Malware Analysis Report

2025-08-10 19:10

Sample ID 220201-k4279scee5
Target 4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf
SHA256 4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf
Tags
smokeloader backdoor evasion persistence ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf

Threat Level: Known bad

The file 4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf was found to be: Known bad.

Malicious Activity Summary

smokeloader backdoor evasion persistence ransomware trojan

Suspicious use of NtCreateProcessExOtherParentProcess

SmokeLoader

Executes dropped EXE

Disables Task Manager via registry modification

Checks computer location settings

Deletes itself

Loads dropped DLL

Program crash

Adds Run key to start application

Modifies WinLogon

Enumerates connected drives

Suspicious use of SetThreadContext

Sets desktop wallpaper using registry

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Kills process with taskkill

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-02-01 09:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-02-01 09:10

Reported

2022-02-01 09:17

Platform

win10-en-20211208

Max time kernel

390s

Max time network

409s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe"

Signatures

SmokeLoader

trojan backdoor smokeloader

Disables Task Manager via registry modification

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\malware-master\malware-master\666\666.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\malware-master\malware-master\666\666.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*09F04A5D9E = "C:\\Users\\Admin\\AppData\\Roaming\\09F04A5D9E.exe" C:\Users\Admin\AppData\Roaming\09F04A5D9E.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\Run\09F04A5D9E = "C:\\Users\\Admin\\AppData\\Roaming\\09F04A5D9E.exe" C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*09F04A5D9E = "C:\\Users\\Admin\\AppData\\Roaming\\09F04A5D9E.exe" C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\Run\09F04A5D9E = "C:\\Users\\Admin\\AppData\\Roaming\\09F04A5D9E.exe" C:\Users\Admin\AppData\Roaming\09F04A5D9E.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A

Modifies WinLogon

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Control Panel\Desktop\Wallpaper C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\97717462.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4272278488\30062976.pri C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\1601268389\1361672858.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1659841449.pri N/A N/A
File created C:\Windows\rescache\_merged\4183903823\97717462.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\1361672858.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4272278488\30062976.pri C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe N/A
File created C:\Windows\rescache\_merged\4272278488\30062976.pri N/A N/A
File created C:\Windows\rescache\_merged\3720402701\1659841449.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\WerFault.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Windows\system32\WerFault.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\WerFault.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SYSTEM32\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Toolbar N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0\0\NodeSlot = "4" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "{081209ED-FAF1-4E6B-A90A-1C841941779A}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5a20b75e8716d801 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0\MRUListEx = 00000000ffffffff N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = bca03f4542ecd701 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = bca03f4542ecd701 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = ffffffff N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\LogicalViewMode = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\0 = 4a00310000000000514e290f100030303000380009000400efbe3f54a84d3f54a84d2e000000c706000000000300000000000000000000000000000000000000300030003000000012000000 N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000070000001800000030f125b7ef471a10a5f102608c9eebac0a000000f000000030f125b7ef471a10a5f102608c9eebac04000000a0000000e0cc8de8b3b7d111a9f000aa0060fa310600000080000000e0cc8de8b3b7d111a9f000aa0060fa31020000005000000030f125b7ef471a10a5f102608c9eebac0c00000080000000e0cc8de8b3b7d111a9f000aa0060fa31040000005000000030f125b7ef471a10a5f102608c9eebac0e000000a0000000 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616193" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0\0\MRUListEx = ffffffff N/A N/A
Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\MRUListEx = 00000000ffffffff N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\MRUListEx = 00000000ffffffff N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
N/A N/A C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2592 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe
PID 2592 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe
PID 2592 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe
PID 2592 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe
PID 2592 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe
PID 2592 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe
PID 3328 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3376 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 4004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 4004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3328 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe

"C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe

"C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff26cd4f50,0x7fff26cd4f60,0x7fff26cd4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1512 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1732 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4160 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4256 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff26cd4f50,0x7fff26cd4f60,0x7fff26cd4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1660 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1552 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4456 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3896 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4704 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4952 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4388 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5892 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6484 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4552 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4640 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap1251:102:7zEvent27104

C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe

"C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 420

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3568 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 436

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3116 /prefetch:2

C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe

"C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 368

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 388

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1688 /prefetch:8

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4396 -s 1660

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff26cd4f50,0x7fff26cd4f60,0x7fff26cd4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4436 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6924 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7120 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8

C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe

"C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8

C:\Users\Admin\Desktop\malware-master\malware-master\666\666.exe

"C:\Users\Admin\Desktop\malware-master\malware-master\666\666.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c @echo off

