Malware Analysis Report

2025-01-02 06:19

Sample ID 230222-ta4nnscd83
Target d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934
SHA256 d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934
Tags
gcleaner socelars evasion loader persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934

Threat Level: Known bad

The file d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934 was found to be: Known bad.

Malicious Activity Summary

gcleaner socelars evasion loader persistence spyware stealer

GCleaner

Process spawned unexpected child process

Socelars payload

Socelars

Checks for common network interception software

Drops file in Drivers directory

Downloads MZ/PE file

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of WriteProcessMemory

Kills process with taskkill

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Script User-Agent

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-02-22 15:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-22 15:52

Reported

2023-02-22 15:54

Platform

win10v2004-20230221-en

Max time kernel

151s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.exe"

Signatures

GCleaner

loader gcleaner

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\system32\rundll32.exe

Socelars

stealer socelars

Socelars payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks for common network interception software

evasion

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pu4aal13.nu3\chenp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Mozilla Maintenance Service\\Xyshishidaemy.exe\"" C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe N/A

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0f50178e-a9fc-4c17-b831-cfc4e0af1647.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\Xyshishidaemy.exe C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230222165236.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\Xyshishidaemy.exe.config C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133215583575779849" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4676 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.exe C:\Users\Admin\AppData\Local\Temp\is-IP41B.tmp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.tmp
PID 4676 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.exe C:\Users\Admin\AppData\Local\Temp\is-IP41B.tmp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.tmp
PID 4676 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.exe C:\Users\Admin\AppData\Local\Temp\is-IP41B.tmp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.tmp
PID 3780 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\is-IP41B.tmp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.tmp C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe
PID 3780 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\is-IP41B.tmp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.tmp C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe
PID 992 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe
PID 992 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe
PID 992 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe
PID 992 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe
PID 3868 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3868 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 5136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2864 wrote to memory of 5652 N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe C:\Windows\System32\cmd.exe
PID 2864 wrote to memory of 5652 N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe C:\Windows\System32\cmd.exe
PID 5652 wrote to memory of 7424 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe
PID 5652 wrote to memory of 7424 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe
PID 5652 wrote to memory of 7424 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe
PID 2864 wrote to memory of 7624 N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe C:\Windows\System32\cmd.exe
PID 2864 wrote to memory of 7624 N/A C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe C:\Windows\System32\cmd.exe
PID 7624 wrote to memory of 7684 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe
PID 7624 wrote to memory of 7684 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe
PID 7624 wrote to memory of 7684 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2712 wrote to memory of 7800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.exe

"C:\Users\Admin\AppData\Local\Temp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.exe"

C:\Users\Admin\AppData\Local\Temp\is-IP41B.tmp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.tmp

"C:\Users\Admin\AppData\Local\Temp\is-IP41B.tmp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.tmp" /SL5="$C005C,506086,422400,C:\Users\Admin\AppData\Local\Temp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.exe"

C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe

"C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe" /S /UID=95

C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe

"C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe"

C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe

"C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.profitabletrustednetwork.com/e2q8zu9hu?key=a971bbe4a40a7216a1a87d8f455f71e6

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff86fa946f8,0x7ff86fa94708,0x7ff86fa94718

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe /mixfive & exit

C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe

C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe /mixfive

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7424 -ip 7424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 448

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe & exit

C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe

C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7424 -ip 7424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 764

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7424 -ip 7424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 772

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7424 -ip 7424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 800

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\pu4aal13.nu3\chenp.exe & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7424 -ip 7424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 812

C:\Users\Admin\AppData\Local\Temp\pu4aal13.nu3\chenp.exe

C:\Users\Admin\AppData\Local\Temp\pu4aal13.nu3\chenp.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7424 -ip 7424

C:\Users\Admin\AppData\Local\Temp\pu4aal13.nu3\chenp.exe

"C:\Users\Admin\AppData\Local\Temp\pu4aal13.nu3\chenp.exe" -h

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 984

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 7424 -ip 7424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 996

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 7424 -ip 7424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 1092

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 7424 -ip 7424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 1372

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5572 -ip 5572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "gcleaner.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe" & exit

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "gcleaner.exe" /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff86d3c9758,0x7ff86d3c9768,0x7ff86d3c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3232 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3368 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3876 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4692 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3872 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff79e2d5460,0x7ff79e2d5470,0x7ff79e2d5480

