512
a2c9836ccf9c45511346168f2978cb6287a2a7bb6c2e2542df8c67da7943600befcc9ea7c4285be26e04e0afc5685135cb6aefc61c92a0e9a14940d37b98e013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3edeee26d7a4a1f8dc7993ec47ecff37

SHA1
9c34a3cba4d25ca93887c267f832a270e7261959

SHA256
42a3e0243264c48182dbce531d711da9decd262223fea8f9d4ac667cc5356ef0

SHA512
6b06c55859135f51ebe161d35d85781c9120e3f5926938ba311e897d676f2fa6f0177b3faee66380bf9a5e037a33dd9af82e9990749c445936688e0e209414bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa8780564dfd9fa32fd6ef4d66e9f16c

SHA1
73345688563953aad0fbf8f918f8a359e7e05234

SHA256
a73e4e140610ea45e43a7266c1fede4ae3829ce5a8d754e539e4270ded656087

SHA512
cc6efb67432eee0090797c3f40ae82f2a56a6148c272e2a320a6a60207028d6f0761383e9ba4d496c1c067f7ea630107eb3289d898e21b5abef4d688230d5608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
158ae3e730f5301ba264319033e8ac54

SHA1
981a15ea1dc9c83c1ad6aa5ce4c1029e61ca80bb

SHA256
1861b3fd03f4909e84a9e0e9ba34f5bd8960ad454bc45301152cc0203dcd62bc

SHA512
3a66143bc85b085bb2b424e3fafb76f811a4530f622cb9dd1724c4294f7c71d4968fc7a1a9d39d96edd40cc6586ba5233f950fa4ac4db92b72b5174d456242b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8747fff39c2d9ff9ab40cb09455850f3

SHA1
e07911a0a6f8ff927011caa74d427b50edcb56f6

SHA256
81994237961c4341594f770970416817ad98e0a99d064327b792a7b611f99619

SHA512
cc6d117dbab1eb74e05f3b3bbd498263b0c4c51245b19da5b0b098d840f746485497434f797b26b11983d32d1e325c90b570a5d94948c7db4bb48e42e741b1b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
923493034f2f3110a534c0e3ee0b6ff6

SHA1
31c1b28686f06e4e0471127fa1709ea5ca3b37c1

SHA256
4de19c05a1bb4cdb39a6baec4ba94d98c277d30cdc183d8554a3cac875d52930

SHA512
ac20aa2929ea6b7792acdffd6ff5d3343ae1f27d9cd238561396d968bd2346bfc9293ff6ced5418459790c440f4e6d9b0f169a413f6a683f65fed689297e6cb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26315b179d898bc64220d1cb19b68296

SHA1
7fdf05299fb3033548ae98d897def07955a27062

SHA256
8d28120b0dde8bf4aa77ee7a41b903ba75e45ca2b52128d2304d072a553c8a58

SHA512
9dd3340460f92925630d42c41b7cf028ccf475c669fe961bace820ca6ef744fc3d19f669b2cae0895820133f6f0586af0924254db6af24ace77f8b73a9d3eb9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d1608a2698175640084fb62f51e26989

SHA1
045f54cd3d57ba9a4d7f9ea915669caf342a34af

SHA256
bc19665f81baba18b1e3ff4eca55242c8d71913821f452c01875503477cc2116

SHA512
e8c022e26b2c7faffc3dc6809e0b4b9f9ef3eb16c282f43300a49c68369e8736b45751d041d74369d3038ded522655c124063ab2c48643c47d61667b93499595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d75a03f2fb3b19738490e3e207f291c

SHA1
fdfd246f3ae6b552da3e720a894ac4a4caf91f84

SHA256
e31b45b7c564c058e6066acf8faaec31a027fb3a287c79e2a39ba15623e70390

SHA512
fd3e54816c159c98c8031f6c826505463ea0e754a8d93d161cb4c10bdd9e4b9ac1b66a48db987c3efd9468c93d21237b2d0374d75bef7cd382da9e62564c1a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01458a0ea410e3717972c6e0444c87dd

