Malware Analysis Report

2025-01-18 02:37

Sample ID 240125-szekeaagbk
Target 321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18
SHA256 321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18
Tags
kinsing discovery loader evasion trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18

Threat Level: Known bad

The file 321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18 was found to be: Known bad.

Malicious Activity Summary

kinsing discovery loader evasion trojan

Kinsing

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks whether UAC is enabled

Drops desktop.ini file(s)

Checks installed software on the system

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

NTFS ADS

Enumerates system info in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-25 15:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-25 15:33

Reported

2024-01-25 15:36

Platform

win10v2004-20231222-en

Max time kernel

147s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe"

Signatures

Kinsing

loader kinsing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Program Files\zabkat\xplorer2_ult\snap2\desktop.ini C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\zabkat\xplorer2_ult\snap2\15-details.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\23-progress.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\45-msdos.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\box_bs.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\rightdrag.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\37-stats.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\adstag.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\bulkattr.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\miniopt.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\recorder.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\uncida.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\20a-editcc.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\5-cmdfinder.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\52-custool.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\error.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\filtermenu.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\titlebar.gif C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\X2.LIC C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe N/A
File opened for modification C:\Program Files\zabkat\xplorer2_ult\editor2_64.exe.manifest C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\sendto.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\warn.gif C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\registry.txt C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\x2skin_48.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\48-macro.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\path1.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\changes.txt C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\31-comments.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\stats-menu.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\tagmenu.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\add2index.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\commentsd.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\delprogr.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\info.gif C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\renmode.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\ed2skin_XL.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\lay-thumb.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\scrap-context.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\scrap-header.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\x2args.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\licerr.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\12-cgroup.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\opt-adv.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\optserts.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File opened for modification C:\Program Files\zabkat\xplorer2_ult\msimg32.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\addressbar.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\mini-search.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\zabkat_grligo.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File opened for modification C:\Program Files\zabkat\xplorer2_ult\X2.LIC C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\39-duplex.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\54-advopt.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\export2.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\lay-default.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\opendlg.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\sendtoscrap.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\undo.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\3264.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\datefmt.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\dlghelp.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\51-accel.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\qvmenu.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\11-columns.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\40-simpix.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\cpoptions.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\grp2dir.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\shell\open C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ddeexec\ = "[ViewFolder_X2(\"%L\", %I)]" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2\ddeexec\application C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\DefaultIcon C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\command\ = "\"C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe\" /M /E \"%1\"" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ddeexec\application\ = "Folders_X2" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\DefaultIcon C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\shell\open\command C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.x2fnd C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\DefaultIcon\ = "C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe,-360" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2\command C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.x2fnd\ = "xpl2.Search" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\shell C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\shell\open\command\ = "\"C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe\" /F:1 /M \"/L:%1\"" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cida C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\shell\open C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\shell\open\command\ = "\"C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe\" /F:1 /M \"%1\"" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\DefaultIcon\ = "C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe,-270" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\shell C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\ = "xplorer² scrap document" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\shell\open\command C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\ = "xplorer² saved search" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ddeexec\topic\ = "AppProperties" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cida\ = "x2scrap.Document" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ColumnHandlers C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2 C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ = "Open with xplorer²" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2\ddeexec C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ddeexec\NoActivateHandler C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2\ddeexec\topic C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4084 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 4084 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 4084 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 4084 wrote to memory of 5736 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe
PID 4084 wrote to memory of 5736 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe
PID 4084 wrote to memory of 5200 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 5200 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5200 wrote to memory of 896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe

"C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe" /S

C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7dcb46f8,0x7ffe7dcb4708,0x7ffe7dcb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cybermania.ws/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9695337798439683604,5950452349046221204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3792 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.cybermania.ws udp
US 172.67.158.91:443 www.cybermania.ws tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 91.158.67.172.in-addr.arpa udp
GB 216.58.201.110:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 cybermania.ws udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 discord.gg udp
US 8.8.8.8:53 rf.revolvermaps.com udp
US 8.8.8.8:53 storage.ko-fi.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.26.21:443 storage.ko-fi.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
DE 185.44.104.99:443 rf.revolvermaps.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.187.195:443 www.google.co.uk tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 40.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.26.67.172.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 99.104.44.185.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
DE 185.44.104.99:443 rf.revolvermaps.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe

MD5 e4b0fc4f97e3fe17c7ac3fed8e1e0edc
SHA1 729eb709cabb47a25aa76e2c875f692bf217077c
SHA256 7b4ef1ced5af1eecb5b6560883f8cc1ee8083c13a673cf6092b43e68de7fcb8f
SHA512 84edf3fe95b556cb5ff18ad63be85d1450304c7d1ab1749ba0dbdc6a7e00c794b5a08fe3760004c764e7150f41b466947af6fddc3e302fab7b5b6c33b0af932b

C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe

MD5 53873c2161f6ec6f84752737896b50c4
SHA1 3a27f7c042d1f6392ec454211157dee570a886de
SHA256 aea7fc51379ebc8f2e987ed956cf36695a449a39392fc4b7bc9d5d25d329d43d
SHA512 b78fe827245499235324ccd90978b1164825a2acf4ef83888778790c273acf0f42cce6687b5ee4387eae0894e2b462d3a39f3c638bcc386bbe216af010b8e62b

C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe

MD5 5aa3a2d21fa507da06c646f83faae937
SHA1 edacf50fb936eab3cb86e577e870d349947c87d8
SHA256 382954e0c0758b2f29768a5d44215a7a15e582dc258595bc35b286580074d480
SHA512 e52d827d561d9cf851e9e833f00d3391dd153f43d4e41541ff077a179dffddba94004d4c7be4416c7043d0d943da96297dca1598c15c02ef43f7338cc4ecf5b4