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16690804636518719468,306739360567049101,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1044 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 --field-trial-handle=1772,i,15029114359529796293,731310227466114870,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.110.152.52.in-addr.arpa udp
US 8.8.8.8:53 164.2.77.40.in-addr.arpa udp
US 8.8.8.8:53 s3.eu-central-1.wasabisys.com udp
NL 130.117.252.20:80 s3.eu-central-1.wasabisys.com tcp
US 8.8.8.8:53 20.252.117.130.in-addr.arpa udp
US 8.8.8.8:53 connectini.net udp
GB 37.230.138.123:443 connectini.net tcp
US 8.8.8.8:53 s3.eu-central-1.wasabisys.com udp
US 8.8.8.8:53 n8w5.c12.e2-1.dev udp
US 8.8.8.8:53 wewewe.s3.eu-central-1.amazonaws.com udp
NL 130.117.252.27:443 s3.eu-central-1.wasabisys.com tcp
NL 130.117.252.27:443 s3.eu-central-1.wasabisys.com tcp
DE 3.5.138.136:443 wewewe.s3.eu-central-1.amazonaws.com tcp
US 8.8.8.8:53 360devtracking.com udp
GB 37.230.138.66:80 360devtracking.com tcp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 123.138.230.37.in-addr.arpa udp
US 8.8.8.8:53 27.252.117.130.in-addr.arpa udp
US 8.8.8.8:53 136.138.5.3.in-addr.arpa udp
US 8.8.8.8:53 66.138.230.37.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
NL 142.251.39.100:80 www.google.com tcp
US 8.8.8.8:53 connectini.net udp
GB 37.230.138.123:443 connectini.net tcp
GB 37.230.138.123:443 connectini.net tcp
GB 37.230.138.66:80 360devtracking.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
NL 45.12.253.74:80 45.12.253.74 tcp
US 8.8.8.8:53 iplogger.org udp
DE 148.251.234.83:443 iplogger.org tcp
US 8.8.8.8:53 htagzdownload.pw udp
US 8.8.8.8:53 www.wohilife.com udp
US 104.21.38.254:80 www.wohilife.com tcp
US 8.8.8.8:53 74.253.12.45.in-addr.arpa udp
US 8.8.8.8:53 83.234.251.148.in-addr.arpa udp
BE 35.205.61.67:80 htagzdownload.pw tcp
US 8.8.8.8:53 www.countlist.top udp
US 8.8.8.8:53 254.38.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.ippfinfo.top udp
DE 178.18.252.110:443 www.ippfinfo.top tcp
US 8.8.8.8:53 ocsp.trust-provider.cn udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
NL 47.246.48.208:80 ocsp.trust-provider.cn tcp
US 8.8.8.8:53 www.profitabletrustednetwork.com udp
US 8.8.8.8:53 110.252.18.178.in-addr.arpa udp
US 8.8.8.8:53 188.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 208.48.246.47.in-addr.arpa udp
DE 148.251.234.83:443 iplogger.org tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
US 8.8.8.8:53 a.dowgmua.com udp
US 188.114.96.0:443 a.dowgmua.com tcp
US 173.233.137.52:443 www.profitabletrustednetwork.com tcp
US 173.233.137.52:443 www.profitabletrustednetwork.com tcp
US 8.8.8.8:53 b.dowgmub.com udp
US 104.21.70.228:443 b.dowgmub.com tcp
US 8.8.8.8:53 simplewebanalysis.com udp
US 8.8.8.8:53 67.61.205.35.in-addr.arpa udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 83.211.2.23.in-addr.arpa udp
US 8.8.8.8:53 52.137.233.173.in-addr.arpa udp
IN 65.1.50.141:443 simplewebanalysis.com tcp
US 8.8.8.8:53 aribberoviromy.com udp
NL 85.17.80.5:443 aribberoviromy.com tcp
US 8.8.8.8:53 be2.com udp
DE 93.104.242.20:80 be2.com tcp
US 8.8.8.8:53 www.be2.com udp
US 104.18.139.241:443 www.be2.com tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
US 8.8.8.8:53 228.70.21.104.in-addr.arpa udp
US 8.8.8.8:53 141.50.1.65.in-addr.arpa udp
US 8.8.8.8:53 5.80.17.85.in-addr.arpa udp
US 8.8.8.8:53 20.242.104.93.in-addr.arpa udp
US 8.8.8.8:53 app2.be2.com udp
DE 62.245.131.116:443 app2.be2.com tcp
US 8.8.8.8:53 edge.msiserver.lan udp
DE 62.245.131.116:443 app2.be2.com tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
US 8.8.8.8:53 241.139.18.104.in-addr.arpa udp
US 8.8.8.8:53 116.131.245.62.in-addr.arpa udp
US 8.8.8.8:53 xv.yxzgamen.com udp
US 188.114.96.0:443 xv.yxzgamen.com tcp
NL 45.12.253.56:80 45.12.253.56 tcp
US 8.8.8.8:53 56.253.12.45.in-addr.arpa udp
US 8.8.8.8:53 arc.srv.lan udp
US 8.8.8.8:53 ntp.srv.lan udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
N/A 224.0.0.251:5353 udp
BE 35.205.61.67:80 htagzdownload.pw tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
US 8.8.8.8:53 accounts.server.lan udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ferramentasadicionais.s3.sa-east-1.amazonaws.com udp
US 8.8.8.8:53 m.facebook.com udp
BR 52.95.165.36:443 ferramentasadicionais.s3.sa-east-1.amazonaws.com tcp
US 157.240.24.35:443 m.facebook.com tcp
BR 52.95.165.36:443 ferramentasadicionais.s3.sa-east-1.amazonaws.com tcp
US 8.8.8.8:53 35.24.240.157.in-addr.arpa udp
US 8.8.8.8:53 36.165.95.52.in-addr.arpa udp
US 157.240.24.35:443 m.facebook.com udp
US 8.8.8.8:53 www.evoori.com udp
US 188.114.96.0:80 www.evoori.com tcp
US 8.8.8.8:53 secure.facebook.com udp
US 157.240.24.15:443 secure.facebook.com tcp
US 8.8.8.8:53 15.24.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.168.238:443 clients2.google.com udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.server.lan udp
BE 35.205.61.67:80 htagzdownload.pw tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
US 13.89.178.27:443 tcp
US 157.240.24.35:443 m.facebook.com udp
US 157.240.24.15:443 secure.facebook.com udp
NL 157.240.247.35:443 www.facebook.com udp
BE 35.205.61.67:80 htagzdownload.pw tcp
US 8.8.8.8:53 accounts.server.lan udp
US 8.8.8.8:53 86.8.109.52.in-addr.arpa udp
NL 8.253.208.120:80 tcp
US 8.8.8.8:53 edge.msiserver.lan udp
US 93.184.220.29:80 tcp
NL 8.253.208.120:80 tcp
US 8.8.8.8:53 update.msiservers.lan udp
US 157.240.24.35:443 m.facebook.com udp
US 157.240.24.15:443 secure.facebook.com udp
NL 157.240.247.35:443 www.facebook.com udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
US 8.8.8.8:53 accounts.server.lan udp
BE 35.205.61.67:80 htagzdownload.pw tcp
BE 35.205.61.67:80 htagzdownload.pw tcp
US 8.8.8.8:53 m.facebook.com udp
US 157.240.24.35:443 m.facebook.com udp
US 8.8.8.8:53 www.listfcbt.top udp
US 8.8.8.8:53 www.typefdq.xyz udp
US 8.8.8.8:53 www.rqckdpt.top udp
US 8.8.8.8:53 secure.facebook.com udp
US 157.240.24.15:443 secure.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com udp
US 8.8.8.8:53 edge.msiserver.lan udp