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c dir c

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c md VIRUS

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe

"C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' set FullName='UR NEXT'

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' rename 'UR NEXT'

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\6b424736bc0549dda9e54f638e7b909f /t 3424 /p 3052

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3088 -s 3508

C:\Users\Admin\AppData\Roaming\09F04A5D9E.exe

"C:\Users\Admin\AppData\Roaming\09F04A5D9E.exe"

C:\Windows\SYSTEM32\taskkill.exe

"taskkill" /F /IM 1003.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f taskmgr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TSKILL explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer

C:\Windows\SysWOW64\taskkill.exe

TASKKILL /IM /f explorer

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.250.179.173:443 accounts.google.com tcp
NL 142.250.179.206:443 clients2.google.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
NL 172.217.168.193:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.142:443 apis.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
PL 34.118.37.165:80 file-coin-host-12.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
NL 142.250.179.173:443 accounts.google.com udp
NL 142.250.179.206:443 clients2.google.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 172.217.168.193:443 clients2.googleusercontent.com udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 142.250.141.94:443 id.google.com tcp
NL 142.250.179.142:443 apis.google.com udp
NL 142.251.39.110:443 play.google.com tcp
NL 142.251.39.110:443 udp
US 142.250.141.94:443 udp
NL 172.217.168.206:443 encrypted-tbn0.gstatic.com tcp
NL 172.217.168.206:443 udp
FR 5.135.138.205:443 10crack.com tcp
FR 5.135.138.205:443 10crack.com tcp
US 8.8.8.8:53 dns.google udp
US 192.0.77.37:443 tcp
US 192.0.77.37:443 tcp
US 192.0.77.37:443 tcp
FR 5.135.138.205:443 10crack.com tcp
FR 5.135.138.205:443 10crack.com tcp
FR 5.135.138.205:443 10crack.com tcp
FR 5.135.138.205:443 10crack.com tcp
NL 142.250.179.131:443 udp
US 192.0.77.2:443 i0.wp.com tcp
NL 13.227.221.5:443 z-na.amazon-adsystem.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 dns.google udp
US 192.0.73.2:443 secure.gravatar.com tcp
US 209.54.181.15:443 tcp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
US 209.54.181.15:443 tcp
US 52.94.237.66:443 tcp
NL 13.227.198.86:443 tcp
NL 13.227.198.86:443 m.media-amazon.com tcp
NL 13.227.210.95:443 wms-na.amazon-adsystem.com tcp
US 8.8.8.8:53 dns.google udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 dns.google udp
US 188.114.96.0:443 evyfilex.xyz tcp
US 188.114.96.0:443 tcp
US 23.22.151.222:80 ec2-23-22-151-222.compute-1.amazonaws.com tcp
US 23.22.151.222:80 tcp
US 104.16.18.94:443 cdnjs.cloudflare.com tcp
NL 142.251.36.10:443 udp
US 104.16.18.94:443 tcp
US 8.8.8.8:443 dns.google tcp
US 104.16.202.237:443 tcp
US 104.16.202.237:443 tcp
US 199.91.155.81:443 download2340.mediafire.com tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.195:443 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.195:443 udp
US 8.8.8.8:53 dns.google udp
NL 142.250.179.195:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.195:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.131:443 beacons.gcp.gvt2.com tcp
NL 172.217.168.206:443 udp
NL 142.250.179.131:443 udp
US 142.250.141.94:443 udp
NL 142.251.39.110:443 udp
US 140.82.114.4:443 github.com tcp
US 140.82.114.4:443 tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
NL 142.251.36.10:443 udp
US 3.217.146.184:443 tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:443 dns.google udp
NL 142.251.36.10:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 140.82.114.5:443 api.github.com tcp
NL 142.250.179.131:443 udp
US 3.217.146.184:443 tcp
US 140.82.114.10:443 codeload.github.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
NL 142.251.39.110:443 sb-ssl.google.com tcp
NL 142.251.36.46:443 tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
NL 142.250.179.195:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp
RU 194.58.112.165:80 yot.su tcp