SHA1
7eeccea2aeb8f1ec3ae37c47dccf6ddad5bb1c06

SHA256
fa9277736c446a74552ad44aa3cc897de38fc6319d18068d80c3fb3e50977891

SHA512
1c779ff5fb48e0b14700cc613a8887f6d929e555628dcf2914ac1016d7d584e2abb8cf893b747a1787b02d648acb55e660dfbf6bcf13a2bac103107a9cc57123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47dfe33f7ead58b0eac7a8ab01b787e7

SHA1
385ee8d50b6283ce525cf972464c3ecbe592b01d

SHA256
7a5b0bea7f95f10e54409168dca460a80fa53d4b57c2220cf3f3f195ef61fd1c

SHA512
b7b8bae784f3c3effcbea1ee2c29ec09a11be2f46dc4780797f84e039c34ac9ed964d619c3bd7a38f2e2ea69b0ae43bdc8749fc56acec194286d28efe8481308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96d5d03d6ec4d1ebb878fe0a421185bb

SHA1
8c9ca5753c8bfefbad236497850e10e86470fdbb

SHA256
db8e7816ad1c237b48433102d4bca64a85b6f243a19dcb362695d7e4cec99a1b

SHA512
e1fc7c6f97682a775bb7aca5739747bccb5b52e4a1de79b7bc942a87a83970d0c8a2f0fb24ceb85d43884eda8b5f39314eb545585511bde42ee12f0e3e0e6497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09b295b109e9709965524cc97c2c7757

SHA1
6dac455b615fed3c52d6584ba9cb692fc521a376

SHA256
c4340c3b271f768ecc23ad2d67714e66d89e78735123a86550981ee7603ad98e

SHA512
dee97193cd698dc761112bb8e32c80288aa360e22cecdd8e55ca66d5fa8a11db096c21c08597dba3bbec2bbfbbdb7c8ad1c8d952369d58902a47d159d95fa877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
81628ca08db4f0c9873c68ed89b34570

SHA1
c1a6c682e098780fd61eaeaa7e4a7f0b7072518a

SHA256
50c8835f9e7c101afe1db2980dea82dbbcfb9de04a3b346f60d722930e19b6b4

SHA512
8043de9464bc48c841b572b9f921b194ba06dfdb7dc82046a0a1b2a597346d3abb5b5e8ba0138d62fedaf3511b9f47c6fd4b46338e61c690004945e8012015bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d04967315227efc29eec716f84291432

SHA1
668c9e3cf11cf0b40202a0a3edbdcf32edb820eb

SHA256
80ff310685127ae48b24ca4f2936995f8130934cbfb5a3ad2e0bd773f4be66fb

SHA512
caeb78e832a5dd4af99b6d7457cd4d91f5d73ae03e1067738b9400c70ced8f1dea205e5ee3ee7786b40b8bfeb9a6bc7a162265a61f6a4b2ef600b4c65631cd6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1fdbe5ab42329609c8b8d7eee0194028

SHA1
9fd6c6d82a96889a6b9612e07a418d647678e2f4

SHA256
4c4518d44b61b0b6b6c99ed8ede5c7b615601dcb1135d69a77b94b720c57742b

SHA512
450a779ed9c9852857ea2df8f14ad1ab96585de30f7b4410b0203b7170c1d810486b01fdede6c778a3dadf9acb3092be38d9d1c4552a98c793828ce19cf64744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9419a008ca267f195d3caeab2bf0c729

SHA1
9e6aaf4abfb8dbb1f4df75dea0abe7b4b5d16632

SHA256
0a3b8c8ee756701c5207b0f37ce7a41682000885c7527f2f49db5780e0cb2cba

SHA512
fe71a102188bb2efebe69bc0cb6d9e13dbae2fcd86eedfa50adb5e34a13579b174e66643fa8a9c68521600e2f17072cebc628b1c7a0344cf217d87ec7cefd695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
47ab36680a4228ea943bee8f3380a455

