Malware Analysis Report

2025-04-14 07:23

Sample ID 230915-qfv2yabh71
Target a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe
SHA256 a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8
Tags
amadey dcrat djvu redline smokeloader logsdiller cloud (tg: @logsdillabot) lux3 backdoor microsoft discovery evasion infostealer persistence phishing ransomware rat spyware stealer themida trojan vidar 7b01483643983171e949f923c5bc80e7
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8

Threat Level: Known bad

The file a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe was found to be: Known bad.

Malicious Activity Summary

amadey dcrat djvu redline smokeloader logsdiller cloud (tg: @logsdillabot) lux3 backdoor microsoft discovery evasion infostealer persistence phishing ransomware rat spyware stealer themida trojan vidar 7b01483643983171e949f923c5bc80e7

Amadey

Djvu Ransomware

SmokeLoader

RedLine

DcRat

Detected Djvu ransomware

Vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks computer location settings

Reads user/profile data of web browsers

Themida packer

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Checks BIOS information in registry

Deletes itself

Checks whether UAC is enabled

Looks up external IP address via web service

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Adds Run key to start application

Detected potential entity reuse from brand microsoft.

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of UnmapMainImage

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Creates scheduled task(s)

Suspicious behavior: LoadsDriver

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-15 13:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-15 13:12

Reported

2023-09-15 13:15

Platform

win10v2004-20230915-en

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe"

Signatures

Amadey

trojan amadey

DcRat

rat infostealer dcrat

Detected Djvu ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Djvu Ransomware

ransomware djvu

RedLine

infostealer redline

SmokeLoader

trojan backdoor smokeloader

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\D978.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\E592.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\11C.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\F9B8.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\4f8ea198-8725-470b-91db-0e83736d3b15\\D978.exe\" --AutoStart" C:\Users\Admin\AppData\Local\Temp\D978.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-919254492-3979293997-764407192-1000\{4B61AACB-631F-4257-A104-D4CB6D5E72ED} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-919254492-3979293997-764407192-1000\{7AB5AB56-F94D-427B-8BA6-B2963939153C} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3196 wrote to memory of 2752 N/A N/A C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 3196 wrote to memory of 2752 N/A N/A C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 3196 wrote to memory of 2752 N/A N/A C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 3196 wrote to memory of 1088 N/A N/A C:\Users\Admin\AppData\Local\Temp\DB8C.exe
PID 3196 wrote to memory of 1088 N/A N/A C:\Users\Admin\AppData\Local\Temp\DB8C.exe
PID 3196 wrote to memory of 1088 N/A N/A C:\Users\Admin\AppData\Local\Temp\DB8C.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 2752 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Users\Admin\AppData\Local\Temp\D978.exe
PID 3196 wrote to memory of 2928 N/A N/A C:\Users\Admin\AppData\Local\Temp\DD42.exe
PID 3196 wrote to memory of 2928 N/A N/A C:\Users\Admin\AppData\Local\Temp\DD42.exe
PID 3196 wrote to memory of 2928 N/A N/A C:\Users\Admin\AppData\Local\Temp\DD42.exe
PID 3196 wrote to memory of 1716 N/A N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe
PID 3196 wrote to memory of 1716 N/A N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe
PID 3196 wrote to memory of 1716 N/A N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe
PID 3196 wrote to memory of 4748 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3196 wrote to memory of 4748 N/A N/A C:\Windows\system32\regsvr32.exe
PID 4748 wrote to memory of 964 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4748 wrote to memory of 964 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4748 wrote to memory of 964 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3196 wrote to memory of 4208 N/A N/A C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 3196 wrote to memory of 4208 N/A N/A C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 3196 wrote to memory of 4208 N/A N/A C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4208 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 1624 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1624 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\D978.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1716 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1716 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1716 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1716 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1716 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1716 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1716 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1716 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\DFB4.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4836 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4836 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4836 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe
PID 4268 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\E592.exe C:\Users\Admin\AppData\Local\Temp\E592.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe

"C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe"

C:\Users\Admin\AppData\Local\Temp\D978.exe

C:\Users\Admin\AppData\Local\Temp\D978.exe

C:\Users\Admin\AppData\Local\Temp\DB8C.exe

C:\Users\Admin\AppData\Local\Temp\DB8C.exe

C:\Users\Admin\AppData\Local\Temp\D978.exe

C:\Users\Admin\AppData\Local\Temp\D978.exe

C:\Users\Admin\AppData\Local\Temp\DD42.exe

C:\Users\Admin\AppData\Local\Temp\DD42.exe

C:\Users\Admin\AppData\Local\Temp\DFB4.exe

C:\Users\Admin\AppData\Local\Temp\DFB4.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\E265.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\E265.dll