C:\Users\Admin\AppData\Local\Temp\nso5064.tmp\System.dll

MD5 564bb0373067e1785cba7e4c24aab4bf
SHA1 7c9416a01d821b10b2eef97b80899d24014d6fc1
SHA256 7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
SHA512 22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

C:\Users\Admin\AppData\Local\Temp\nso5064.tmp\InstallOptions.dll

MD5 0a9fb96a7579b685ec36b17fc354e6a3
SHA1 355754104dd47d5fcf8918dee0dc2e2ee53390a6
SHA256 b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7
SHA512 67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

C:\Users\Admin\AppData\Local\Temp\nso5064.tmp\UserInfo.dll

MD5 98ff85b635d9114a9f6a0cd7b9b649d0
SHA1 7a51b13aa86a445a2161fa1a567cdaecaa5c97c4
SHA256 933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de
SHA512 562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a

C:\Users\Admin\AppData\Local\Temp\nso5064.tmp\x2.ini

MD5 dcb49302dc7f091a672798d262ffc1ff
SHA1 3d1c00355392482066e844ca07742890245e644b
SHA256 265528bb583808d162e30c9dfc424ce2cc77faf8a51b112205c3f796de11ca3b
SHA512 0e57f07b1a4302c28e953c2a3b268b6e3732dc8cd87ce473ec0ebc363c6399a05def65fa2ce0ad84672546bc47202d195314d268c9e090a0c4a91919ba226a58

C:\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe

MD5 6d720e9be10f7b2342c10ce349c3cee5
SHA1 413f080c9fcb708dd6a60a599b1ea9337ddcc40a
SHA256 0206428a7a4c609cb3db5f293975b087b2c305433b248dcbcab6761841f57187
SHA512 a36f13d36b51f077fcaa8e2c39a5ece3b6c1e4756913b4c47ab82946ac663a253a8b132427007f582edfbf1df46cd0b61a39dc28db45a29944aa2efbc3967151

C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe

MD5 f87ace7db22a97590b798a3e7ad12c5d
SHA1 0c15f371357fbfe8013c2cbe863359633efb5710
SHA256 e9470864b10746943b4a1d77c88a98a21e646db7144b5b0f894873414e8fe55c
SHA512 2875eafa1dec2662bc55ad0268c4f32282db106eeba8f8f70c261afc62fe3c6ec2ccbf32e27bd1a4d98769d62599ad76632abf3af8f9db6a5f0eaed3acf1a852

C:\Users\Admin\AppData\Local\Temp\RarSFX0\CyberMania.url

MD5 f89e823b83f9edc863ae9e35ea0a5949
SHA1 12db7e3d70e47bd97df335c74cd7323dc48a778d
SHA256 7fba1e8849a88298272be247c2b22ef4a50ac1bc4c83a4c02848bc131e622088
SHA512 d3e297af4eeeb3b8201381fddc426c33ab543db80c0da2ef7ee000ad773cf6895d7221ec17b95806377ea74488f8db7354e23d13c43d87599f6b02631e379d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1386433ecc349475d39fb1e4f9e149a0
SHA1 f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256 a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512 fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

\??\pipe\LOCAL\crashpad_5200_AFDNZJTWBBCRNFVZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f2002f442a3b27747bae836ea9ec768c
SHA1 3d68514f25014bb1e3f7c7656dfcf992ac0b6cab
SHA256 6382e0b520d296ed28176596f417008149c3b02f7439bb7f32e68c407cb9c794
SHA512 0d912eeab4feb0765fbf13f77b5489b1dfc3b5e0ca5034d6f7e14c2ea83983c13de0756f78798a51518797b3263d79a1db96cd9fc7e0577ce24419e4dc773a82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 0c7ef59afdbbc7cc0dc3e70c4eca9b69
SHA1 b3d035b90560c0e5ec12729da4b2a76df44f9cc1
SHA256 5839a2f606e940647c583cf02c85e79342d111931ce88741bcef187046efb6e0
SHA512 f647303c4828f6da298575c44c6c6eae6dddb3006a3a9145aa2df1afaae5ccbd4e77cd821868dd38895db64740d17ec1beeb347a6ccc9b4b91a181cd15aa9153

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5a359c765b9677b360627bf896e71ba9
SHA1 eeb033c597b3da40460c052c7e319d82444829ad
SHA256 a39cfefb3bd85a8baf34fff3524127443fe14a8a290f0c9a1ada5892e199e7a1
SHA512 0494e685671ccbf9e5e6022c11eb139a5a1a3baba30a975d65ace706ec74dc39aeb34cf34ff6c75db700587f035705cda05c88e438a39586a90c9b805fe3fd93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0cebb7d305f7e9c12879be1f96a214cf
SHA1 b768a4bc33d3cdac1ad965e3407c7d3824fd651f
SHA256 279f4dc599e77e7e5436b831188899e70765c4cf7f3c10733ed398a364c95470
SHA512 27b538c220e51e1f9dd7b4d605a7fc926442621aa34050bd7aca4936b896668b4a8657b35ab642817ee217316b6aa7c66d44d99611aed4838456c4c0b8756733

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e664066e3aa135f185ed1c194b9fa1f8
SHA1 358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA256 86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA512 58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f9e2604f6b6a13125130a4494dc4a529
SHA1 d58b28d9b1ce92054333c2e079f27206adedccda
SHA256 b17785f62aed9396b1bfe13612b796268e57329906fecea11b9c094cc93965c5
SHA512 fec80186a752877f3e8463c33ab04488c6a89ec0202f8fb68b12c4ee374196e208907d99bad2f16df0bff9007c811ac5503a9de60d80a9ee345c7c0730f0ca1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c74e0057b3cb79a7f0a8f829d35862ce
SHA1 736a0b5c995b4a75cbaf7eb008af95256f16c6b2
SHA256 a33e4fdc04f4d9884959340b7f6fb9cc73120fb733936a6d22404c818063f079
SHA512 f1de15a389cfaccd5ed743137e45139b0237441085b902243654e8fd22dac3bb52c819cff05813ec98566aa232802a9ddd740e4b684f53d8f597100cdf595ccb