SHA1
d3deb63d9010bd2c965f32bfd40edd5a4b11d74c

SHA256
0549c332d528f4edd17b17ba466c18bef5ade48ebf820246c98ed33357b03d70

SHA512
f3d9cced6770a209a1b90ecc01f4e7b13c07edcaadecc88972a49ab8fe971421ff735ee920768c3d9e4740a5c2b19b726e90e8f590d0305fea60cf7a5ee1f93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
cfad8dd79ff21dac41c4195d9cd861d6

SHA1
4586a4256544011f6d0725f7a7154c36e4cde76b

SHA256
076a66a36281fae04a5f06beec72a4dbddf93f8a1667ea29bfd4433f6e92bb07

SHA512
75b03e6ceb3462b679ebacbd8c7fc8994f80cb8971c2325978b05db5155399aa8cdc5f69c50726c2b0f537a4a16e121acfdfec4563d92efb15da84c967b70283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
8c29cafcb07b4ff647fb07f36a29a66d

SHA1
728fd50d3793eded38e193ed3a023cd45715ecd3

SHA256
24c17c224a8c924049b7f3f9448e326260d47fde4ca8d95c889d2f7eed19d018

SHA512
8025a63d45631c1ccb1d5230b6b7b3c54eee07f605b3f882a7e2766ddc5c304e871b80405952011fed925b7256e771a54c02ad5b145ef6814ff32f53e4d5cfb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
aec10716bcedcc0e1eb3b24bd9596d00

SHA1
4e5a1b860407c354a7af1b5abd882594df069c5e

SHA256
121d6e5b9e2bb43f964b6a5ace123f02aeea9c8729972c4fd2d28fa6c4a351bc

SHA512
20286aaec733eb87e7bee913254a0e5e15179939c341a2353e22f0d6fca6414854bdb7b1b743f6c700da40ef419144d0fc7373d5d2ea9ec422933c81f41e5657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
fd78fd863e6f665aba2dcb2cdc558716

SHA1
a2717715e2fff9353524e177a95e0b3ecfed07d1

SHA256
42280af3dbed66db71516d35476c50d143bde9d6111294d906f13beae72e6c83

SHA512
eaf3e3499afe1ee6f02d05255b03b2a0395ee69180f07fdff1d4cc150268dd28f2fe781254d77543931b6513c6e31626abda87e54c4f08c5e52c8f1bb7bd6cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
4edef97c5dd037e50c4098b4e96c2967

SHA1
1fdc00da8686ed683f0d92e3267e4b2eb8eda1d0

SHA256
774a5ec3d67ec9ca7fb1331151c4b4833e9d839a032548625a73070bd15a4688

SHA512
e75278c1451353b784f37f2b5ec5f9f38eb8fbef4fac4abbc19822575e08454a405a1e40b2b3ca7a708b7e479573f9c21738523eae50c43ba7626842e0576a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
54da4a354120df92f6e1188cbb7b8fa3

SHA1
4128db71c866fa33ae01fcdac452556faf868065

SHA256
1e86acdb665e68a11ed9451422f8363d263187d00134f7f32b8e7b1d7a15ac30

SHA512
8f9d61ba79227a7ac12308fa85c15c42616b374169b7724cacdeab0c1ce80893dbf30924e7b2d1421018a790fd2e11e3cb72e1f10c68d0ea112cf20860fe4cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
e509e565a1ad1858168804192230d910

SHA1
2dcdb2bf0651889554d6a28d798d245c8129f98c

SHA256
e0f62799a3d77c6f5583143de11b4482ce65125b4945a5fe80be180c2523ad05

SHA512
7ba63b1e87fce0852f3ba16be8c4662144d3b7e904dbb1b420c7c21fe9ec765e0529bbec55f0adaf2916a64c59af2df70c8dde4013e229b08ec05e5e973b058e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c956.TMP