Files

memory/4676-133-0x0000000000400000-0x000000000046D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-IP41B.tmp\d182c08bed51b78f1dace83a6aa4bdb26954e7c89c9e7c8f8ae0992d6a315934.tmp

MD5 cc646fa6fa6af2fbc50f37cfbd67da29
SHA1 7516d944830c012d8663439e9fe6515de6ce6d1c
SHA256 7833d6629388d8b2f5b2e47fcf263e48a61f8147cb68b573f8103802cdcbf9c6
SHA512 0cd1740d89d7f09812fa7926a4f0aadff45e7608173bff05c9e8940ebf0d29e7c670c345164d6ee718a01c57cd8eae6c97fb6c07d9dd2cb983133084d05d4cf1

memory/3780-138-0x00000000006B0000-0x00000000006B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\idp.dll

MD5 8f995688085bced38ba7795f60a5e1d3
SHA1 5b1ad67a149c05c50d6e388527af5c8a0af4343a
SHA256 203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006
SHA512 043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe

MD5 f6c312d7bc53140df83864221e8ebee1
SHA1 da7ad1f5fa18bf00c3352cb510554b061bbfe04f
SHA256 e119a3b5fcb628740e8313a44d312296fd03771d9ed727b10b58aae29192a2db
SHA512 38c9d9b32fd1ee096f23ee62b5e64cc962f21a85d07ea32860d45d5e8249474d28239238a635cf69db30fd3f035c7c93dcce264a9e8288dbef70ffe2a493922a

C:\Users\Admin\AppData\Local\Temp\is-T0KJV.tmp\fITNESS.exe

MD5 f6c312d7bc53140df83864221e8ebee1
SHA1 da7ad1f5fa18bf00c3352cb510554b061bbfe04f
SHA256 e119a3b5fcb628740e8313a44d312296fd03771d9ed727b10b58aae29192a2db
SHA512 38c9d9b32fd1ee096f23ee62b5e64cc962f21a85d07ea32860d45d5e8249474d28239238a635cf69db30fd3f035c7c93dcce264a9e8288dbef70ffe2a493922a

memory/992-151-0x0000000000550000-0x00000000005E6000-memory.dmp

memory/992-153-0x0000000002720000-0x0000000002730000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe

MD5 fba3b4b12a0c6c9924132b149147a0a2
SHA1 a776068968a89ff9503e794e4ab0c04bbee6e5f6
SHA256 7403a6d53688cddeb84997cf90f616a3f25e79681b9c47074b5534f4e8b45890
SHA512 a1a41956ee97b4e590795a319d357f7f1b22115f5f663211af71cb14ffae879cb0fda743c7a016bb1a479d64dacee2f865e67f29d589d30d10b928a2bbb628ee