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-25 15:33

Reported

2024-01-25 15:36

Platform

win7-20231129-en

Max time kernel

145s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe"

Signatures

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Program Files\zabkat\xplorer2_ult\snap2\desktop.ini C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\zabkat\xplorer2_ult\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\53-x2org.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\commentsd.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\x2tips.txt C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\43-find.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\progress.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\opt-general.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\sendto.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\titlebar.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\group1.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\headersort.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\hierarchy.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\x2menu.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\x2ult.gif C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\sb_status.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\tree-bgm.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\Broker32.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\ed2skin_XL.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\11-columns.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\52-custool.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\daterule.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\renwarning.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\delprogr.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\30-split.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\48-macro.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\47-ucmd.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\miniopt.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\tb_menu.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\X2.LIC C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\14-preview.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\27-massren.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\icons.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File opened for modification C:\Program Files\zabkat\xplorer2_ult\msimg32.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\desktop.ini C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\zoomtb.jpg C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\x2skin_XL.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\32-sync.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\additional.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\45-msdos.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\add2index.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\scrap-header.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\sendtoscrap.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\xls.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\x2tips.rtf C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\filtermenu.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\x2skin_48.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\autohide.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\drag-ani.gif C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\error.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\10-modes.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\44-fastfind.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\41-fuzzy.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\Editor2.txt C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\31-comments.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\export2.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File opened for modification C:\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe.manifest C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\copypaste.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\zipinfo.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\16-grep.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\datefmt.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\textrule.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\box_bs.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\licerr.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
File created C:\Program Files\zabkat\xplorer2_ult\snap2\unblacklist.png C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412358685" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ac8cf2a34fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d78000000000200000000001066000000010000200000004102a45e7fcd13c6f158f1a2d585261cb76a71536a3f3b270b1446b2550ea9ec000000000e80000000020000200000003cf72de92c56680eaa7af87c02cf2fc589ee55e5bc7dec33c1b21998d00d25f790000000054d5e74d21122993a898b4fda0ca4b27da28f77c7d276cf016261fda6d8ab504b8ede9b03dadfcc8bd8bd739b2259065cb8aedace7b207f798e760c385fb846c7b5fa9025d5a6272031c8bd5c2f3584bd8bbc0c6ee5c597c5bb2e602616a0bd14fbc15cf5b3c867c4fc0fad1191ae8d2cfdffeb6d7278eff83a3b37d17c1168b9d45a73390ac0ad0b3ab9767d36574040000000e33d634a488c0d441eb53da19d92854f23cee0ba2466dacb84033176539f8b4f9d792609fc53b9e4902f590a5ca105dbc518f37285f76b7075741c98d1a0553c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C41B4A1-BB97-11EE-B9A1-EE87AAC3DDB6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\cybermania.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\cybermania.ws\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000f0d749697ae427fa0aa513ca7b92ca13d8db5e5bbc117bdc85c87093892e4011000000000e8000000002000020000000d0f9928dee3202c21a03683205a47b9be1c4237c7214f214f357c78432270c28200000009addbb1042c8615b4a840a73a82f524b9ed801037a4537873f4e6e1dd880dbf8400000008b170389c1af7171453c1e820ff89c10a8632a8bec095c30ff73270600c5d9a128d14c42f50628019217f628721395ec37b0dd89d4c07f93dcf829f9424709d4 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\shell\open\command C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\shell\open\command\ = "\"C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe\" /F:1 /M \"%1\"" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\DefaultIcon\ = "C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe,-270" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\DefaultIcon\ = "C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe,-360" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ddeexec\NoActivateHandler C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.x2fnd\ = "xpl2.Search" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\shell\open\command C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\shell C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ = "Open with xplorer²" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ddeexec\application\ = "Folders_X2" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cida\ = "x2scrap.Document" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2\ddeexec C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ddeexec\ = "[ViewFolder_X2(\"%L\", %I)]" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2\ddeexec\application C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\ = "xplorer² saved search" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2\command C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\ddeexec\topic\ = "AppProperties" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ColumnHandlers\ C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\shell\open C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.x2fnd C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\shell\open C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\shell\open\command\ = "\"C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe\" /F:1 /M \"/L:%1\"" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cida C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\ = "xplorer² scrap document" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ColumnHandlers C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\open_x2\command\ = "\"C:\\Program Files\\zabkat\\xplorer2_ult\\xplorer2_64.exe\" /M /E \"%1\"" C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2\ddeexec\topic C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shell\open_x2 C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\shell C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x2scrap.Document\DefaultIcon C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\xpl2.Search\DefaultIcon C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Temp\RarSFX0\CyberMania.URL:favicon C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File created C:\Users\Admin\AppData\Local\Temp\www22BC.tmp\:favicon:$DATA C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1420 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 1420 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 1420 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 1420 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 1420 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 1420 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 1420 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe
PID 1420 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe
PID 1420 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe
PID 1420 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe
PID 352 wrote to memory of 1092 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 352 wrote to memory of 1092 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 352 wrote to memory of 1092 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 352 wrote to memory of 1092 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe

"C:\Users\Admin\AppData\Local\Temp\321c221f6886487af722f5130018f7d4e259e1ce1f4c5ba1e1b820fbc8cecd18.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe" /S