C:\Users\Admin\AppData\Local\Temp\E592.exe

C:\Users\Admin\AppData\Local\Temp\E592.exe

C:\Users\Admin\AppData\Local\Temp\E592.exe

C:\Users\Admin\AppData\Local\Temp\E592.exe

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\4f8ea198-8725-470b-91db-0e83736d3b15" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\E592.exe

"C:\Users\Admin\AppData\Local\Temp\E592.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\E592.exe

"C:\Users\Admin\AppData\Local\Temp\E592.exe" --Admin IsNotAutoStart IsNotTask

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2888 -ip 2888

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 568

C:\Users\Admin\AppData\Local\Temp\FCA7.exe

C:\Users\Admin\AppData\Local\Temp\FCA7.exe

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

C:\Users\Admin\AppData\Local\Temp\11C.exe

C:\Users\Admin\AppData\Local\Temp\11C.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=DB8C.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dacf46f8,0x7ff9dacf4708,0x7ff9dacf4718

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

"C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe"

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

"C:\Users\Admin\AppData\Local\Temp\F9B8.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

"C:\Users\Admin\AppData\Local\Temp\F9B8.exe" --Admin IsNotAutoStart IsNotTask

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=DB8C.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dacf46f8,0x7ff9dacf4708,0x7ff9dacf4718

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4752 -ip 4752

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "yiueea.exe" /P "Admin:N"&&CACLS "yiueea.exe" /P "Admin:R" /E&&echo Y|CACLS "..\577f58beff" /P "Admin:N"&&CACLS "..\577f58beff" /P "Admin:R" /E&&Exit

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2768 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 /prefetch:2

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN yiueea.exe /TR "C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe" /F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "yiueea.exe" /P "Admin:N"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe

"C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Windows\SysWOW64\cacls.exe

CACLS "yiueea.exe" /P "Admin:R" /E

C:\Windows\SysWOW64\cacls.exe

CACLS "..\577f58beff" /P "Admin:N"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\577f58beff" /P "Admin:R" /E

C:\Users\Admin\AppData\Local\Temp\D978.exe

"C:\Users\Admin\AppData\Local\Temp\D978.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\D978.exe