C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe

MD5 1e8e3939ec32c19b2031d50cc9875084
SHA1 83cc7708448c52f5c184cc329fa11f4cfe9c2823
SHA256 5988245cd9d0c40bcb12155b966cb8ddd86da1107bca456341de5bd5fb560808
SHA512 0d3ad7c0865e421fad34e27a47108fdc9e359f8603c4c01f6d789d3ead6e6ac5815f979301870f8157fedaf8178ed34873fbff807807d46698249f098fc78caa

C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe

MD5 fba3b4b12a0c6c9924132b149147a0a2
SHA1 a776068968a89ff9503e794e4ab0c04bbee6e5f6
SHA256 7403a6d53688cddeb84997cf90f616a3f25e79681b9c47074b5534f4e8b45890
SHA512 a1a41956ee97b4e590795a319d357f7f1b22115f5f663211af71cb14ffae879cb0fda743c7a016bb1a479d64dacee2f865e67f29d589d30d10b928a2bbb628ee

C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe

MD5 fba3b4b12a0c6c9924132b149147a0a2
SHA1 a776068968a89ff9503e794e4ab0c04bbee6e5f6
SHA256 7403a6d53688cddeb84997cf90f616a3f25e79681b9c47074b5534f4e8b45890
SHA512 a1a41956ee97b4e590795a319d357f7f1b22115f5f663211af71cb14ffae879cb0fda743c7a016bb1a479d64dacee2f865e67f29d589d30d10b928a2bbb628ee

C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Xyshishidaemy.exe.config

MD5 98d2687aec923f98c37f7cda8de0eb19
SHA1 f6dcfcdcfe570340ecdbbd9e2a61f3cb4f281ba7
SHA256 8a94163256a722ef8cc140bcd115a5b8f8725c04fe158b129d47be81cb693465
SHA512 95c7290d59749df8df495e04789c1793265e0f34e0d091df5c0d4aefe1af4c8ac1f5460f1f198fc28c4c8c900827b8f22e2851957bbaea5914ea962b3a1d0590

C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe.config

MD5 98d2687aec923f98c37f7cda8de0eb19
SHA1 f6dcfcdcfe570340ecdbbd9e2a61f3cb4f281ba7
SHA256 8a94163256a722ef8cc140bcd115a5b8f8725c04fe158b129d47be81cb693465
SHA512 95c7290d59749df8df495e04789c1793265e0f34e0d091df5c0d4aefe1af4c8ac1f5460f1f198fc28c4c8c900827b8f22e2851957bbaea5914ea962b3a1d0590

C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe

MD5 1e8e3939ec32c19b2031d50cc9875084
SHA1 83cc7708448c52f5c184cc329fa11f4cfe9c2823
SHA256 5988245cd9d0c40bcb12155b966cb8ddd86da1107bca456341de5bd5fb560808
SHA512 0d3ad7c0865e421fad34e27a47108fdc9e359f8603c4c01f6d789d3ead6e6ac5815f979301870f8157fedaf8178ed34873fbff807807d46698249f098fc78caa

C:\Users\Admin\AppData\Local\Temp\49-0cfd5-808-d4ea8-6469a3f0cc199\Xyshishidaemy.exe

MD5 1e8e3939ec32c19b2031d50cc9875084
SHA1 83cc7708448c52f5c184cc329fa11f4cfe9c2823
SHA256 5988245cd9d0c40bcb12155b966cb8ddd86da1107bca456341de5bd5fb560808
SHA512 0d3ad7c0865e421fad34e27a47108fdc9e359f8603c4c01f6d789d3ead6e6ac5815f979301870f8157fedaf8178ed34873fbff807807d46698249f098fc78caa

memory/3780-186-0x0000000000400000-0x0000000000516000-memory.dmp

memory/3868-189-0x0000000000F00000-0x0000000000F6A000-memory.dmp

memory/4676-188-0x0000000000400000-0x000000000046D000-memory.dmp

memory/2864-190-0x0000000000750000-0x00000000007CA000-memory.dmp

memory/3868-191-0x0000000001950000-0x0000000001960000-memory.dmp

memory/2864-192-0x0000000001110000-0x0000000001120000-memory.dmp

memory/2864-193-0x0000000001070000-0x00000000010D6000-memory.dmp

memory/2864-194-0x000000001BDD0000-0x000000001C29E000-memory.dmp

memory/2864-195-0x000000001C540000-0x000000001C5DC000-memory.dmp

memory/2864-196-0x0000000001050000-0x0000000001058000-memory.dmp

memory/2864-197-0x000000001CE70000-0x000000001CECE000-memory.dmp

memory/2864-198-0x000000001FCE0000-0x000000001FFEE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\58-a116d-19c-bb68f-16e549519a685\Kenessey.txt

