Analysis Overview
SHA256
4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf
Threat Level: Known bad
The file 4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateProcessExOtherParentProcess
SmokeLoader
Executes dropped EXE
Disables Task Manager via registry modification
Checks computer location settings
Deletes itself
Loads dropped DLL
Program crash
Adds Run key to start application
Modifies WinLogon
Enumerates connected drives
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
Drops file in Windows directory
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Kills process with taskkill
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-02-01 09:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-02-01 09:10
Reported
2022-02-01 09:17
Platform
win10-en-20211208
Max time kernel
390s
Max time network
409s
Command Line
Signatures
SmokeLoader
Suspicious use of NtCreateProcessExOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4776 created 4616 | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe |
| PID 2988 created 4884 | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe |
| PID 2008 created 4396 | N/A | C:\Windows\system32\WerFault.exe | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe |
| PID 1292 created 3088 | N/A | C:\Windows\system32\WerFault.exe | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe |
Disables Task Manager via registry modification
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\malware-master\malware-master\666\666.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\09F04A5D9E.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\malware-master\malware-master\666\666.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\malware-master\malware-master\666\666.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*09F04A5D9E = "C:\\Users\\Admin\\AppData\\Roaming\\09F04A5D9E.exe" | C:\Users\Admin\AppData\Roaming\09F04A5D9E.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\Run\09F04A5D9E = "C:\\Users\\Admin\\AppData\\Roaming\\09F04A5D9E.exe" | C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*09F04A5D9E = "C:\\Users\\Admin\\AppData\\Roaming\\09F04A5D9E.exe" | C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Windows\CurrentVersion\Run\09F04A5D9E = "C:\\Users\\Admin\\AppData\\Roaming\\09F04A5D9E.exe" | C:\Users\Admin\AppData\Roaming\09F04A5D9E.exe | N/A |
Enumerates connected drives
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" | C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe | N/A |
Program crash
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Control Panel\Desktop\Wallpaper | C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2592 set thread context of 2588 | N/A | C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe | C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\97717462.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\4272278488\30062976.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\1361672858.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1659841449.pri | N/A | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\97717462.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\1361672858.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\4272278488\30062976.pri | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe | N/A |
| File created | C:\Windows\rescache\_merged\4272278488\30062976.pri | N/A | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1659841449.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Toolbar | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0\0\NodeSlot = "4" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "{081209ED-FAF1-4E6B-A90A-1C841941779A}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5a20b75e8716d801 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" | C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = bca03f4542ecd701 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = bca03f4542ecd701 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = ffffffff | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\LogicalViewMode = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\0 = 4a00310000000000514e290f100030303000380009000400efbe3f54a84d3f54a84d2e000000c706000000000300000000000000000000000000000000000000300030003000000012000000 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000070000001800000030f125b7ef471a10a5f102608c9eebac0a000000f000000030f125b7ef471a10a5f102608c9eebac04000000a0000000e0cc8de8b3b7d111a9f000aa0060fa310600000080000000e0cc8de8b3b7d111a9f000aa0060fa31020000005000000030f125b7ef471a10a5f102608c9eebac0c00000080000000e0cc8de8b3b7d111a9f000aa0060fa31040000005000000030f125b7ef471a10a5f102608c9eebac0e000000a0000000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616193" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0\0\MRUListEx = ffffffff | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\MRUListEx = 00000000ffffffff | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe
"C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe
"C:\Users\Admin\AppData\Local\Temp\4446186b0133b453f35a839b841ba453377c9a5638c1d81ee2313bb3adc22aaf.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff26cd4f50,0x7fff26cd4f60,0x7fff26cd4f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1512 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1732 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4160 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4256 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4280 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1496,16153606271615647508,8671030251805664743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff26cd4f50,0x7fff26cd4f60,0x7fff26cd4f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1660 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1552 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2368 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3896 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4844 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4388 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5892 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6484 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4552 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4640 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap1251:102:7zEvent27104
C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe
"C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 420
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3568 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 436
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3116 /prefetch:2
C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe
"C:\Users\Admin\Desktop\Main-Pass--1234--setup.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 368
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 388
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1688 /prefetch:8
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4396 -s 1660
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff26cd4f50,0x7fff26cd4f60,0x7fff26cd4f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6924 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7120 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8
C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe
"C:\Users\Admin\Desktop\malware-master\malware-master\000\000.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,15448403137069124104,11035690966913422785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
C:\Users\Admin\Desktop\malware-master\malware-master\666\666.exe
"C:\Users\Admin\Desktop\malware-master\malware-master\666\666.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c @echo off
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c dir c
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c md VIRUS
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe
"C:\Users\Admin\Desktop\malware-master\malware-master\CryptoLocker 2014\1003.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\6b424736bc0549dda9e54f638e7b909f /t 3424 /p 3052
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3088 -s 3508
C:\Users\Admin\AppData\Roaming\09F04A5D9E.exe
"C:\Users\Admin\AppData\Roaming\09F04A5D9E.exe"
C:\Windows\SYSTEM32\taskkill.exe
"taskkill" /F /IM 1003.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TSKILL explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c TASKKILL /IM /f explorer
C:\Windows\SysWOW64\taskkill.exe
TASKKILL /IM /f explorer
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.250.179.173:443 | accounts.google.com | tcp |
| NL | 142.250.179.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 142.250.179.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| PL | 34.118.37.165:80 | file-coin-host-12.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.250.179.173:443 | accounts.google.com | udp |
| NL | 142.250.179.206:443 | clients2.google.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.131:443 | ssl.gstatic.com | tcp |
| US | 142.250.141.94:443 | id.google.com | tcp |