Files

memory/2592-115-0x0000000000AC0000-0x0000000000AE2000-memory.dmp

memory/2592-116-0x0000000000030000-0x0000000000039000-memory.dmp

memory/2588-117-0x0000000000400000-0x0000000000409000-memory.dmp

\??\pipe\crashpad_3328_HTGXOEDRFTXYPONR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2588-119-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3036-120-0x0000000001190000-0x00000000011A6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 46d07fa3882de26436214609c231a675
SHA1 c2eb75830b07feade40db89a2c9400761462d49a
SHA256 438108f821605c4bb3f0efa32837e07adfe807033e5962b75b9787ebccf4a5e6
SHA512 c51a46e62fdcbe0cdac93a4b0a1001fcccdf43443182493c1dbf2f439db4237301a4c34d96b104e5e312dbc28d3086dbfe55a437101a87db3663a10284e4e11c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 303e186ee806bb3d9b2a124f18916fc5
SHA1 653da9990396bc056479aaed2a6d9709c433c23a
SHA256 e82d8cd0e29f481d7bf54fa0cc39400dd32f104b28990feb9cc2a485c4024698
SHA512 702a7d4f95c962f9ff3a44f46d560a0b08464e72bd75248210b27def2cf056ba7bab9e867700bb6e072d2ddae2e4194f4630c97831f08717c5de36ddbff7e11e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 c146301dc65bcf6447ff68e006685c67
SHA1 53854ca572fac03f45f7b75bc937a65f78c74c27
SHA256 07335842fe276360d4b6b6e8ba00d37c805bf56165982acc6f63ed108f1f2743
SHA512 ea000a2ce286a50367de7b2ec28adcbbe53f4012138fd95ca0a99276d168fb45ce469ae711ad34e734a65efb89c110f4e2c194a38c31576a498efc7b731c89d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 dd3fc3134d4e9a3ceabd3f68ca204fa8
SHA1 a04bcf3771b25b2e89d0fa35dca04f162a3b12bc
SHA256 490af9a9e6c1b248d0dcb91b16937ba6c8b2dcabb2b46084b39d36580488437c
SHA512 8666ef468bbf782375a83ec1a42d5ed4330fc9ae427bb280272abef00ab11df8a5673eb9494fa08c583a6bc880a7ecfe83a9c9018c81eb9a7ef6c67f57b37c65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 b63048c4e7e52c52053d25da30d9c5ab
SHA1 679a44d402f5ec24605719e06459f5a707989187
SHA256 389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1
SHA512 e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69c7be2c4fda689fc1ba6ce1d00cc635
SHA1 f0ce8a55ea751dae716ce4912bef0dee32cfc74d
SHA256 09cdcc722ce831066b73129329a30cf5ad4b65f57393753af46992fd1bec5c44
SHA512 e9120bcc2c377021eb99231c4ccc8cfbf65a3d483c96793bd396085e5d047241362203e017c9def49a7ec9f0c20d72eeba063db0312dc9f3fc8f856601ced622

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 de92ad90be6d3364745b2f73f4c3cf73
SHA1 9158681463bd30e5af4dda4baac81f93cedbda77
SHA256 0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0
SHA512 9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13288095616253340

MD5 14b098853fd3a9ac1cf1d52588d1dcbf
SHA1 3d926fd0496a593d6c9d53d93984155c317ae903
SHA256 29d41cd078bf6a6eacd1b1631953e649c2716ce4d475c8951579990e06158d0f
SHA512 f125927207187888f97cfacb7db4090e44ec7fd89ad754b1151728fc10d2f798c95a96cf2816d41dfb0f1f06505c4cb3123117d98c41b4ee016286762681ee84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 d535900d8a0119448a1bc4ab784344b9
SHA1 700d05085711e47dddf23f25610e1b52eb3f19ed
SHA256 450a110d100e2b12fa6f7d451e92f20c6eebe0c569f86e85df7271623a1897dd
SHA512 9128e76f03fe4bd71f16ed45c7d6601953609150de3015abfb5dc923b06e6e5e97ed4a9c74fab066e1dd6e337e3c5332d213ad7ba49361e01e4b0572b091ce3f

\??\pipe\crashpad_1236_LRTYOQYHQGSSIDAV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 0302998e05a07498986c1c95e93d2721
SHA1 20b4f5cfe5894297499ed8fdda2cc5b89261eb24
SHA256 fbbebcab261f199cf827cc1c63a9c8615ec82df163921adf25d2b7b18ebcf099
SHA512 74aed7dd9967ba59a4958fc7dc3e7ad1e0025b43427a25c00ce7ae928b0f591a41f0df61383f0e3138d346fa377b480ac80b12a100cc68b03a57b60aae0a6be9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3