MD5 97384261b8bbf966df16e5ad509922db
SHA1 2fc42d37fee2c81d767e09fb298b70c748940f86
SHA256 9c0d294c05fc1d88d698034609bb81c0c69196327594e4c69d2915c80fd9850c
SHA512 b77fe2d86fbc5bd116d6a073eb447e76a74add3fa0d0b801f97535963241be3cdce1dbcaed603b78f020d0845b2d4bfc892ceb2a7d1c8f1d98abc4812ef5af21

memory/2864-200-0x0000000001110000-0x0000000001120000-memory.dmp

memory/2864-203-0x00000000213F0000-0x0000000021452000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe

MD5 5c7bfce8e4a45d2d3f084281e52b5356
SHA1 bd4fb07a5a2b6da2de837d8f035f113212cf0e73
SHA256 7e284b7e87b5b60db484b514bddfd4dba56d342bb4e3dfffc62aec3d3786517d
SHA512 05bfb634d573490e9db581bd43ff6f7d9a8ce767b191303537ec8a89b49c89d9cd653c4ebcfcaa6d11ed21f8b7378911d05c1ef06b350ec7fbdecb91c4f43911

C:\Users\Admin\AppData\Local\Temp\vy3t3kmd.3mz\gcleaner.exe

MD5 5c7bfce8e4a45d2d3f084281e52b5356
SHA1 bd4fb07a5a2b6da2de837d8f035f113212cf0e73
SHA256 7e284b7e87b5b60db484b514bddfd4dba56d342bb4e3dfffc62aec3d3786517d
SHA512 05bfb634d573490e9db581bd43ff6f7d9a8ce767b191303537ec8a89b49c89d9cd653c4ebcfcaa6d11ed21f8b7378911d05c1ef06b350ec7fbdecb91c4f43911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5a10efe23009825eadc90c37a38d9401
SHA1 fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0
SHA256 05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5
SHA512 89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

memory/7424-213-0x00000000007D0000-0x0000000000810000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe

MD5 1bb6d985b8842b3d23d10b96e9c85afb
SHA1 c6328a00f7f0f4003888704828de1f371dde7b92
SHA256 a29e436e7e209a545f314516f58fef84718871270da8b5c4aede7048b8ee0c31
SHA512 5b13ec6d5ebfda08780f58e5e5c5d6853c5f45d4bd86bb06023c727cd64fb8263c3b2f1d7b0a7f23fb0fdb357b8d546037b793cc549453d5f305074c0a451f1b

C:\Users\Admin\AppData\Local\Temp\vnphn414.aqj\handdiy_3.exe

MD5 1bb6d985b8842b3d23d10b96e9c85afb
SHA1 c6328a00f7f0f4003888704828de1f371dde7b92
SHA256 a29e436e7e209a545f314516f58fef84718871270da8b5c4aede7048b8ee0c31
SHA512 5b13ec6d5ebfda08780f58e5e5c5d6853c5f45d4bd86bb06023c727cd64fb8263c3b2f1d7b0a7f23fb0fdb357b8d546037b793cc549453d5f305074c0a451f1b

memory/7772-224-0x00007FF88EE30000-0x00007FF88EE31000-memory.dmp

\??\pipe\LOCAL\crashpad_2712_MRMUVTDNUUMFKMQX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1a3c45dc07f766430f7feaa3000fb18
SHA1 698a0485bcf0ab2a9283d4ebd31ade980b0661d1
SHA256 adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48
SHA512 9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2304dd3b6564a85c764e404348c0a678
SHA1 23d81152b6207c2f81a2006aac1f7d98455cf37a
SHA256 618932bab26d1f75f2ea5b85dfb2efb582da0241b32e759367aaf77750416deb
SHA512 09555780698f1934deb6cc665e76d9df5b1cc0121f91bf37a7497ff9351af818e69f55e9725f9b1f1a1707ee0487afc81d2eb7da9e251952496a844d5f024fe8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5edab6d3ffbeee247ccb4423f929a323
SHA1 a4ad201d149d59392a2a3163bd86ee900e20f3d9
SHA256 460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933
SHA512 263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 ec8ff3b1ded0246437b1472c69dd1811
SHA1 d813e874c2524e3a7da6c466c67854ad16800326
SHA256 e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab
SHA512 e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 38660d26ddbee623eb7d20bd760f9f7e
SHA1 a3c26a1da7e2b2c3eacd37b628ba418a22e85400
SHA256 a6142f7da99cc8b9a2266e483714b70e11aa0874970029d6f2e3d67bda37854c
SHA512 3a8c661d081e05bb1396c33084bdc554fc73872e131faa460e32c2e9a8100e788739fe26bc9e69810085f35add64bdfe27f6daa9bf2e3fb54f75605cffbab969

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

MD5 5d22068ac3e41acd6f596e75df10de60
SHA1 bf46d2c13d7ad8b1103f0e0b9a6429022ed5e8d9
SHA256 ed8c5e37298081345ed8d30867214bf5a8cd047e0f36ed1b3180ab190b50f535
SHA512 1dfc577943b01376f34a6547966ff6d20d44d1f53aae88512ba66eb398ce4d51fba856a68f2fcd6e8ec31ed3cd3a6bff6777fe2dfb1b731dec347e76c4d8c2ca