| NL | 142.250.179.142:443 | apis.google.com | udp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| NL | 142.251.39.110:443 | udp | |
| US | 142.250.141.94:443 | udp | |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | udp | |
| FR | 5.135.138.205:443 | 10crack.com | tcp |
| FR | 5.135.138.205:443 | 10crack.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 192.0.77.37:443 | tcp | |
| US | 192.0.77.37:443 | tcp | |
| US | 192.0.77.37:443 | tcp | |
| FR | 5.135.138.205:443 | 10crack.com | tcp |
| FR | 5.135.138.205:443 | 10crack.com | tcp |
| FR | 5.135.138.205:443 | 10crack.com | tcp |
| FR | 5.135.138.205:443 | 10crack.com | tcp |
| NL | 142.250.179.131:443 | udp | |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| NL | 13.227.221.5:443 | z-na.amazon-adsystem.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 209.54.181.15:443 | tcp | |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | tcp |
| US | 209.54.181.15:443 | tcp | |
| US | 52.94.237.66:443 | tcp | |
| NL | 13.227.198.86:443 | tcp | |
| NL | 13.227.198.86:443 | m.media-amazon.com | tcp |
| NL | 13.227.210.95:443 | wms-na.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 188.114.96.0:443 | evyfilex.xyz | tcp |
| US | 188.114.96.0:443 | tcp | |
| US | 23.22.151.222:80 | ec2-23-22-151-222.compute-1.amazonaws.com | tcp |
| US | 23.22.151.222:80 | tcp | |
| US | 104.16.18.94:443 | cdnjs.cloudflare.com | tcp |
| NL | 142.251.36.10:443 | udp | |
| US | 104.16.18.94:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 104.16.202.237:443 | tcp | |
| US | 104.16.202.237:443 | tcp | |
| US | 199.91.155.81:443 | download2340.mediafire.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.195:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.195:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.250.179.195:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.195:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 20.42.65.92:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.131:443 | beacons.gcp.gvt2.com | tcp |
| NL | 172.217.168.206:443 | udp | |
| NL | 142.250.179.131:443 | udp | |
| US | 142.250.141.94:443 | udp | |
| NL | 142.251.39.110:443 | udp | |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | tcp | |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| NL | 142.251.36.10:443 | udp | |
| US | 3.217.146.184:443 | tcp | |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.251.36.10:443 | safebrowsing.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 140.82.114.5:443 | api.github.com | tcp |
| NL | 142.250.179.131:443 | udp | |
| US | 3.217.146.184:443 | tcp | |
| US | 140.82.114.10:443 | codeload.github.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.251.39.110:443 | sb-ssl.google.com | tcp |
| NL | 142.251.36.46:443 | tcp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.250.179.195:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 13.89.179.12:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
| RU | 194.58.112.165:80 | yot.su | tcp |
Files
memory/2592-115-0x0000000000AC0000-0x0000000000AE2000-memory.dmp
memory/2592-116-0x0000000000030000-0x0000000000039000-memory.dmp
memory/2588-117-0x0000000000400000-0x0000000000409000-memory.dmp
\??\pipe\crashpad_3328_HTGXOEDRFTXYPONR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2588-119-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3036-120-0x0000000001190000-0x00000000011A6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 46d07fa3882de26436214609c231a675 |
| SHA1 | c2eb75830b07feade40db89a2c9400761462d49a |
| SHA256 | 438108f821605c4bb3f0efa32837e07adfe807033e5962b75b9787ebccf4a5e6 |
| SHA512 | c51a46e62fdcbe0cdac93a4b0a1001fcccdf43443182493c1dbf2f439db4237301a4c34d96b104e5e312dbc28d3086dbfe55a437101a87db3663a10284e4e11c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 303e186ee806bb3d9b2a124f18916fc5 |
| SHA1 | 653da9990396bc056479aaed2a6d9709c433c23a |
| SHA256 | e82d8cd0e29f481d7bf54fa0cc39400dd32f104b28990feb9cc2a485c4024698 |
| SHA512 | 702a7d4f95c962f9ff3a44f46d560a0b08464e72bd75248210b27def2cf056ba7bab9e867700bb6e072d2ddae2e4194f4630c97831f08717c5de36ddbff7e11e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | c146301dc65bcf6447ff68e006685c67 |
| SHA1 | 53854ca572fac03f45f7b75bc937a65f78c74c27 |
| SHA256 | 07335842fe276360d4b6b6e8ba00d37c805bf56165982acc6f63ed108f1f2743 |
| SHA512 | ea000a2ce286a50367de7b2ec28adcbbe53f4012138fd95ca0a99276d168fb45ce469ae711ad34e734a65efb89c110f4e2c194a38c31576a498efc7b731c89d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | dd3fc3134d4e9a3ceabd3f68ca204fa8 |
| SHA1 | a04bcf3771b25b2e89d0fa35dca04f162a3b12bc |