"C:\Users\Admin\AppData\Local\Temp\D978.exe" --Admin IsNotAutoStart IsNotTask

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2680 -ip 2680

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16319481444134662058,6491506191750905801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=38276 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9d4f89758,0x7ff9d4f89768,0x7ff9d4f89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1396 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1688 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=38276 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1988 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38276 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38276 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2104 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38276 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3180 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38276 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3372 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38276 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3512 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=3456 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4bc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=2576 --field-trial-handle=1536,i,7460551636846193460,12665168162320183291,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=52823 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67" --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9dacf46f8,0x7ff9dacf4708,0x7ff9dacf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1504 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1868 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=52823 --allow-pre-commit-input --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=52823 --allow-pre-commit-input --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=52823 --allow-pre-commit-input --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=52823 --allow-pre-commit-input --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=52823 --allow-pre-commit-input --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=52823 --allow-pre-commit-input --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=audio --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=3608 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1400,2980502020520936396,11461645409931736335,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=video_capture --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=3584 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 254.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 potunulit.org udp
US 188.114.96.0:80 potunulit.org tcp
US 8.8.8.8:53 colisumy.com udp
KR 175.120.254.9:80 colisumy.com tcp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 9.254.120.175.in-addr.arpa udp
US 8.8.8.8:53 api.2ip.ua udp
NL 162.0.217.254:443 api.2ip.ua tcp
US 8.8.8.8:53 254.217.0.162.in-addr.arpa udp
US 8.8.8.8:53 101.14.18.104.in-addr.arpa udp
KR 175.120.254.9:80 colisumy.com tcp
MD 176.123.9.142:14845 tcp
NL 162.0.217.254:443 api.2ip.ua tcp
US 8.8.8.8:53 142.9.123.176.in-addr.arpa udp
GB 51.38.95.107:42494 tcp
US 8.8.8.8:53 107.95.38.51.in-addr.arpa udp
BG 193.42.32.101:80 193.42.32.101 tcp
RU 79.137.192.18:80 79.137.192.18 tcp
US 8.8.8.8:53 101.32.42.193.in-addr.arpa udp
US 8.8.8.8:53 18.192.137.79.in-addr.arpa udp
US 8.8.8.8:53 api-alajman.com udp
NL 162.0.217.254:443 api.2ip.ua tcp
GB 193.32.208.75:443 api-alajman.com tcp
US 8.8.8.8:53 75.208.32.193.in-addr.arpa udp
US 8.8.8.8:53 learn.microsoft.com udp
NL 104.85.6.160:443 learn.microsoft.com tcp
RU 79.137.192.18:80 79.137.192.18 tcp
US 8.8.8.8:53 45.147.19.2.in-addr.arpa udp
US 8.8.8.8:53 160.6.85.104.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 8.8.8.8:53 mscom.demdex.net udp
IE 46.51.199.218:443 mscom.demdex.net tcp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
US 95.214.27.254:80 tcp
US 8.8.8.8:53 z.nnnaajjjgc.com udp
MU 156.236.72.121:443 z.nnnaajjjgc.com tcp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 218.199.51.46.in-addr.arpa udp
US 8.8.8.8:53 121.72.236.156.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.9:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 147.174.42.23.in-addr.arpa udp
US 8.8.8.8:53 139.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
US 20.189.173.9:443 browser.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 app.nnnaajjjgc.com udp
HK 154.221.26.108:80 app.nnnaajjjgc.com tcp
US 8.8.8.8:53 108.26.221.154.in-addr.arpa udp
US 95.214.27.254:80 tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 ogs.google.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.251.31.139:443 apis.google.com tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 139.31.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.214:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 214.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 i4.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
DE 172.217.23.206:443 i4.ytimg.com tcp
NL 142.250.179.214:443 i.ytimg.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.251.36.42:443 jnn-pa.googleapis.com tcp
NL 142.251.36.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 95.214.27.254:80 tcp
N/A 127.0.0.1:38276 tcp
N/A 127.0.0.1:38276 tcp
N/A 127.0.0.1:38276 tcp
N/A 127.0.0.1:38276 tcp
NL 142.251.31.139:443 apis.google.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
NL 142.250.179.214:443 i.ytimg.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
NL 142.251.36.42:443 jnn-pa.googleapis.com tcp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.251.36.42:443 jnn-pa.googleapis.com udp
US 95.214.27.254:80 tcp
N/A 127.0.0.1:52823 tcp
N/A 127.0.0.1:52823 tcp
N/A 127.0.0.1:52823 tcp
N/A 127.0.0.1:52823 tcp
US 95.214.27.254:80 tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
NL 194.169.175.127:80 host-host-file8.com tcp
US 8.8.8.8:53 127.175.169.194.in-addr.arpa udp

Files

memory/4088-0-0x00000000005F0000-0x0000000000605000-memory.dmp

memory/4088-1-0x0000000000500000-0x0000000000509000-memory.dmp

memory/4088-2-0x0000000000400000-0x0000000000480000-memory.dmp

memory/4088-4-0x0000000000400000-0x0000000000480000-memory.dmp

memory/3196-3-0x0000000002590000-0x00000000025A6000-memory.dmp

memory/4088-8-0x0000000000500000-0x0000000000509000-memory.dmp

memory/4088-7-0x00000000005F0000-0x0000000000605000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D978.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\Local\Temp\D978.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/2752-17-0x00000000024D0000-0x0000000002571000-memory.dmp

memory/2752-19-0x00000000026A0000-0x00000000027BB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DB8C.exe

MD5 fc55462468d1a34e514d01aa30c0a5cd
SHA1 168e4cd58a14f9e4591d49877ab5cb08e9a142a0
SHA256 74ccc20216ebd15c3f9c937b7b40653a8c04537a15c95bb46f381c40e0ff194b
SHA512 e2ba1facb596a2e54284b6556bb6a485cc213deae1b270f71e283412c4ba58aff78cff349ab329e110c09455c531f2d1b65b1cbb1c23ed0cd74647bfba7f4b6d

memory/1624-22-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D978.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/1624-24-0x0000000000400000-0x0000000000537000-memory.dmp

memory/1624-25-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DB8C.exe

MD5 fc55462468d1a34e514d01aa30c0a5cd
SHA1 168e4cd58a14f9e4591d49877ab5cb08e9a142a0
SHA256 74ccc20216ebd15c3f9c937b7b40653a8c04537a15c95bb46f381c40e0ff194b
SHA512 e2ba1facb596a2e54284b6556bb6a485cc213deae1b270f71e283412c4ba58aff78cff349ab329e110c09455c531f2d1b65b1cbb1c23ed0cd74647bfba7f4b6d