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:352 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.cybermania.ws udp
US 104.21.74.121:443 www.cybermania.ws tcp
US 104.21.74.121:443 www.cybermania.ws tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 104.21.74.121:443 www.cybermania.ws tcp
US 104.21.74.121:443 www.cybermania.ws tcp
US 8.8.8.8:53 cybermania.ws udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 storage.ko-fi.com udp
US 104.21.74.121:443 cybermania.ws tcp
US 104.21.74.121:443 cybermania.ws tcp
US 8.8.8.8:53 rf.revolvermaps.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
GB 216.58.201.110:443 fundingchoicesmessages.google.com tcp
GB 216.58.201.110:443 fundingchoicesmessages.google.com tcp
DE 185.44.104.99:443 rf.revolvermaps.com tcp
DE 185.44.104.99:443 rf.revolvermaps.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 104.21.74.121:443 cybermania.ws tcp
US 104.21.74.121:443 cybermania.ws tcp
US 172.67.26.21:443 storage.ko-fi.com tcp
US 172.67.26.21:443 storage.ko-fi.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.187.195:443 www.google.co.uk tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 142.250.187.195:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.180.1:443 tcp
GB 142.250.180.1:443 tcp
GB 92.123.128.137:80 www.bing.com tcp
GB 92.123.128.137:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe

MD5 774a3f003525c57d471a2e8d31d17013
SHA1 2cfd926d6ed81e7572d741cdb678d78ab4899dde
SHA256 450c93fcf4c438b9eeb92eeee37afbce7298ec88fc771d5b77cc6ff395143529
SHA512 93303248c1851414bd1f82bdfdf0b59ad8ac88bb8636138840ccf024c30878344623ed8cc2abf11fe1bdf28894972d68b4bb25b33b02a4697d5b1357e4027397

C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe

MD5 2e3b7f568921ab6c5f33c20b15761806
SHA1 5910fb0dd52e76cf0776c04abcdda3c755e2a797
SHA256 0883a0aa0e3d82f92a2c523be75822d00f353bbcda939b85bf9fe25106b80c96
SHA512 bc172ca2c9b69ea023175643d1480da4ab4d504ce1c4782f3c3b1b04df732548d598878d4718922700e73739d3a22bf4f0001a12e776c7cde183817f630ac123

C:\Users\Admin\AppData\Local\Temp\RarSFX0\xplorer2_setup64_ult.exe

MD5 696607162a0847e068d23b29f2e56397
SHA1 63a1eed7db21f221bb753596265f3526b0f8c7eb
SHA256 c0e7af0684b36412e89ba127c7d7be04a3b24d8e70f935da5e8b6fb1e1212bb9
SHA512 facfcd25b895550feb5d160e71b2e630f01565da2e3360791a1e090bead242954c7897b6cc69ca3f657c2b81d46fa91ddead391e7b91583c82b0e25f4fed18b1

\Users\Admin\AppData\Local\Temp\nsy11CE.tmp\InstallOptions.dll

MD5 0a9fb96a7579b685ec36b17fc354e6a3
SHA1 355754104dd47d5fcf8918dee0dc2e2ee53390a6
SHA256 b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7
SHA512 67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

\Users\Admin\AppData\Local\Temp\nsy11CE.tmp\UserInfo.dll

MD5 98ff85b635d9114a9f6a0cd7b9b649d0
SHA1 7a51b13aa86a445a2161fa1a567cdaecaa5c97c4
SHA256 933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de
SHA512 562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a

\Users\Admin\AppData\Local\Temp\nsy11CE.tmp\System.dll

MD5 564bb0373067e1785cba7e4c24aab4bf
SHA1 7c9416a01d821b10b2eef97b80899d24014d6fc1
SHA256 7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
SHA512 22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe

MD5 2d2026451d01bbca77cdbefa0ec6abf6
SHA1 ab670285d0311fc876d97452de2a711bc687fa3a
SHA256 6d7d63958303e6fb213ae54eb134326071f14fab68a6cfa1ad81827e22ccbec1
SHA512 4349849e5b0469a1ef1ecee4fba6b3079002b6fedf6d876f7d4421df7fbc6faaa746502e34d7d8a794fdb8825c9998b17822db41375f4cf6c16eb8413fa91ec4

\Program Files\zabkat\xplorer2_ult\x2SettingsEditor.exe

MD5 aa7cda7ec5f62c73c3354252f3cf28ae
SHA1 56bbd42131368fceb2c852dddc973cbd5ac022e2
SHA256 5b2daf824c86adf3b05668ff082786c4b0c87af2acc16954369c75616d88145f
SHA512 61b69e14f35ba215e3456956146fd8a2be6f69595249c9919328efb0f06c9f390071f097f64045d1c1ae4ae8d73105c2c0de68bb2f7902a95f9ec2b89db3ef43

C:\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe

MD5 bd8214eb60201ebe3295670010c3f699
SHA1 cd377e2918fab5fae1a054530842d023b7bdaea1
SHA256 8a303005ad7eed130f202f621e928468a02b3a6e55198f325fd7e12e4d3b990d
SHA512 db01f01a48033738b69d109423a648ee05427ad6c01a550cc7ffecd05e2b24ab06d209325e05eb2bac016f51fd17c2ca0c0e93c4da08e04e76050ea2e62c372c

\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe

MD5 2b29967037d38441efa04ebcaebe14c4
SHA1 c27a6d9800719184d5824532b572b0e08ecec8aa
SHA256 18d98e970cd8890d7f68abfad77fe439ed5989ef605821fa773a9ee1644fc8d9
SHA512 f9998eb5b03c446fca5551b8a130ccc9f6b541b96c6503034cd5aecd4fce6c98346a2e0f58de8e930bd1baab0a999706d0929588e6035c05e6016080410cbbbf

C:\Users\Admin\AppData\Local\Temp\nsy11CE.tmp\x2.ini

MD5 dcb49302dc7f091a672798d262ffc1ff
SHA1 3d1c00355392482066e844ca07742890245e644b
SHA256 265528bb583808d162e30c9dfc424ce2cc77faf8a51b112205c3f796de11ca3b
SHA512 0e57f07b1a4302c28e953c2a3b268b6e3732dc8cd87ce473ec0ebc363c6399a05def65fa2ce0ad84672546bc47202d195314d268c9e090a0c4a91919ba226a58