| SHA256 | 490af9a9e6c1b248d0dcb91b16937ba6c8b2dcabb2b46084b39d36580488437c |
| SHA512 | 8666ef468bbf782375a83ec1a42d5ed4330fc9ae427bb280272abef00ab11df8a5673eb9494fa08c583a6bc880a7ecfe83a9c9018c81eb9a7ef6c67f57b37c65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | b63048c4e7e52c52053d25da30d9c5ab |
| SHA1 | 679a44d402f5ec24605719e06459f5a707989187 |
| SHA256 | 389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1 |
| SHA512 | e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 69c7be2c4fda689fc1ba6ce1d00cc635 |
| SHA1 | f0ce8a55ea751dae716ce4912bef0dee32cfc74d |
| SHA256 | 09cdcc722ce831066b73129329a30cf5ad4b65f57393753af46992fd1bec5c44 |
| SHA512 | e9120bcc2c377021eb99231c4ccc8cfbf65a3d483c96793bd396085e5d047241362203e017c9def49a7ec9f0c20d72eeba063db0312dc9f3fc8f856601ced622 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | de92ad90be6d3364745b2f73f4c3cf73 |
| SHA1 | 9158681463bd30e5af4dda4baac81f93cedbda77 |
| SHA256 | 0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0 |
| SHA512 | 9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13288095616253340
| MD5 | 14b098853fd3a9ac1cf1d52588d1dcbf |
| SHA1 | 3d926fd0496a593d6c9d53d93984155c317ae903 |
| SHA256 | 29d41cd078bf6a6eacd1b1631953e649c2716ce4d475c8951579990e06158d0f |
| SHA512 | f125927207187888f97cfacb7db4090e44ec7fd89ad754b1151728fc10d2f798c95a96cf2816d41dfb0f1f06505c4cb3123117d98c41b4ee016286762681ee84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | d535900d8a0119448a1bc4ab784344b9 |
| SHA1 | 700d05085711e47dddf23f25610e1b52eb3f19ed |
| SHA256 | 450a110d100e2b12fa6f7d451e92f20c6eebe0c569f86e85df7271623a1897dd |
| SHA512 | 9128e76f03fe4bd71f16ed45c7d6601953609150de3015abfb5dc923b06e6e5e97ed4a9c74fab066e1dd6e337e3c5332d213ad7ba49361e01e4b0572b091ce3f |
\??\pipe\crashpad_1236_LRTYOQYHQGSSIDAV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 0302998e05a07498986c1c95e93d2721 |
| SHA1 | 20b4f5cfe5894297499ed8fdda2cc5b89261eb24 |
| SHA256 | fbbebcab261f199cf827cc1c63a9c8615ec82df163921adf25d2b7b18ebcf099 |
| SHA512 | 74aed7dd9967ba59a4958fc7dc3e7ad1e0025b43427a25c00ce7ae928b0f591a41f0df61383f0e3138d346fa377b480ac80b12a100cc68b03a57b60aae0a6be9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
| MD5 | aee7f2b758ef98acce1c5041bade3de2 |
| SHA1 | d4f142b3b43369b4b43ac82461094848ec70f649 |
| SHA256 | 7611ac5381848c8cb3f4356d9a776eb9c6b074eb1220e81313cfc3a36a0b8781 |
| SHA512 | 2084f924bd934eb11ff9af98bb5694f19ee1256cf229885735416caae69d0d07e36fbff43a39632d7b7bbbd2398eb638d63666cff483fd169f562e5b96ab2222 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
| MD5 | b8f68e066bf77be83eacf73b9e993bc6 |
| SHA1 | 77f02b01f71e0f4d6cec9155ea7a7630d50808e3 |
| SHA256 | 3b06dd18914e990da95ff66ce60628b2711b76cfbe36e9b21dbb65fdfe2886e4 |
| SHA512 | 4f0a0704e968743fa2ed5ea91a0a420a80122083bcf7e46d6ab6efa30a021696889bbc97d45a6dcf66df210127e84b987d30acfab521f4974e4a3c0cd4a7ff1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
| MD5 | 80480ff4d45ecb326b8123969c46d621 |
| SHA1 | 7a827640cc0ac4764168e2a5dec75d3a3a9ebe91 |
| SHA256 | 2936d7a7aa586e120eab84a1d12d90701b612bf2ae34c3f9bacf4225faaf7e79 |
| SHA512 | abbf2651045dbfdb51af1adda1188dc67e15de0e626ed4cd4a1abd32ca3bed27e49e4250d5fea51acb4dc5b3eb719418eb2c2b2f9be70423f1d360ca671a5db3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
| MD5 | 4a9466b6916822c8604852373d5af469 |
| SHA1 | f0e9316f27b4cd47a93fd14fe85d0f8a2ecbe671 |
| SHA256 | 3538d5e9978be1eabcb598838798af2d895d7bd1924f356a7750d7b6523570d9 |
| SHA512 | 2ca6cd13538e4055404806ad7b4fa37d099dbaef296e6ec7663435750e28b473cc05decb2a6bca4d4fa299d863dbe0facae598c5f8723253880b42b647d82683 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
| MD5 | 92bd4b1c5c3ac30bbbcbfe4c24df6658 |
| SHA1 | d92f56d02427f9edba37008b0fb2915f17119945 |
| SHA256 | d5ed7ccdcf5e4af1e37e5cd2f93d15c3550d313746b76ee35fa75ec4004b1b1d |
| SHA512 | f2e6510c8daf6b77d1178fe464d51120354f643d579a9365799ceef6114ffae1b468a72ddc8781acc68b477494510d8427dc39e08b5a9c020ca23da35260aa27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | d7d9437445aa960dcea52ffe772822dc |
| SHA1 | c2bbf4ac0732d905d998c4f645fd60f95a675d02 |
| SHA256 | 4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1 |
| SHA512 | 335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | 52eeb652348939d1ee010b109467bdde |
| SHA1 | 781cfedb4c895c8e97a13073258eab6dddc27aab |
| SHA256 | 991eea0b81b9d391b9c856a2a43ac337bb217e907a269acef82bd989148eec1f |
| SHA512 | 2adcb862aed783858659f6a9ade627deb50b7eed7c1508ba3b15dcdc37a59a5ff98fdbc6f6abc88a212cd11519afc64aaa08bba93f61d578ab0fd8f87eaa51b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