MD5 aee7f2b758ef98acce1c5041bade3de2
SHA1 d4f142b3b43369b4b43ac82461094848ec70f649
SHA256 7611ac5381848c8cb3f4356d9a776eb9c6b074eb1220e81313cfc3a36a0b8781
SHA512 2084f924bd934eb11ff9af98bb5694f19ee1256cf229885735416caae69d0d07e36fbff43a39632d7b7bbbd2398eb638d63666cff483fd169f562e5b96ab2222

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1

MD5 b8f68e066bf77be83eacf73b9e993bc6
SHA1 77f02b01f71e0f4d6cec9155ea7a7630d50808e3
SHA256 3b06dd18914e990da95ff66ce60628b2711b76cfbe36e9b21dbb65fdfe2886e4
SHA512 4f0a0704e968743fa2ed5ea91a0a420a80122083bcf7e46d6ab6efa30a021696889bbc97d45a6dcf66df210127e84b987d30acfab521f4974e4a3c0cd4a7ff1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

MD5 80480ff4d45ecb326b8123969c46d621
SHA1 7a827640cc0ac4764168e2a5dec75d3a3a9ebe91
SHA256 2936d7a7aa586e120eab84a1d12d90701b612bf2ae34c3f9bacf4225faaf7e79
SHA512 abbf2651045dbfdb51af1adda1188dc67e15de0e626ed4cd4a1abd32ca3bed27e49e4250d5fea51acb4dc5b3eb719418eb2c2b2f9be70423f1d360ca671a5db3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State

MD5 4a9466b6916822c8604852373d5af469
SHA1 f0e9316f27b4cd47a93fd14fe85d0f8a2ecbe671
SHA256 3538d5e9978be1eabcb598838798af2d895d7bd1924f356a7750d7b6523570d9
SHA512 2ca6cd13538e4055404806ad7b4fa37d099dbaef296e6ec7663435750e28b473cc05decb2a6bca4d4fa299d863dbe0facae598c5f8723253880b42b647d82683

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity

MD5 92bd4b1c5c3ac30bbbcbfe4c24df6658
SHA1 d92f56d02427f9edba37008b0fb2915f17119945
SHA256 d5ed7ccdcf5e4af1e37e5cd2f93d15c3550d313746b76ee35fa75ec4004b1b1d
SHA512 f2e6510c8daf6b77d1178fe464d51120354f643d579a9365799ceef6114ffae1b468a72ddc8781acc68b477494510d8427dc39e08b5a9c020ca23da35260aa27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 d7d9437445aa960dcea52ffe772822dc
SHA1 c2bbf4ac0732d905d998c4f645fd60f95a675d02
SHA256 4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1
SHA512 335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 52eeb652348939d1ee010b109467bdde
SHA1 781cfedb4c895c8e97a13073258eab6dddc27aab
SHA256 991eea0b81b9d391b9c856a2a43ac337bb217e907a269acef82bd989148eec1f
SHA512 2adcb862aed783858659f6a9ade627deb50b7eed7c1508ba3b15dcdc37a59a5ff98fdbc6f6abc88a212cd11519afc64aaa08bba93f61d578ab0fd8f87eaa51b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

MD5 9f5bbf8401d7f01615a0d5ddac4d74c0
SHA1 e5b7533a88f09026e44e635973c864d4347e8dc7
SHA256 99a6e86a861080361d00247f78249fd4dd31b31b4fab03c8b118ac0f9fd84ae4
SHA512 fa6fb61335cfab52efaf60bf2ffdf96ab1bf807b7f97d3908752d5fd5e2b13b3d59b0307a5b408cf2e53f08b7a05dfb8aaa80096f7c68b4b2c0d15637f52f615

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL

MD5 c834f4634a2f310c3528e57df93d25a9
SHA1 512aa46234fda64a29b417759348d402d140e319
SHA256 ea0fff53fa74670be49034cfed633e5789307ae72b6576db5aeb12575661cb3f
SHA512 e71e3223338110a266071b8deda0ec115052fabb608ac1d6bf0522b39052bde1fa0eeac57b31dc674b952ec1fac70bb6e23decab5232b0da8fe7f79085e7bf22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001