\Program Files\zabkat\xplorer2_ult\editor2_64.exe

MD5 f3449ab167a5842653bbdbeea74cade6
SHA1 6c238bfd179233ee8b08a888e0ad7bb6344f54e5
SHA256 9f70d9331d238737e5cba1f87e5b3ef34d11fdbcb1196bf8c15b94e5e15b6263
SHA512 d9ed638c2a908dc2c82688ae9712ef196487da998e304061c7ab0b476d3a45652afd51f6cbf542d8c1e32aec8b34c903374263fdfb8786f8b8e4dde680757e29

\Program Files\zabkat\xplorer2_ult\Uninstall.exe

MD5 86ccedeb03a02d1bbfd7d2994b863a29
SHA1 6f41053a12bcc84fe68da4e4cc974a99b898dea3
SHA256 553ddfc4397a8fae0e52470192c8e69a6c64a3296870d72ea6023eb54077052d
SHA512 f62dff0c190aabeee82bb82095d2514ca45584aa90140b47b07b2a4c2bdf980f05c4e184f7b2d66d3f8476aa00d8fdc8c85d6ccfc1280a5f6ff0acfc72afd5f1

\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe

MD5 28e0d959261703b0fa6e0b3e520b1242
SHA1 e843ffd9872db8e71577945f101c8cbcfc1ec90f
SHA256 9d8d6e0ec4d18f702533e5777e028cd6c017577938c52f047ec605b3053f67f7
SHA512 06a51340911dc881f4baa96bcef8ea23b72bdcdd22b2b316318173466a680353992b612cf1e33793667b6707c5bbb3ad45db3763b226819119ff6e03392eef87

C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe

MD5 09a4a12aef1956578725e98c8be30ded
SHA1 aababfe57ad73738061dee31a98737d72e558ec0
SHA256 1ceb35c15a08ff06a2ec70fdd5fee6305a6f22280459692d3c4ae2bb9480fb26
SHA512 df8199032afc9f833f6dcfc54e51dfc61d7e712250bfbfd203ed68feb1f4856ad231d711bef2b1962e63836afb7d3f108e8365cd06bd8518f5fac286801c6d21

C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe

MD5 4bb8675dc95fcb0301f6e18c721ae4e4
SHA1 0a432ee297202346c91ff55b67476cbd68c11431
SHA256 2b5dfcc3f035877a7de48aeb63950a99d3a7084372a0bb56c37908f02db99d28
SHA512 e5fccad2df8a321de1986fb8463c3c6bcfb38cf9dec21f0cb5e880af6f1ee6b642d7c2a73ebc82a4332c67850135895250ef9cfde9262358d5d7b8933fad51c4

C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.exe

MD5 a8f0182a6bd95d90ff09fd3cc5432312
SHA1 4461ce2125cef90ea8c96896965e32c66bf5f973
SHA256 1b5e487dbe08fa4e02c113870f354c8f9aa08e4d56662c8612f5380a61933718
SHA512 ca984d3b2bfb52ac750cc0bc2221f7bf8a9f65a4cfd858d09af5744b035c1f247ec48d0580076e852ba077388e1af449ee5e7057aed7ea2511d1b062771e099d

C:\Users\Admin\AppData\Local\Temp\RarSFX0\CyberMania.url

MD5 f89e823b83f9edc863ae9e35ea0a5949
SHA1 12db7e3d70e47bd97df335c74cd7323dc48a778d
SHA256 7fba1e8849a88298272be247c2b22ef4a50ac1bc4c83a4c02848bc131e622088
SHA512 d3e297af4eeeb3b8201381fddc426c33ab543db80c0da2ef7ee000ad773cf6895d7221ec17b95806377ea74488f8db7354e23d13c43d87599f6b02631e379d35

memory/1420-294-0x00000000035D0000-0x00000000035E0000-memory.dmp

\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe

MD5 362dedf76b229e5a8efa1a8b738a972b
SHA1 1ffbd9baaf541272114af1e40a5b82873dec1dac
SHA256 cc5914398e7428358cad3c3cbdfc9ab4c337e28cb6840617ef84f8895623a04b
SHA512 15ae769bf22056494f022ec3767c4832e58e90759c77bed9c77d7c86161c95bad52a3a574562cd55f13db0d6f567bbbdbc328a1eabfff3be72bdb8e3070214c8

\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe

MD5 a8d54c202825d7013096fbbfdca67a4d
SHA1 27b4e31097ac2499a80d1e050c1bc808fca5a1d6
SHA256 f8440a0a8397af6c40b9dd3eab224979130b03460f509e19b8d37600efd4441e
SHA512 b3e46243986717a945582bf3d28ddd94f90293069fb8432dfb02d67f63e44bead7560d08ac6283843003c52e67fdd215ae6247f858ad9b3c81a59233b5eed611

\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe

MD5 63254e2ab087b354ceace0dae98ab83b
SHA1 1bc7f6419b0614943da7c7d721807733fc68a87c
SHA256 436e2e0fc526d3513eaf37a79c08977bd7e9f2c226de8609f9bdd55ce6914f72
SHA512 b6caea55ebd986a02e831ec403ea07f91b820870684860efd83df8a8981f17b615981467a4151296f6bfc7451d6589cdf76c2f1dc7f363962b5dd1db591bef80

\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe

MD5 21dcc2d34791e4df708a71ba5e6018bc
SHA1 e58820c7f58945542214059d6842257d9afb328f
SHA256 72d00e4352d993c98eaefd8e82895865fc99e0f04cd4a9e2c9433ebce0d5a883
SHA512 0460a1ec2e180c6d82238fc6bd574ac8cb681c7443b3b0b5c784f8b552e566f1ab70c62c73cc3bc7b1a4ea7f159845c6f39631e3dbf78b08b8ce13c8056e7e2b