| MD5 | 9f5bbf8401d7f01615a0d5ddac4d74c0 |
| SHA1 | e5b7533a88f09026e44e635973c864d4347e8dc7 |
| SHA256 | 99a6e86a861080361d00247f78249fd4dd31b31b4fab03c8b118ac0f9fd84ae4 |
| SHA512 | fa6fb61335cfab52efaf60bf2ffdf96ab1bf807b7f97d3908752d5fd5e2b13b3d59b0307a5b408cf2e53f08b7a05dfb8aaa80096f7c68b4b2c0d15637f52f615 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL
| MD5 | c834f4634a2f310c3528e57df93d25a9 |
| SHA1 | 512aa46234fda64a29b417759348d402d140e319 |
| SHA256 | ea0fff53fa74670be49034cfed633e5789307ae72b6576db5aeb12575661cb3f |
| SHA512 | e71e3223338110a266071b8deda0ec115052fabb608ac1d6bf0522b39052bde1fa0eeac57b31dc674b952ec1fac70bb6e23decab5232b0da8fe7f79085e7bf22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
| MD5 | bed96ecd675fd8c2b4710d2193c9d71a |
| SHA1 | 4ba692fe76e2e0b9862b94e14f8fc46edce6e449 |
| SHA256 | 7d02cd16917493dc8f19ff7ff5106001d549646979a3ebeb0fceed542a0d7ea9 |
| SHA512 | 52c569409e9726be8a84ce57ecae1ba9a047d105c4555803971e0231bfc840dd22c6d2e4775252b0074695ca191adc0b246c4d68dafaeda77c5da6dbabec15da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 838c958475308aa6d15add38c5cf39fb |
| SHA1 | 574ad774e8d55b8c11b57ab669629b34fbb3ee7d |
| SHA256 | 167b5c630c539b11d5c953f7bf01985d09bc6dc2dba082ae1dc9d913a1929c6d |
| SHA512 | a7de5ae1f94dc5b29eb4402988353d276b3feedd973177464da851a70dd0aeafb77331900461e6a17d548af8eef1ebe33c547350d8afbe38690e3e4ede3b685c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
| MD5 | c4a85e28db8384c144974acbf425787a |
| SHA1 | c9e5832f263da2f28827e6db70383e976393952d |
| SHA256 | 0efd753008c76eb6ba7206b014cfeb2cc5dc2ea7d134fcd7045ab59f03a34151 |
| SHA512 | 1a1324ff492b1808573ad0a2c4663aae461dcaefe71e80a2d190c19317701a2f3a611493d4342a50ce1e42c37e48a44465eb18294e753d32fac30df2141bce3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
| MD5 | 70ae354ce421c724f886e84c9e5bdbe6 |
| SHA1 | b1d130a83f58a34c86a18881276adb0181da23e7 |
| SHA256 | 3fba20649c9805c920acacf297d0e2863eff51c3992925374d634c94781119ad |
| SHA512 | ce20d7031a8e5d22839903d2fa9d0f357f2fc91d454c2be1878f461654d3b1623247affd8c29a44d6b6290b98e3933cf2e5b683ff473c38a605cad5281801b22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | be4ccc464de2342cb42c057c2c248902 |
| SHA1 | 38616eb4cefca972d6546dcb463df97d8914e546 |
| SHA256 | a2ae44993c32d0c4bcebfa03bc326374200b754e8479ef55d5b7e85dede545f8 |
| SHA512 | 207987c62a993fae564fa21c6ba45e6b6d57cab508e03aff442c4de4de443ca2dd381151ce6d753e8b80774e3c38f0f2771cf39b6bedb50e96d699cdf425ac7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal
| MD5 | ac42e68a9c451108ebadb88b876cf091 |
| SHA1 | 365edd9d5854ef37da7fc12ef3612a1f93baf659 |
| SHA256 | d59e3324254c68232177fa9814e6a226e2e51b6652e71c2da785b8152a6c57e9 |
| SHA512 | 3046ba5dcc39ff90991af244855c87a9d2aa06216d793436241d2ee2c83d612cef716027f68bc59c31b22184f0f0b61f58a6097f67d607384ebc219325c87785 |
memory/4616-150-0x0000000002620000-0x0000000002680000-memory.dmp
memory/3052-496-0x00000000001F0000-0x000000000089E000-memory.dmp
memory/3052-497-0x0000000002B70000-0x0000000002B71000-memory.dmp
memory/3052-498-0x0000000005690000-0x0000000005B8E000-memory.dmp
memory/3052-499-0x0000000002B73000-0x0000000002B75000-memory.dmp
memory/4372-500-0x0000000002660000-0x0000000002662000-memory.dmp
memory/3052-501-0x000000000A7D0000-0x000000000A808000-memory.dmp
memory/3052-502-0x000000000AA10000-0x000000000AA20000-memory.dmp
memory/3052-503-0x000000000AA10000-0x000000000AA20000-memory.dmp
memory/3052-504-0x000000000AA10000-0x000000000AA20000-memory.dmp
memory/3052-505-0x000000000AA10000-0x000000000AA20000-memory.dmp
memory/3052-506-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/3052-507-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/3052-508-0x000000000AA10000-0x000000000AA20000-memory.dmp
memory/3052-509-0x000000000AA10000-0x000000000AA20000-memory.dmp
memory/3052-510-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/4372-511-0x0000000002663000-0x0000000002665000-memory.dmp
memory/4372-512-0x0000000002665000-0x0000000002666000-memory.dmp
memory/4372-523-0x0000000002666000-0x0000000002667000-memory.dmp
memory/4372-525-0x0000000002667000-0x0000000002669000-memory.dmp
memory/2012-799-0x0000000002EC0000-0x0000000002EC2000-memory.dmp
memory/2012-800-0x0000000002EC3000-0x0000000002EC5000-memory.dmp
memory/2012-801-0x0000000002EC5000-0x0000000002EC6000-memory.dmp
memory/2012-802-0x0000000002EC6000-0x0000000002EC7000-memory.dmp
memory/2012-803-0x0000000002EC7000-0x0000000002EC9000-memory.dmp