C:\Users\Admin\AppData\Local\Temp\DD42.exe

MD5 ed6778e6fe0c07587f4892c807d7f883
SHA1 3a94caa9336934ca2b12173b24fa815ea963edcb
SHA256 a9f19ec6eec891e21b885a04030995a5c996f0b673c6425ee28b0ef6c70d2898
SHA512 b3fffd8485429cbe7c87a6eda24af95d2f497d3d3b47656ea3930c2ced6344f9b13099d419503f0c3dc40661111dac8df1d91eed66f448d58e0880c766859544

memory/1624-30-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DD42.exe

MD5 ed6778e6fe0c07587f4892c807d7f883
SHA1 3a94caa9336934ca2b12173b24fa815ea963edcb
SHA256 a9f19ec6eec891e21b885a04030995a5c996f0b673c6425ee28b0ef6c70d2898
SHA512 b3fffd8485429cbe7c87a6eda24af95d2f497d3d3b47656ea3930c2ced6344f9b13099d419503f0c3dc40661111dac8df1d91eed66f448d58e0880c766859544

memory/1088-36-0x0000000000900000-0x0000000000930000-memory.dmp

memory/1088-37-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DFB4.exe

MD5 c7b34cc95676afe2b43fce196202d3fa
SHA1 92eb09a6883ef684d3d175ece6599a61266bada9
SHA256 8d5bfbac46cfe1f428ba5905fbb0252b08e71d7061b32c3a90d20f451df72060
SHA512 0e581a66baba515995b3513698cdf5bd8c6119ea4ce3c3b0f9b7bcf58cbef4eb27188ef976f8f2aaef7b5cd673fb2718df6d4133fc891ccc207d136babbeaa16

memory/2928-40-0x0000000002070000-0x00000000020A0000-memory.dmp

memory/2928-41-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DFB4.exe

MD5 c7b34cc95676afe2b43fce196202d3fa
SHA1 92eb09a6883ef684d3d175ece6599a61266bada9
SHA256 8d5bfbac46cfe1f428ba5905fbb0252b08e71d7061b32c3a90d20f451df72060
SHA512 0e581a66baba515995b3513698cdf5bd8c6119ea4ce3c3b0f9b7bcf58cbef4eb27188ef976f8f2aaef7b5cd673fb2718df6d4133fc891ccc207d136babbeaa16

C:\Users\Admin\AppData\Local\Temp\E265.dll

MD5 e0286fab4e36e2523d461e6294395e22
SHA1 f0a6ac98bb771e720ac3683a75f7ec3af7ad75cd
SHA256 a03129d4c88ef87b55f37dcc126c02ffb9231800655eb0885936b2764577d919
SHA512 7d637411a7566053b2bf37b75e907052af66b8a404499afa9b23477bfc318952bb94837b8aa9c14e16156afa080cba0ca91663e068a482953b3576daf8c4f467

memory/2928-49-0x0000000073550000-0x0000000073D00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E265.dll

MD5 e0286fab4e36e2523d461e6294395e22
SHA1 f0a6ac98bb771e720ac3683a75f7ec3af7ad75cd
SHA256 a03129d4c88ef87b55f37dcc126c02ffb9231800655eb0885936b2764577d919
SHA512 7d637411a7566053b2bf37b75e907052af66b8a404499afa9b23477bfc318952bb94837b8aa9c14e16156afa080cba0ca91663e068a482953b3576daf8c4f467

memory/2928-50-0x0000000002430000-0x0000000002436000-memory.dmp

memory/964-54-0x0000000010000000-0x0000000010243000-memory.dmp

memory/964-55-0x0000000001180000-0x0000000001186000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E592.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