Filesize
97KB

MD5
b2dee0993a5b3a8d9ebff5f82ffd4997

SHA1
71aa97cf9654c69c464da0c5fbc507f364283f41

SHA256
ec95cff3e167ef77d016cb27c83938f1910faae7fb36bc66dc3fd5c87e492830

SHA512
9c52a1a07f0bb1a63de36e5ed954e6a585b600d4036d4e4b0660157d5b2824eb8314a37c04de07ddad375073f4302130acc13e194fb9e7a0533bf31983557fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PKO26YQG\microsoft.windows[1].xml

Filesize
96B

MD5
3dee3add8acc4023ea038e6e3e9a2ce9

SHA1
8f3c4cc3d102e2d365f38c9e8af891f7accab420

SHA256
18be1965ebf3d45d54059b2a7b009f8065ae1e511e17f85954a2508d1ee2d247

SHA512
6aae34d1ac73ff540031baf20ddf2ee9e84da02c5c1fa3c8547cd0ef14d7537e41f57c4e31b28f2e15e64a461f62a207473dd527c92ed23f9ee9731f679bea6e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PKO26YQG\microsoft.windows[1].xml

Filesize
96B

MD5
3dee3add8acc4023ea038e6e3e9a2ce9

SHA1
8f3c4cc3d102e2d365f38c9e8af891f7accab420

SHA256
18be1965ebf3d45d54059b2a7b009f8065ae1e511e17f85954a2508d1ee2d247

SHA512
6aae34d1ac73ff540031baf20ddf2ee9e84da02c5c1fa3c8547cd0ef14d7537e41f57c4e31b28f2e15e64a461f62a207473dd527c92ed23f9ee9731f679bea6e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PKO26YQG\microsoft.windows[1].xml

Filesize
96B

MD5
3dee3add8acc4023ea038e6e3e9a2ce9

SHA1
8f3c4cc3d102e2d365f38c9e8af891f7accab420

SHA256
18be1965ebf3d45d54059b2a7b009f8065ae1e511e17f85954a2508d1ee2d247

SHA512
6aae34d1ac73ff540031baf20ddf2ee9e84da02c5c1fa3c8547cd0ef14d7537e41f57c4e31b28f2e15e64a461f62a207473dd527c92ed23f9ee9731f679bea6e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PKO26YQG\microsoft.windows[1].xml

Filesize
96B

MD5
3dee3add8acc4023ea038e6e3e9a2ce9

SHA1
8f3c4cc3d102e2d365f38c9e8af891f7accab420

SHA256
18be1965ebf3d45d54059b2a7b009f8065ae1e511e17f85954a2508d1ee2d247

SHA512
6aae34d1ac73ff540031baf20ddf2ee9e84da02c5c1fa3c8547cd0ef14d7537e41f57c4e31b28f2e15e64a461f62a207473dd527c92ed23f9ee9731f679bea6e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PKO26YQG\microsoft.windows[1].xml

Filesize
96B

MD5
3dee3add8acc4023ea038e6e3e9a2ce9

SHA1
8f3c4cc3d102e2d365f38c9e8af891f7accab420

SHA256
18be1965ebf3d45d54059b2a7b009f8065ae1e511e17f85954a2508d1ee2d247

SHA512
6aae34d1ac73ff540031baf20ddf2ee9e84da02c5c1fa3c8547cd0ef14d7537e41f57c4e31b28f2e15e64a461f62a207473dd527c92ed23f9ee9731f679bea6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll

Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\1a5fdae6-8f46-4b8b-a738-d6572f690d43\AgileDotNetRT.dll

Filesize
94KB

MD5
14ff402962ad21b78ae0b4c43cd1f194

SHA1
f8a510eb26666e875a5bdd1cadad40602763ad72

SHA256
fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

SHA512
daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp5AE9.tmp.bat

Filesize
195B

MD5
468ca13d2d11e169c8d502e366cdacba

SHA1
e8da6d8b28eacb0f86a50696adf5e530bd9a2b7c

SHA256
46f1078ee6f65bdf0a422b5934edf00e444c18cdc1399fa0d523d7b4ce1aa54f

SHA512
e1548407d705a8df4bda698dc068072b0ca40b07cca7b9240b4ae02c292efd4254c96a4c178554a479e09f5b6c83bc9a99d34f38a1e18cd73943299b13c880ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe

Filesize
793KB

MD5
835d21dc5baa96f1ce1bf6b66d92d637

SHA1
e0fb2a01a9859f0d2c983b3850c76f8512817e2d

SHA256
e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319

SHA512
747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87

Download Submit
C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe

Filesize
793KB

MD5
835d21dc5baa96f1ce1bf6b66d92d637

SHA1
e0fb2a01a9859f0d2c983b3850c76f8512817e2d

SHA256
e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319

SHA512
747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87

Download Submit
C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe

Filesize
793KB

MD5
835d21dc5baa96f1ce1bf6b66d92d637

SHA1
e0fb2a01a9859f0d2c983b3850c76f8512817e2d

SHA256
e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319

SHA512
747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
f99322845d700aae86935eeb31e5e19a

SHA1
f4c7bd2f146d6bed939c22d1bec45cb256591504

SHA256
e7eef342512a9fcb8ca089f51889a381a4fe372bf49d572905f699e9b8a5f364

SHA512
a85c4371c3d376784dbca92ad7b9740a109adee63d7914d6ee0a21247d9e2e39c498fe337573dff96ef36f92a56e2dd1d43e6ee282c080679b637be7459b46dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
f89cd579d7f4aaf48ca0ea128b3912f7

SHA1
56727d4d316a3f225e59591fd243900c956b6883

SHA256
1c2ac389aecb4816520dc7b00874847ceb84772de88b96d94e2aef52edf08908

SHA512
ab390e6053f966d9cec5ff847361faf5de396bcf4b6f33dab579a8d733c28beb072306af2275b8c9bcd444953274684fcffcc86d9a613b2b22e951a1b08e0409

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
bb484614f43655a610c4adbb1b17c39e

SHA1
480759ec606b3102a92efc4873e436ac4ebd64bf

SHA256
7084a6504e9a0ff523153c829e8cf280d52f4954a1be40f276c3b779866f4864

SHA512
76514b1d604f5697ce90d52d5fab887f882583a5579e738e93d5cc3b0b900749495c6c15a9e1a52f78ed46d7626b298811155af40aa4e87ff9d948ae80920f6c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
532c2dc634a411cf4a0e1f309384d967

SHA1
ebf350bb270ec5d0fc011d8a118d356c88c83287

SHA256
e6db86d71f45c7ab7e3a40b70fd897b740048e493810c8ce1da1ffbed8be7849

SHA512
067630c391ae54e214a4ccb521c2eb51ccec8a28a8132b18b5c117dce7e4d3b59a16f2c90fadb7739e819e2b9d8b14d874af51a659fd2c67393be4bbf8d84bd5

Download Submit
C:\Users\Admin\Desktop\XHVNC-Client.exe

Filesize
61KB

MD5
445a5e07dcacedbd1ecb3cfec15bcd68

SHA1
196aaebd95924455c5b10c81a205bc8e1c4dd0cb

SHA256
aaaf735fcfe2badc77a89518201043e3cdf01a84d6c7e0249359c35291ed7aaa

SHA512
09593b4c933e0495c6168813d1d02a0079817b1070867f9edaba4741d2aa34ec818f11e731dce1fcc2aee14138f94a4949d22b1dc1c8d71ca9a66d0b29b98f89

Download Submit
C:\Users\Admin\Desktop\XHVNC-Client.exe

Filesize
61KB

MD5
445a5e07dcacedbd1ecb3cfec15bcd68

SHA1
196aaebd95924455c5b10c81a205bc8e1c4dd0cb

SHA256
aaaf735fcfe2badc77a89518201043e3cdf01a84d6c7e0249359c35291ed7aaa

SHA512
09593b4c933e0495c6168813d1d02a0079817b1070867f9edaba4741d2aa34ec818f11e731dce1fcc2aee14138f94a4949d22b1dc1c8d71ca9a66d0b29b98f89

Download Submit
C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool- (1).htm