C:\Users\Admin\AppData\Local\Temp\Cab1861.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1A78.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b0f8c7b7402586a1f25a406fa52a12a
SHA1 0f0402b81a0ce075ef8368acb049ef3a309429d6
SHA256 a68d13a25ee1ecee56bdac4dac58e94c0c568f781d4b53f5aa7a33666adea310
SHA512 124f85031fd18e01a0193f617cc9e37e3db82cfe8295d631ebd58c4ebe6c00815b4b59f872e1c1e5705b7a033bc50a45e7779134bd655a4dacf4c4690be3caeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7c210f95f74994d5ce392a22e0a00c25
SHA1 d8fe6b192a7b2567381fff6efd0373871985c59c
SHA256 7db7e25b38b93aa6c94afd6063bf70043ab2baa975d24bd56f73ea828a4b706e
SHA512 6c2216688940a3c4436840915ece25713b290d3a4cb882ce2a723adee538ce5781372d2066f509043399d2a48605fcea5d605b90044b3e6e4387d34dfd91e780

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c3934ce6203a6da186cd6d4d7a1bfeb
SHA1 a8c27afda672aa599b8558abf01baad17c5340d6
SHA256 8b6eb002b90389c0c00d2618c6d8205b9b782db72b7aa0794d5d4eb0485c4129
SHA512 a2cabcd664c982bbad14ac81e5f27ae57fde299f851a0650a8149a0ce102316cba6d167d8583e88e754d65b5717fe6020805d014c8baec59ae5e0ae8d1b5848c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b770b4882852607ea9d5e116e63d023b
SHA1 31ea8796c0379d2226e6f1e5eae1d37c9c36460e
SHA256 e09fb0ee7d55038d21e85bd736b1beb3f08211d90c4b1a962a71ce5c3e71dbce
SHA512 999486ec24890884ee0ede315256bd1dea9ff40f2bd66aa131d8dc66a553aaefbacc36862e7f42fbd612e0e4534807042c62bd940bff825c57d88d59086b860a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f66bef16d1f9673205d9ffbff6b2e89
SHA1 fccdc76ed73c7b383bd43a6678b786030ef24820
SHA256 d53d7773a6f3637b6d927338bc32cda7a592194cd2df8b74af2cd3387a681e5d
SHA512 91bd2d98410fdb9dcc20a2b8d935a981785b490bfc26e8f779b28a3645b6ed14d77423d4a7c38ff5d47c1d9d9fb6f192e54668160211192b23f9d53fdb80b2a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 ffd65c0cf85ec5a75bda81102147b974
SHA1 a4a0ab3d98c2463c831acdba8f71b50ac4e39d31
SHA256 f19f2827e40123de649e505a47efd91150fa7db79471a47b7d91db6d0138af28
SHA512 fc4c701c711953454c6e6eb05adde0519bae8283915f50aaac6be340bec947adad10c58bd1551b9b1e1ca7b72932653e8d3be489b24cbd872c941c4cd6058fbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJFC93IF\f[1].txt

MD5 1adb814c5c17dd55144430f06337d4be
SHA1 feb0bdb36d72b5524182e479db29c87383fe48c3
SHA256 1d532dcfc510854b0bae4e0c73223586d24a7ba90e646da3e1620b3907bca1db
SHA512 2312d0ccf91f21ad5b63c0eb2c6d9a14a39b6114ac112d50dccbad66a081cd2111fc23c77faab966e3c181f6107b3b17dd9da30c6cc7f65b9a6e45f0f2a28d03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 069577fba3d6a016b2f2295bed6ea224
SHA1 566328ee1d0510091f617a26a87c96e5f73a837f
SHA256 00def53d7862ccc1aba36ff32d5d2b0adb96005a3e9a7bec887996931414aeaa
SHA512 a2b97b7d13c412c6abbdb3bd85a94526062766878d51f4112222ea90e863221898a4799beec3e598c7f996434e2a9c08736b451df348e4f68eec65a102aa5be7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1362B7791428C28A832A1F1A09A6ACBB

MD5 955c4b2f4f7721a1836e5cbcca2a24c0
SHA1 733ffe04bffd1ead4df2c3aaded25e1251e5c701
SHA256 25ebd85294279c841add5ab671b9ba013386e98c406b18d2894de496a6d7174d
SHA512 fdb25769254bdafa9ba39b4a9a0b35fe3cf09ae6538645921cc7f93dd4ea253495d2e0b9eb2bc564c9f20d49f3017d68d21149dc489d13ac6676592831507fda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_1362B7791428C28A832A1F1A09A6ACBB

MD5 3d22be3de4e00745c6320ebfc0c9b57f
SHA1 463f3c221d1b5045253a3831ab71f38c534b346c
SHA256 6819dd9f2afd663beeebea86370ca09a6b1eabe8312b58d78712b1e57519401f
SHA512 febf0cbb04d49f21e04567b74cea40e36e3a94536abef15cfe47051e44c5f753dd5a1f0cf104786489d6ac5d9d2686d298f70035932a0eabdee854163a4cebcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_1362B7791428C28A832A1F1A09A6ACBB

MD5 84d6a8cd93b7cd798f43c7a955c4dc2b
SHA1 e70d411496fb1a421737487d5435261d28df79d4
SHA256 5f4b051fde29b44164017bc0dae0dbe943125aae0d1fce673bf9f6046ae88eb6
SHA512 136ba322cf16ed9132607d99c830a1dd8278329c43818dd5b39fafc558757f1b05100d6e4ffd1943092e5caf1e4f11754ac26eb30d249cffb88beac6e86dc2e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8c1b0d4569a6cf6c03f178076a24335
SHA1 5b9ec52c02539c335a735dc63c22047e208c0a68
SHA256 2a77858a77da27a577fddbd87231d7e5e04914748eae5fb3feb0922886360e68
SHA512 6800fb845f19b94b2c322356cd663a990046489ddda8d148d2c622e13220687bfa987b60e25c8209391ffa26d3bb19712474c1e512b0a0d19204d08e88119cc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 8b9a0d4df013cce87069fb6e24c1b7fc
SHA1 502217d1cc89a7713fa0d7c72066a675385643fa
SHA256 0cc9fb3f208ceb010e21d6d1af4ecd888cd95383a22b1872ad43075d180c3421
SHA512 e5f0f154df5ff2d80bd0adf5ba32621aca6a8b959194a821e9eafadf668d9dd335d2c2d2f713f07ee78cb442c8b9bd8144a16f1682d6b828a765159cd1092cb5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSFN5K7X\CM-150x150[1].png