C:\Users\Admin\AppData\Local\Temp\pu4aal13.nu3\chenp.exe

MD5 dc719929115e50ed4383bcc7f7182be3
SHA1 562e69bdf814c156872fd6ad6a3d0116b0304516
SHA256 5b0708551a5c3cf9932c8aea5e890e3f2abe7b7b5911cefebc6155d20692e365
SHA512 34b1dda47ff7a20052f582f4874dc35f4e768558baf8727419d5f91ec2f8c6e28d2a6bc0253975e6bac5d45edfa1edd09aabc5339d2caade73418b73096b9404

C:\Users\Admin\AppData\Local\Temp\pu4aal13.nu3\chenp.exe

MD5 dc719929115e50ed4383bcc7f7182be3
SHA1 562e69bdf814c156872fd6ad6a3d0116b0304516
SHA256 5b0708551a5c3cf9932c8aea5e890e3f2abe7b7b5911cefebc6155d20692e365
SHA512 34b1dda47ff7a20052f582f4874dc35f4e768558baf8727419d5f91ec2f8c6e28d2a6bc0253975e6bac5d45edfa1edd09aabc5339d2caade73418b73096b9404

C:\Users\Admin\AppData\Local\Temp\pu4aal13.nu3\chenp.exe

MD5 dc719929115e50ed4383bcc7f7182be3
SHA1 562e69bdf814c156872fd6ad6a3d0116b0304516
SHA256 5b0708551a5c3cf9932c8aea5e890e3f2abe7b7b5911cefebc6155d20692e365
SHA512 34b1dda47ff7a20052f582f4874dc35f4e768558baf8727419d5f91ec2f8c6e28d2a6bc0253975e6bac5d45edfa1edd09aabc5339d2caade73418b73096b9404

memory/3868-386-0x0000000001950000-0x0000000001960000-memory.dmp

memory/2864-387-0x0000000001110000-0x0000000001120000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\db.dll

MD5 1b20e998d058e813dfc515867d31124f
SHA1 c9dc9c42a748af18ae1a8c882b90a2b9e3313e6f
SHA256 24a53033a2e89acf65f6a5e60d35cb223585817032635e81bf31264eb7dabd00
SHA512 79849fbdb9a9e7f7684b570d14662448b093b8aa2b23dfd95856db3a78faf75a95d95c51b8aa8506c4fbecffebcc57cd153dda38c830c05b8cd38629fae673c6

C:\Users\Admin\AppData\Local\Temp\db.dll

MD5 1b20e998d058e813dfc515867d31124f
SHA1 c9dc9c42a748af18ae1a8c882b90a2b9e3313e6f
SHA256 24a53033a2e89acf65f6a5e60d35cb223585817032635e81bf31264eb7dabd00
SHA512 79849fbdb9a9e7f7684b570d14662448b093b8aa2b23dfd95856db3a78faf75a95d95c51b8aa8506c4fbecffebcc57cd153dda38c830c05b8cd38629fae673c6

C:\Users\Admin\AppData\Local\Temp\db.dat

MD5 76c3dbb1e9fea62090cdf53dadcbe28e
SHA1 d44b32d04adc810c6df258be85dc6b62bd48a307
SHA256 556fd54e5595d222cfa2bd353afa66d8d4d1fbb3003afed604672fceae991860
SHA512 de4ea57497cf26237430880742f59e8d2a0ac7e7a0b09ed7be590f36fbd08c9ced0ffe46eb69ec2215a9cff55720f24fffcae752cd282250b4da6b75a30b3a1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/7424-417-0x0000000000400000-0x000000000057C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d9309a6afe5ba7f368c7827f21c6f265
SHA1 c213b45675fe1bdef21abffdacabf21a7cba6f64
SHA256 f68fc63d541f37791fe4a43bc0a41ff544b4431bd7f6420b960d5390cbcc7a51
SHA512 f9b0e875302819ebb25372b0b5712083d0b9d695f9ef8df964dc5226c7aa1cb24b90b64a8a3bee789f219ad3bb24c5b5320735897954caae3f69f9a9b718e57c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f4a73c4cd42c3627be04acc06854597a
SHA1 0c3ecdf169d98f22c81dce248580332b73deb5ed
SHA256 0d8104e72b961ed1ae3899b675e627e84c59e49dc0f6ebb10766c8db2e42a1be
SHA512 22bd992978b56ffff166994a2a17a81141a2732128571accc3675a5a8df7b2c62f67b3caada21b4762d28b834b102928564ebe1ca87f066074eb1f804088f0ee

memory/2864-445-0x0000000001110000-0x0000000001120000-memory.dmp

memory/6312-452-0x00007FF88EE30000-0x00007FF88EE31000-memory.dmp

\??\pipe\crashpad_5860_BARBGEIMFWUQIXER

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 973e33d24ebbe8b07ab002a2daf45f85
SHA1 e763b14aba9e85db3be16d8e3b141c6a0ced99c9
SHA256 10e1df46fbc34b42ec83784b6f1acad7a1acaa8c4701b92190b6b8f31de98e51
SHA512 8423fc5e8519a5057ce6aa4d61416e801d9ffccb552ce654dec99eef04981e843da0cc6106646ae8c70b09b2c4b6dfd1fa345173f71ffe7d9835e2cc05e42207