C:\Users\Admin\AppData\Local\Temp\E592.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/2928-62-0x0000000004D00000-0x0000000005318000-memory.dmp

memory/2928-64-0x0000000004B40000-0x0000000004B52000-memory.dmp

memory/2928-66-0x0000000004BF0000-0x0000000004C00000-memory.dmp

memory/2928-63-0x0000000005320000-0x000000000542A000-memory.dmp

memory/4208-67-0x00000000024A0000-0x00000000025BB000-memory.dmp

memory/4208-69-0x0000000002400000-0x00000000024A0000-memory.dmp

memory/2928-68-0x0000000004B60000-0x0000000004B9C000-memory.dmp

memory/2928-75-0x0000000005440000-0x000000000548C000-memory.dmp

memory/4836-74-0x0000000000400000-0x0000000000537000-memory.dmp

memory/4836-76-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E592.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/4836-70-0x0000000000400000-0x0000000000537000-memory.dmp

memory/4836-78-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 bcf9c82a8e06cd4dbc7c6f8166b03d62
SHA1 aa072fd0adc30bc7d45952443a137972eaea0499
SHA256 32b64ccb43add6147056e3f68bd46c762c8b38dea72735355fc422160a0f417d
SHA512 7a26e9797da034f01a08a1b62e4e7e39de67526257d015a0ef7590968af690fecb1852a0f3ee05f64bbf571344eb74ef4d404d2f145f7e7dd36f6a21816ba4a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 6d0455158d9b620f80ec1987a297c74b
SHA1 45ec78a4738ecb78820282ca63808f8460775845
SHA256 1644425223eed1aded136bd597ffc9e5001c55e198c9364fd7e498e8f70e97aa
SHA512 4d16ce2e4df1fb1e4be064511299d8bf1707107b69ac6508fbba384301b6c61da6b3f3c1de8e240308471671e6dcb2df4e28b018f62049446ee8975152bb5a39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 fa4ae5fcb44bfaf845b845961180d250
SHA1 8257ee68bdd2bc3ea2723eda7aeba404195d46bf
SHA256 574c66c19561773196a88f115168cf5d73b71fd26f9034606fe38a5535d4df96
SHA512 ad1de0c1d0f5a4a7e3615b48537f75250779368b388520b001d96367d5aa19fa88a9f471d1212e679ab9eaae854374445807877891bf1b803fa6c7886877d253

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 35974c59fd294226228fc79918b1ce5f
SHA1 e0c1de4a8de8bb65a6ef3572a6c5b3b7dbad58e7
SHA256 3d38afb1bf94f60baeb0d20b57cc99cc7aa1f33ce7830f3c75defce1572a4008
SHA512 b99178c5046b4aa9e813f1bc78af7c0c64aec823578b6810e0420cad875309fdb3010e83ab60544911b7c869bae4651242d6067f61ac3ee4d9e5271472f8f593

memory/4312-84-0x0000000000400000-0x0000000000430000-memory.dmp

memory/4312-85-0x0000000001270000-0x0000000001276000-memory.dmp

memory/4312-86-0x0000000073550000-0x0000000073D00000-memory.dmp

memory/1624-87-0x0000000000400000-0x0000000000537000-memory.dmp

memory/964-89-0x0000000003000000-0x000000000311A000-memory.dmp

memory/4312-88-0x0000000005310000-0x0000000005320000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E592.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/4836-90-0x0000000000400000-0x0000000000537000-memory.dmp

memory/964-94-0x0000000003120000-0x000000000321F000-memory.dmp

memory/4268-95-0x00000000022E0000-0x000000000237B000-memory.dmp

memory/2888-98-0x0000000000400000-0x0000000000537000-memory.dmp

memory/964-100-0x0000000003120000-0x000000000321F000-memory.dmp

memory/2888-99-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E592.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/3196-103-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/964-104-0x0000000003120000-0x000000000321F000-memory.dmp

memory/3196-106-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/3196-108-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/2928-116-0x0000000004BF0000-0x0000000004C00000-memory.dmp

memory/3196-118-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/3196-120-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/3196-123-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/3196-122-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/3196-110-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/964-111-0x0000000003120000-0x000000000321F000-memory.dmp

memory/2928-107-0x0000000073550000-0x0000000073D00000-memory.dmp

memory/3196-125-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/4312-130-0x0000000073550000-0x0000000073D00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FCA7.exe