MD5 31db7220cba8c01f89b5bcf0f3dc34de
SHA1 bf1a95415b419f94908982822ae421d4a2a9b7f2
SHA256 c052478b6204bc11443987e036d70d51e0f22186b7bd6c9616b794ccbcd44dd0
SHA512 771725dd0fa07ca6e26df2cbe155f5c39fb803ae47b9ae3b1d0cf24778c78578e1f31ac687291946a905890239fada09d58b38c80526de86d02133c230948adc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 dd96dde1582dd1bff6508fc52b7d1aed
SHA1 603bacb5c4831b565821afa836b19efaa690c83f
SHA256 9cb8641cb6945160c60d4a918f104fcb29cc5116547aa527ed3a80a43b5e1eef
SHA512 2cf687825db677e3ece168a393185901753a0ed9c57a6d4d7c033203f26f76b24c7d36dc98c5e55a6e4dff4617f8eb45b100b512d7eed66a58baa7ce861b291a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81384dc2611a4940032c17c7e4c7036b
SHA1 0f934e10ac3c04f8d3101500e255518e9c74a6cc
SHA256 54821aeb2dc26a0cdcd7e85c7f42251f5bf7d122c19631caa9859b7e1eddcd1f
SHA512 67473e159a7c3509ad371305c1f41a4c004491b1490fd0b8f60e115746a7750e7a5c59cebdba154cd14f6f69459efdd8369d0f83c6a0d0c135d53f98c7ccbd10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05a2d48b88f7dcffb13ee21a69deda89
SHA1 fdd957c658d58b5e18a6819884608d5de25d1de9
SHA256 290ac2635958f0a7d863e1c5db76b3a4e997ce220453181e3055d55528c4527d
SHA512 da81cc81d5714139dbe8426c24ac03f8e754fad53c953ef25278740ea08cd6ea7385687f1fcef7f52046091684a008828aa16cb717e3ac576457750b1e8db640

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a34992c0ec3cec4a48b95688cf89e8e1
SHA1 26e9211095fce5e53f37bb7fb470d5b8df16766e
SHA256 fc857ffb69dbd445ada7098387bbfd4499185050b74765aa9f02e1c590d45743
SHA512 d199661764212efad8472ec7a8f2299c1df3df58f119d5fbf0dbd59aa2333a5ce0cbf5a1f495986c33abeaab4bef47dbebebebac3d72250f177facad419db892

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 433fc4abc993786a940a7bd846165ee2
SHA1 fedb0a57ac967012c8cdded81ad6b8ac95860706
SHA256 ebfe78b32ecb13c2180849bcf034e414e62cf0d3758515df35d59d504943a98a
SHA512 f14c7bc811647ef2d133126360a8fb9e61d2f0a8691c91f26cd6601b670bd16987092e060703e22c793e856b46f793ebe9cdfa882d3f35b6dd46722388987ed5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1af282c15fc3a50f4627d315f89c621f
SHA1 f63d0ebf4a9eb7e0f65ca00231e394f0c8c4e820
SHA256 c16a251355851d6d23192112543947b05337caaeb37e85d0b6f54a33db1b8e8c
SHA512 23809ffb0ba62b91bb44d85c60a06f0dc3c950ef5b7776483c51e505aa68ab0a2bb9fe641a7b3087adc83a66711d7e08988bce6dd4efdd79a8a40e66b18c6bc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9c196d64b94bac81b658516adef3005
SHA1 21aafcb795d2a6adf6697e0e2522928907e29a23
SHA256 15f3549e9762a06bb2b4292ed835a6d6c62c6c726b7e6c1425c327c66514cbe0
SHA512 dd6a5d17040f09ff2338f9a3ffcf4864a6313d1c7690403927523609ad310219b49af343802351e9cf95369fcf85561e8f3ecd339bf346abe01b2481a860bd72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 379075bd2aa578baabff5aed835ca0b6
SHA1 afa7d39de6bbccdc0683a129c9197af0aff28190
SHA256 c0a0123b6031539ba6bc3d20dba16debfc684a8c24972334f2e8998ead79e2bc
SHA512 1c30e0815c3ba41a8544243833ae8e35244d9204b704d3cee729e533daa4d13fc68a952336dd6b8dbc3213e6da51b401ec195d96e3d77950733337ef23dcf86b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f119a1ee09c7a9d6b413376ee5af2b6
SHA1 5875aaf5461d1f4dcc42480ddeb179f21e24e6f1
SHA256 eb206ca02614f0c86f3f8d3ebbe4448a1102775f8060acc0ff1070432dbbb3a6
SHA512 10ee3278b689bcc9dded2d5263b359d3e08f6ace3b8217bd441108c5dcc40de562298ca1f1877e2c3307ef2f4c5f991d0b4233264a44fb97cb29327cf64d7a81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8c6e4b3f270108b122a9d84e94e5769
SHA1 5649a259d1e0c712bb5f4ad02f136f3f941b01d7
SHA256 bf01972409e25cc1896d5ec107b534542e6981baf6f7d7701338f58bb2ac5fad
SHA512 5a76cf796dd61ced03e96b7a140abc5da64ff1849897aed81ac88a0cba00fd6b098a33316f9e255af9f25ca7c0f0f76539367436f479a9a21c3542accac4574b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 545667fcae3ed09e722ac761be6da79c
SHA1 c527dd5e3d3a2e8de0c78c85ad1d0063bbf763ad
SHA256 402cd7cb1f124259f2c8769d78e24fccd93bd7350becd59c2b4107df9f9eccca
SHA512 b171ba42fac4260651d8245eb9574940a0870e0b8265355e2cc444d10e50bf99a279e4914f6df17b37f3cb9a0db89628130ffe1313efe9698e6b3112de883067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73c49d0bc583e8f6ab21cccc19ff5c42
SHA1 8b0fc04ea8534aa9f12ab105410d6be8a18fcc54
SHA256 91f0d79ef884a142c5613a95fa6e74a632c21a5e060417ff76dc84f9af3b8ca7
SHA512 9af5eb89e96a62baa50eda5347ba578c7403775e9b78e6547d5bd620528868c18a204d61a4efa0f21901ead062576ed59c2ff47b7e0c0017d67ad82145cdbe7b