Filesize
206KB

MD5
1871b2f46f144a3e2df92fa6b06515ce

SHA1
d05427a4e955ac6529dec035ee2c486d45022c8b

SHA256
f2d274540230cba2b31f155b0b6b9a97b63ad9f16f0aa3dc96897e9946b8dc0a

SHA512
81dbed9405d79643ce58732ac97f57a3947e476a061fc879300f2598452c89f7b86a0ecaec02e16b87d5a95dad9635dca6dff11170661a53536dc274aacbca25

Download Submit
C:\Users\Static\wsappx.exe

Filesize
793KB

MD5
835d21dc5baa96f1ce1bf6b66d92d637

SHA1
e0fb2a01a9859f0d2c983b3850c76f8512817e2d

SHA256
e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319

SHA512
747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87

Download Submit
C:\Users\Static\wsappx.exe

Filesize
793KB

MD5
835d21dc5baa96f1ce1bf6b66d92d637

SHA1
e0fb2a01a9859f0d2c983b3850c76f8512817e2d

SHA256
e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319

SHA512
747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87

Download Submit
\??\pipe\crashpad_3504_SJAFPQQGAQBSRFDT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/780-619-0x0000029BFD600000-0x0000029BFD620000-memory.dmp

Filesize
128KB

Download
memory/780-617-0x0000029BFD640000-0x0000029BFD660000-memory.dmp

Filesize
128KB

Download
memory/780-621-0x0000029BFDA10000-0x0000029BFDA30000-memory.dmp

Filesize
128KB

Download
memory/1664-715-0x00000235B2D30000-0x00000235B2D40000-memory.dmp

Filesize
64KB

Download
memory/1664-712-0x00000235B2880000-0x00000235B294C000-memory.dmp

Filesize
816KB

Download
memory/1664-713-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/1664-747-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/1784-603-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1784-653-0x0000000004860000-0x0000000004870000-memory.dmp

Filesize
64KB

Download
memory/1784-639-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/1784-607-0x0000000004860000-0x0000000004870000-memory.dmp

Filesize
64KB

Download
memory/1784-606-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/1912-661-0x00000282FD360000-0x00000282FD380000-memory.dmp

Filesize
128KB

Download
memory/1912-665-0x00000282FD730000-0x00000282FD750000-memory.dmp

Filesize
128KB

Download
memory/1912-663-0x00000282FD320000-0x00000282FD340000-memory.dmp

Filesize
128KB

Download
memory/2300-42-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/2300-51-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/2300-40-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/2300-49-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/2300-41-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/2300-50-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/2300-48-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/2300-47-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/2300-46-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/2300-52-0x00000233149D0000-0x00000233149D1000-memory.dmp

Filesize
4KB

Download
memory/3056-766-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/3056-764-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/3696-641-0x0000015B527C0000-0x0000015B527E0000-memory.dmp

Filesize
128KB

Download
memory/3696-638-0x0000015B52B00000-0x0000015B52B20000-memory.dmp

Filesize
128KB

Download
memory/3696-643-0x00000163542C0000-0x00000163542E0000-memory.dmp

Filesize
128KB

Download
memory/3700-611-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/4200-580-0x0000000005CB0000-0x0000000005CBA000-memory.dmp

Filesize
40KB

Download
memory/4200-591-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

Filesize
64KB

Download
memory/4200-579-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

Filesize
64KB

Download
memory/4200-581-0x0000000006060000-0x0000000006284000-memory.dmp

Filesize
2.1MB

Download
memory/4200-589-0x00000000733A0000-0x0000000073429000-memory.dmp

Filesize
548KB

Download
memory/4200-590-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

Filesize
64KB

Download
memory/4200-760-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/4200-761-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/4200-578-0x0000000005010000-0x0000000005076000-memory.dmp

Filesize
408KB

Download
memory/4200-592-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/4200-593-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

Filesize
64KB

Download
memory/4200-676-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/4200-572-0x00000000002C0000-0x00000000004AA000-memory.dmp

Filesize
1.9MB

Download
memory/4200-573-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/4200-574-0x00000000053E0000-0x0000000005984000-memory.dmp