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json

MD5 05bfb082915ee2b59a7f32fa3cc79432
SHA1 c1acd799ae271bcdde50f30082d25af31c1208c3
SHA256 04392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA512 6feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js

MD5 a09e13ee94d51c524b7e2a728c7d4039
SHA1 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512 f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js

MD5 c31f14d9b1b840e4b9c851cbe843fc8f
SHA1 205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA256 03601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA512 2c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png

MD5 362695f3dd9c02c83039898198484188
SHA1 85dcacc66a106feca7a94a42fc43e08c806a0322
SHA256 40cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512 a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8e0fb95b33906d1814b7e96aca5aed3
SHA1 71f371991a62d4c8bb740059085aafb6f4f944d0
SHA256 aaad97ddd55401cc3222a96398089cefff11a3a2bc0df139956e443772a8f6c9
SHA512 17c2a3abaea7aff68f0cb2e5e899b36d3b23d70d847a2e4797a8c346700660cb3dc8b5f04476cc6774a4c7299d36c3c3392624dda5762141689e7000b9746f4b

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html

MD5 9ffe618d587a0685d80e9f8bb7d89d39
SHA1 8e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256 a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512 a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js

MD5 123b6f1275667b0b9ad9eab5255c5341
SHA1 e62d9bc8b4b3c34ca40442e967534ed975ee8c3a
SHA256 fe6a875f8b430276b261de1070c624faa49ae11d1badfbfb4245de201d7d5790
SHA512 2f5b93531c8758b9588f2fbc1a9cace7506b207daf346cd0c79c7de831e50c69ce8f6bc4daf0b00a644541df85af6487d86941a74d8b7606cc6c46536500551c

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js

MD5 0f26002ee3b4b4440e5949a969ea7503
SHA1 31fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA512 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js

MD5 4ff108e4584780dce15d610c142c3e62
SHA1 77e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256 fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512 d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js

MD5 23231681d1c6f85fa32e725d6d63b19b
SHA1 f69315530b49ac743b0e012652a3a5efaed94f17
SHA256 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA512 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/7268-503-0x00007FF88F1D0000-0x00007FF88F1D1000-memory.dmp

memory/7268-504-0x00007FF88E490000-0x00007FF88E491000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd4fc870e708758b55a8dc0fbeed4ae1
SHA1 274d1040981a6b21420962c6353b6948ea6922cb
SHA256 b51bee376e9e40b90745df54a2324ff217af49585dd528b8d936d7bab4db843d
SHA512 ef153e7c2445c2079770599093eade072486bff14b51116fe896525c288e54d85ff356b7749a095fe7c4c58f22106485fa4e083d9d25988a1d86151fdcb67142

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a04c48ebd41a6a53de85e194de099007
SHA1 039fc715e74f872c7a1d69c4c9ac9e1ed6814393
SHA256 1dcccfea355d652b653610aea7ab1437f3b43abfe4d8eb77167852f8d45d128f
SHA512 099383708815ec1b1f166ae81ab4f5031b39047e2920bc562d6634d0e2ca0b38779991858d3834b0ec1dd4283981cc68630ac06d80c048b17d3322aff0076979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3b9c3d1eb240726acb603d70fce154c
SHA1 9a515317056dc0d6a97372b82d5339c4006a424f
SHA256 1bb6f9c87b3e9c2734bdce8a81623e21abe8a89b3a95d62c163ec1f5a6df5347
SHA512 565ce57a125eba111e52789432915591e261d81fb4badef843f9d9e49f1179cb43415fd37c9f603840972227c1c53890b47dcaa6ec7ad43ed6e3ee7e3dded8bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1cdb610fd8c1476d3991e5ac68e4ab72
SHA1 fdd14e3fab2e34d6f6a5dcb9ea27c388c8abc86a
SHA256 a7b193a99b0d3b82857f73c96c924944500f02b2faa51e85cff71d3a1d8811fb
SHA512 98189ec7cb951b9545129aa15c03c84a8025aeb3f006050d95289cb680625962b4e7368053c551c0e14fc77cccfcffd41ce213bd0a9cf28320b9845faeb9089c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b191bdaca6a0d674e26faa1f08d54a68
SHA1 a0461b517daec0d59df6442014c1a6c393b22a96
SHA256 6e5266bfbc74ac68fc4141eb31c87f588b0767e87b6427d294fc94b2ae1747c4
SHA512 ca21a6539b469dd70e51439fa511998bdb405612d8b7eab832af3ea3f48a1e98e3a256cb42f166970693e523a456dc3ca4715e9c23e59113297c0e7233f6f83c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7357384c0190416fb9843140c96f0cb
SHA1 cbeb4164e3d1f3a6fe83df611aa816aff47871c7
SHA256 e3be3ea900054e7ecde72543684680213d716706f8f6473c803d3f0eff40d245
SHA512 52c7b5c8e759cee41a3ac51894b4c3b9d09fb322738915e001e831b8d2a1bf824c906d4b18af45c66da0d1004b49a321128483f937860c08454029557ab7919d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5481e1ed57fcd3d622bd5412fbc1201
SHA1 964289aec9e015a87244929d48f5cc97643ed25a
SHA256 7b8ab8de325b28add8015f330ae6da87a7113a568e3b6510ecc3de1c9dc0af30
SHA512 8cad3ba940c5af12edd1f0b4b94d512cc581c5c82f94ad8c017dbd5c3982d1e347f8df1d761f6152ab276fdbe479b10ed2aed1b51cdcb303840fcc9578f3b5ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4af8d6e57e3689876ec47c7d956b882a
SHA1 ab170169f2ea98b87802a374cbc12ead7139104e
SHA256 00c2d8c1ba417f2c06eaad78e68bf36769eb51645d8a697f221ad544b8f1056b
SHA512 1b674ac70443e9cbb8fa6786dcd8c981fc2521b93f3edae50f9d5849b97b7ee64daca75ac7b282d9e2a001621aed7b27a54b087a9b520343cc33967dfe9cd235