MD5 bed96ecd675fd8c2b4710d2193c9d71a
SHA1 4ba692fe76e2e0b9862b94e14f8fc46edce6e449
SHA256 7d02cd16917493dc8f19ff7ff5106001d549646979a3ebeb0fceed542a0d7ea9
SHA512 52c569409e9726be8a84ce57ecae1ba9a047d105c4555803971e0231bfc840dd22c6d2e4775252b0074695ca191adc0b246c4d68dafaeda77c5da6dbabec15da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 838c958475308aa6d15add38c5cf39fb
SHA1 574ad774e8d55b8c11b57ab669629b34fbb3ee7d
SHA256 167b5c630c539b11d5c953f7bf01985d09bc6dc2dba082ae1dc9d913a1929c6d
SHA512 a7de5ae1f94dc5b29eb4402988353d276b3feedd973177464da851a70dd0aeafb77331900461e6a17d548af8eef1ebe33c547350d8afbe38690e3e4ede3b685c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002

MD5 c4a85e28db8384c144974acbf425787a
SHA1 c9e5832f263da2f28827e6db70383e976393952d
SHA256 0efd753008c76eb6ba7206b014cfeb2cc5dc2ea7d134fcd7045ab59f03a34151
SHA512 1a1324ff492b1808573ad0a2c4663aae461dcaefe71e80a2d190c19317701a2f3a611493d4342a50ce1e42c37e48a44465eb18294e753d32fac30df2141bce3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003

MD5 70ae354ce421c724f886e84c9e5bdbe6
SHA1 b1d130a83f58a34c86a18881276adb0181da23e7
SHA256 3fba20649c9805c920acacf297d0e2863eff51c3992925374d634c94781119ad
SHA512 ce20d7031a8e5d22839903d2fa9d0f357f2fc91d454c2be1878f461654d3b1623247affd8c29a44d6b6290b98e3933cf2e5b683ff473c38a605cad5281801b22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

MD5 be4ccc464de2342cb42c057c2c248902
SHA1 38616eb4cefca972d6546dcb463df97d8914e546
SHA256 a2ae44993c32d0c4bcebfa03bc326374200b754e8479ef55d5b7e85dede545f8
SHA512 207987c62a993fae564fa21c6ba45e6b6d57cab508e03aff442c4de4de443ca2dd381151ce6d753e8b80774e3c38f0f2771cf39b6bedb50e96d699cdf425ac7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal

MD5 ac42e68a9c451108ebadb88b876cf091
SHA1 365edd9d5854ef37da7fc12ef3612a1f93baf659
SHA256 d59e3324254c68232177fa9814e6a226e2e51b6652e71c2da785b8152a6c57e9
SHA512 3046ba5dcc39ff90991af244855c87a9d2aa06216d793436241d2ee2c83d612cef716027f68bc59c31b22184f0f0b61f58a6097f67d607384ebc219325c87785

memory/4616-150-0x0000000002620000-0x0000000002680000-memory.dmp

memory/3052-496-0x00000000001F0000-0x000000000089E000-memory.dmp

memory/3052-497-0x0000000002B70000-0x0000000002B71000-memory.dmp

memory/3052-498-0x0000000005690000-0x0000000005B8E000-memory.dmp

memory/3052-499-0x0000000002B73000-0x0000000002B75000-memory.dmp

memory/4372-500-0x0000000002660000-0x0000000002662000-memory.dmp

memory/3052-501-0x000000000A7D0000-0x000000000A808000-memory.dmp

memory/3052-502-0x000000000AA10000-0x000000000AA20000-memory.dmp

memory/3052-503-0x000000000AA10000-0x000000000AA20000-memory.dmp

memory/3052-504-0x000000000AA10000-0x000000000AA20000-memory.dmp

memory/3052-505-0x000000000AA10000-0x000000000AA20000-memory.dmp

memory/3052-506-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/3052-507-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/3052-508-0x000000000AA10000-0x000000000AA20000-memory.dmp

memory/3052-509-0x000000000AA10000-0x000000000AA20000-memory.dmp

memory/3052-510-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/4372-511-0x0000000002663000-0x0000000002665000-memory.dmp

memory/4372-512-0x0000000002665000-0x0000000002666000-memory.dmp

memory/4372-523-0x0000000002666000-0x0000000002667000-memory.dmp

memory/4372-525-0x0000000002667000-0x0000000002669000-memory.dmp

memory/2012-799-0x0000000002EC0000-0x0000000002EC2000-memory.dmp

memory/2012-800-0x0000000002EC3000-0x0000000002EC5000-memory.dmp

memory/2012-801-0x0000000002EC5000-0x0000000002EC6000-memory.dmp

memory/2012-802-0x0000000002EC6000-0x0000000002EC7000-memory.dmp

memory/2012-803-0x0000000002EC7000-0x0000000002EC9000-memory.dmp