Filesize
5.6MB

Download
memory/4200-575-0x0000000004ED0000-0x0000000004F62000-memory.dmp

Filesize
584KB

Download
memory/4200-576-0x0000000004F70000-0x000000000500C000-memory.dmp

Filesize
624KB

Download
memory/4200-596-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

Filesize
64KB

Download
memory/4200-595-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

Filesize
64KB

Download
memory/4200-594-0x000000000A350000-0x000000000A470000-memory.dmp

Filesize
1.1MB

Download
memory/4408-751-0x000001A8603A0000-0x000001A8603A1000-memory.dmp

Filesize
4KB

Download
memory/4408-752-0x000001A8603A0000-0x000001A8603A1000-memory.dmp

Filesize
4KB

Download
memory/4408-753-0x000001A8603A0000-0x000001A8603A1000-memory.dmp

Filesize
4KB

Download
memory/4408-742-0x000001A8603A0000-0x000001A8603A1000-memory.dmp

Filesize
4KB

Download
memory/4408-743-0x000001A8603A0000-0x000001A8603A1000-memory.dmp

Filesize
4KB

Download
memory/4408-741-0x000001A8603A0000-0x000001A8603A1000-memory.dmp

Filesize
4KB

Download
memory/4408-749-0x000001A8603A0000-0x000001A8603A1000-memory.dmp

Filesize
4KB

Download
memory/4408-755-0x000001A8603A0000-0x000001A8603A1000-memory.dmp

Filesize
4KB

Download
memory/4408-754-0x000001A8603A0000-0x000001A8603A1000-memory.dmp

Filesize
4KB

Download
memory/4516-543-0x00007FFC3B3B0000-0x00007FFC3BE71000-memory.dmp

Filesize
10.8MB

Download
memory/4516-577-0x00007FFC3B3B0000-0x00007FFC3BE71000-memory.dmp

Filesize
10.8MB

Download
memory/4516-562-0x000000001B050000-0x000000001B060000-memory.dmp

Filesize
64KB

Download
memory/4516-542-0x0000000000370000-0x0000000000382000-memory.dmp

Filesize
72KB

Download
memory/4592-688-0x0000019ABE110000-0x0000019ABE130000-memory.dmp

Filesize
128KB

Download
memory/4592-684-0x0000019ABDC90000-0x0000019ABDCB0000-memory.dmp

Filesize
128KB

Download
memory/4592-686-0x0000019ABDC50000-0x0000019ABDC70000-memory.dmp

Filesize
128KB

Download
memory/4692-600-0x00000000006C0000-0x00000000006D6000-memory.dmp

Filesize
88KB

Download
memory/4692-601-0x00007FFC3B3B0000-0x00007FFC3BE71000-memory.dmp

Filesize
10.8MB

Download
memory/4692-602-0x0000000000CB0000-0x0000000000CC0000-memory.dmp

Filesize
64KB

Download
memory/4692-605-0x00007FFC3B3B0000-0x00007FFC3BE71000-memory.dmp

Filesize
10.8MB

Download
memory/4852-700-0x0000027975720000-0x0000027975730000-memory.dmp

Filesize
64KB

Download
memory/4852-737-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/4852-699-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/4852-698-0x0000027973630000-0x000002797396E000-memory.dmp

Filesize
3.2MB

Download
memory/4852-736-0x0000027976000000-0x000002797600A000-memory.dmp

Filesize
40KB

Download
memory/4876-765-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/4876-763-0x00000267B9530000-0x00000267B9540000-memory.dmp

Filesize
64KB

Download
memory/4876-762-0x00007FFC44740000-0x00007FFC45201000-memory.dmp

Filesize
10.8MB

Download
memory/5112-722-0x0000026DEE390000-0x0000026DEE3B0000-memory.dmp

Filesize
128KB

Download
memory/5112-724-0x0000026DEE6A0000-0x0000026DEE6C0000-memory.dmp

Filesize
128KB

Download
memory/5112-726-0x0000026DEE6E0000-0x0000026DEE700000-memory.dmp

Filesize
128KB

Download