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56e4e6.TMP

MD5 79a59ead508860afbdb88344c69facf6
SHA1 f84c068df89a867df59324b02b6e65dfead9ae7c
SHA256 2fc47a9f41554adfefa8532d54ee16f6a7de386dc10ec84fcf36440f4289e219
SHA512 7091ee2be0f056bf40a4358323bd473014234a155b426336bebe21fe9fead34f692e235a00756b12ff608e9701005b4105e1276ff3a28848caef74ff9d2ab128

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ba9895382136d5a3f278afebd280f53
SHA1 72d0534257ca272b36f7f503a64cc5d8b8781496
SHA256 238a32a1b5dd3e540c9528bfca17872e85b49d7cfd17b88568329585e4c9c9b7
SHA512 b4377f534a68a90909b10de7187194ed708af19f5c9c4c26473c88a941d3fd21e0c09b8597b406f81bc1c670b5a35dc08d22c832cadd33d90f30863a837d999c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ca18567370e6db09a477473beefde08
SHA1 d1da5d1a98936646bae972e6c0e06b67c83349c0
SHA256 9ed1244c08f8f72d89e43aed99fff8795c43fdf3e8c68d5565955a7656680a52
SHA512 5582645ecc43594c298da45c1e50fb9a77b8a19a918cb42f7e9a2767eecdb5e35892ab3d07432c1e679b70cf442bedd14e4741f30053306584e7da4809d25241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c40bd8ca638dfbc17ba005def362c670
SHA1 91fb857f243f2d356491b6c63bc7aef93d6c8c21
SHA256 b9160841b65b8848ee446f7439af925c6f181eb35fdb6bd4583ac7bfa576c7cf
SHA512 e1683ba03fdda6f576d0f00d975b87e28d85cf6aee99a965b2e308106299659dfa1b5d812ecfb90bad1af19c348afc9536ec8e670225fb505526177c138541a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eebf3b21cd3a731c40cff5806b4c7dda
SHA1 b926728a8e0da9f5272eb7d6d8c5ada5f78c2bbf
SHA256 0686d366cef8a230f231788a443eff249e66df17ab4462b40f2d64519e735d40
SHA512 c2411f606b800047cce5a457a768e61f75e7265ebb00c01461ec7d4c131e46008b0dbfd02d94f4565dc47e1a5c54f218da00e42bdb62acd4795f38e3564dfe91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e035870a5ec96f171f5d3082a009b75f
SHA1 b55ffc9e5e752efa8753d7ae9026f2baacdf9df8
SHA256 d907be73d48458b849a792f9625e517376364f39db4f07c2698bad74e9a03b2e
SHA512 bae218766e5810081fc661337f5bb83b5b3d45c1fef81bd798de6749245adab545dd04e6c7e0a078ae456c8488ebde49b79b3ac059cede37a8fcab4048e97e32

memory/5320-688-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

memory/5320-689-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

memory/5320-690-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

memory/5320-695-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

memory/5320-694-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

memory/5320-697-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

memory/5320-696-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

memory/5320-699-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

memory/5320-698-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

memory/5320-700-0x0000020C487A0000-0x0000020C487A1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 20ae4eb929f4396c112da5b6fe3cd23c
SHA1 cfad602a188efb6676f4142cce45ce24ab4264a8
SHA256 9759192f8e0fbd1e050e59b368f9ae1a997e12c3842b7c3ba279ca571e3dbdcd
SHA512 145b55c9827f445f2d37c248bfdd596a97e533df46b1c04be3104c33c1f3ca15ff9b0fbfad7fa84966433b63b7ed3b1fd90cd57dacc6913fd35833edc53ad443