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 857eea3121d7a72b93ab83315843ebc7
SHA1 87539d5819ac0f52545910f3c2df4ddbd31be2a3
SHA256 1bb8c4002ba371875c8ad425d981139e6db5290f88d48414fadb2896b62affe2
SHA512 40c57c9c47a506e0bd55848a7d4a90a44ba1bc0be19523755f4c615d06020171558210d0bc0b08a2fe3d3e5f4d21edeb3b2b098a2271cb2b5a7d5e85e2adde02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f14cec8d515c58d49cb23650f0205c58
SHA1 aca54467676a9a188c90926233742d6f49abb085
SHA256 7a21ba252021dea76e2599b30787cd9fb25478c5e1234106037dd451f408c6c1
SHA512 d8fc83d9a6a3241e3f39ebd97bc08d61df833bb9ff82ed93545dc33d01775d7c5dbb1e24e953deb805e1db2c37c1bcf7488fc08acf9511589a9206a2a3536402

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98ebce9e16b90386d2334f7fc722f715
SHA1 3f98b49574289d74cc6116eed24055a99e3c7d88
SHA256 75b56bb4e32e1456744a6c64bce627548dbb87a7f408c4398b972896314c1d08
SHA512 2327cafc08b6617e30842558e93be6c50f71ae3b2b38f05b013412731e40439c3e302894aff7765c9f8939a62eaceb2e8ea4a64dcfe8396ad473c43ae1df25ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4bd476029193eb73dcfab1ba61ee635
SHA1 bd65b9f71cb9874ac38895ebf3fe6511f568f617
SHA256 d62711a9d9af73171d405549d08300bdd1571ad512d1d379d66802457ce682fa
SHA512 031af870f4815851a147f60877ad51c37b69d00d7352e7157d02a6e3f0d62707d748c45d312fd5b98b4bb56ce07d391d9eeb9f770b8e3047b3089854fc3c0078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b92d7b8add10314d951ed7812b0f44a3
SHA1 b7462710bf3d27dcdcc9fef5653bb2bd910f9fa3
SHA256 cb36827238fef8f7b383ba3ff252857c52bb81305fa8c64c68a79360dde3aa1f
SHA512 8cc53176da3da86e04de5776dee405b472da13bee4208c9487797c08c98d902b59c45701e242f920c7340d95e606d3b5b9780d273d4e0b8a93246233cd0b5f74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a32979885508eb6dfca2e92beb4887d8
SHA1 0ba44524eff7f73f3bf62ca4adec731d00c24929
SHA256 06cc9577c4d9e3adc8a845c0a460f4718a4d01958a2968bb79cbfbb6113f9b6c
SHA512 e9120676709894f0e1a87a8dab3257206ce339176a4217640cb5567e320ec35baf12cd077f2bcc93af088b192a181f77a31f7c1b53aab685406ed6fb15343055

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5906c9e04b21c31ce7c7853df1b9aee4
SHA1 3d2ec6247acd21e789182520f78dbc29da411108
SHA256 06fc58f4ed25b9fe7dd219801414ceea10970291f05c9b0621b367afa01bebbc
SHA512 efbe396000da325cb1978ebda3a4de3cb28242ecf8f5879dbc9ce80920b9bb09a1690230eb4cdef7f104af551afab3bf84494b2c7dd54ace2260ee924e9f28c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f778c808c70dd2f3fcc1f6146261115
SHA1 134b4536bd482864a2bc0a6cc8cf0c019b8a04eb
SHA256 8e1208eff88c466995b1bbb42b6c6a22c7179c3f29790725197bb039628dfff1
SHA512 eb778aea291fdac8b97fa192d8de50324d3ebfe4190b51b1fe5e4898484807589fc4c8c6b18caa74bc14580c8bd3a0df634d18849003e723c666a32247b1fbaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1330e6a061fa263461ba77d1ea004277
SHA1 f5014e651f1de9c7d08c2103ceaabaa5a68f9197
SHA256 0e3edd1b4f1fc083e80c6a72c0d27318f00ae1a0b54e6d9b213e7771c80c8ad5
SHA512 2f93ee11e7767fb33bddcd801842476e0c46815c62e311ce4dae07fbdd6c6b10dbed0d661b277723f4778f20d2aa52053a6af534d4e60bd4aa82080f42552f52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12e1c68c8460bac2866a17a4c679629a
SHA1 d80f7cbebb17cfa9ed820b589b0c597a54acc508
SHA256 074eb69a96b35988a3cb02688afb57ebb4a0ab518cb3c823eca0d5e1efb767ef
SHA512 e3eec7d7ba7b7cef5e7c0bce3e3c2fe270135ac5bafb25010975d03a0798c47117605831b683e398bcc5687a4b9e6aafd5c895588a9a5cfa0bf3b693b21cda27