MD5 2f212322c6b6d7db7250d0c282271925
SHA1 01676375932ea61ffb5128c244c0ecc7cb335a01
SHA256 3073eaf746e904b1e653992e78f7c5f95b3f9ad0989e4611412b038348c1afa1
SHA512 2dc544c11d9fb985b915d4af5ec2025468c6ca112c2301f161fd81577b24bdc28b2bf0e81979a7e4048e70ed8216fcac35cb055fd81b5b341e48c5ef8f2e446f

memory/3196-133-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FCA7.exe

MD5 2f212322c6b6d7db7250d0c282271925
SHA1 01676375932ea61ffb5128c244c0ecc7cb335a01
SHA256 3073eaf746e904b1e653992e78f7c5f95b3f9ad0989e4611412b038348c1afa1
SHA512 2dc544c11d9fb985b915d4af5ec2025468c6ca112c2301f161fd81577b24bdc28b2bf0e81979a7e4048e70ed8216fcac35cb055fd81b5b341e48c5ef8f2e446f

memory/3196-129-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/4444-136-0x00007FF9D9AE0000-0x00007FF9DA5A1000-memory.dmp

memory/4388-145-0x0000000000400000-0x0000000000537000-memory.dmp

memory/4388-149-0x0000000000400000-0x0000000000537000-memory.dmp

memory/4444-152-0x000001A6742A0000-0x000001A674328000-memory.dmp

memory/3196-154-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/3196-158-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/4388-157-0x0000000000400000-0x0000000000537000-memory.dmp

memory/3196-153-0x0000000002790000-0x00000000027A0000-memory.dmp

memory/3196-151-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/828-148-0x00000000024B5000-0x0000000002547000-memory.dmp

memory/4444-147-0x000001A674250000-0x000001A674256000-memory.dmp

memory/3196-164-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/3196-161-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\11C.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\Temp\11C.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

memory/3196-146-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/3196-143-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/4444-141-0x000001A674270000-0x000001A67428A000-memory.dmp

memory/4444-139-0x000001A674240000-0x000001A674248000-memory.dmp

memory/4312-138-0x0000000005310000-0x0000000005320000-memory.dmp

memory/3196-137-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/4444-135-0x000001A6725C0000-0x000001A672670000-memory.dmp

memory/3196-134-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/3196-124-0x0000000002790000-0x00000000027A0000-memory.dmp

memory/2888-105-0x0000000000400000-0x0000000000537000-memory.dmp

memory/3196-166-0x0000000007EA0000-0x0000000007EB0000-memory.dmp

memory/2928-167-0x0000000005580000-0x00000000055F6000-memory.dmp

memory/2928-168-0x0000000005600000-0x0000000005692000-memory.dmp

memory/2928-172-0x00000000056A0000-0x0000000005C44000-memory.dmp

memory/2928-173-0x0000000005C90000-0x0000000005CF6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16c2a9f4b2e1386aab0e353614a63f0d
SHA1 6edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA256 0f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512 aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

memory/4388-186-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/3944-190-0x0000000000A90000-0x0000000000B2E000-memory.dmp

memory/4752-194-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16c2a9f4b2e1386aab0e353614a63f0d
SHA1 6edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA256 0f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512 aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06

memory/4752-195-0x0000000000400000-0x0000000000537000-memory.dmp

memory/4752-198-0x0000000000400000-0x0000000000537000-memory.dmp

\??\pipe\LOCAL\crashpad_4024_GLPKKJKGSYOJVEST

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3196-213-0x0000000002790000-0x00000000027A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16c2a9f4b2e1386aab0e353614a63f0d
SHA1 6edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA256 0f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512 aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16c2a9f4b2e1386aab0e353614a63f0d
SHA1 6edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA256 0f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512 aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06

C:\Users\Admin\AppData\Local\Temp\F9B8.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/2928-214-0x00000000063E0000-0x00000000065A2000-memory.dmp

memory/2928-217-0x00000000065B0000-0x0000000006ADC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f27970efaa1aa4f26b28347ce3d73005
SHA1 bf194ba019fc660c248b853d3190ea79cc33bf9a
SHA256 34a55072b735628580b09ac0208d29cec99b5efc9da01fd76c9acc788c01bc2d
SHA512 d70498dd5abd8bbe4fac22ddfd7c15642231349e81932d19e3ca2391be486156e843f9c6e80f931529c07a09f13258c81bb96112d85e1102494f3675aaa1172f

memory/4444-232-0x00007FF9D9AE0000-0x00007FF9DA5A1000-memory.dmp

C:\Users\Admin\AppData\Local\4f8ea198-8725-470b-91db-0e83736d3b15\D978.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe

MD5 b236b8e5bab2445e09876a88d83a995a
SHA1 3278af413aad4772a57a4c33418d504f958465d9
SHA256 ac81724fd3a660ce17e5d5b2b560285e4725f93ecc4d9ed9fcfab041532914c2
SHA512 3d62f525db2d7058a4540f2f4825df9cb211ea7bee399285762af0d8234021605288e8cf15e12fe6d721ead82059fa1fbf7c7a7b672a968888fc8cbe0e478da5

memory/4444-245-0x000001A674D10000-0x000001A674D20000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe

MD5 b236b8e5bab2445e09876a88d83a995a
SHA1 3278af413aad4772a57a4c33418d504f958465d9
SHA256 ac81724fd3a660ce17e5d5b2b560285e4725f93ecc4d9ed9fcfab041532914c2
SHA512 3d62f525db2d7058a4540f2f4825df9cb211ea7bee399285762af0d8234021605288e8cf15e12fe6d721ead82059fa1fbf7c7a7b672a968888fc8cbe0e478da5

C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe

MD5 b236b8e5bab2445e09876a88d83a995a
SHA1 3278af413aad4772a57a4c33418d504f958465d9
SHA256 ac81724fd3a660ce17e5d5b2b560285e4725f93ecc4d9ed9fcfab041532914c2
SHA512 3d62f525db2d7058a4540f2f4825df9cb211ea7bee399285762af0d8234021605288e8cf15e12fe6d721ead82059fa1fbf7c7a7b672a968888fc8cbe0e478da5

memory/3044-252-0x00007FF6025E0000-0x00007FF602618000-memory.dmp

memory/3196-248-0x0000000002790000-0x00000000027A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D978.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\Local\Temp\D978.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 2edbbbf500448a2e906b6f60f3115858
SHA1 2044c7522fa475432868dd560d97b045f5bc9795
SHA256 874e2ffa85bf4a2b66018cf8fc27fb5338d7f111cf4471bf5c2df6dbf3d3e1d6
SHA512 22eed409c76140ea9c60a9899891ae33c727a17541512d691ef580b19a2d1a2c48d837c48c0e6efb8c370d6b62d0cdd15a4fd208fcff13cc6c63e922874c60a7

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 2edbbbf500448a2e906b6f60f3115858
SHA1 2044c7522fa475432868dd560d97b045f5bc9795
SHA256 874e2ffa85bf4a2b66018cf8fc27fb5338d7f111cf4471bf5c2df6dbf3d3e1d6
SHA512 22eed409c76140ea9c60a9899891ae33c727a17541512d691ef580b19a2d1a2c48d837c48c0e6efb8c370d6b62d0cdd15a4fd208fcff13cc6c63e922874c60a7

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 2edbbbf500448a2e906b6f60f3115858
SHA1 2044c7522fa475432868dd560d97b045f5bc9795
SHA256 874e2ffa85bf4a2b66018cf8fc27fb5338d7f111cf4471bf5c2df6dbf3d3e1d6
SHA512 22eed409c76140ea9c60a9899891ae33c727a17541512d691ef580b19a2d1a2c48d837c48c0e6efb8c370d6b62d0cdd15a4fd208fcff13cc6c63e922874c60a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc399359bf43a606bb1fe04287804d91
SHA1 8e6b9d81ab3cb4870ca6c70fadacac2352be0941
SHA256 6d02776af3620f08882c8e4c7543591aa8ef5a1118b5c859fcc9e6d9602b82f3
SHA512 4e023e6ef1091f91ca63b3c318652e74f6bf286323c130bb4b207587b61c607c06df67813363790c7208b6ef89d39f9e07bd4b5cd1c392073a28b92d38d7327d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 261d670b42a755adab19586606a9bad7
SHA1 f04a37aa324ce755da55ebb6d90fe7a0af209f13
SHA256 3ddf4e17184c981524874a56d7d781b1dc3736f39bfafdef8d4c9b619a98c704
SHA512 37429b6de97fb4f8ea7eeae49b8dbeea285fe9f0f5012e7cacb24ee77917703a323a4f7626b59057eb5794131e9667f7a7e18e331f2f573b8d768cd6e577248f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 699e3636ed7444d9b47772e4446ccfc1
SHA1 db0459ca6ceeea2e87e0023a6b7ee06aeed6fded
SHA256 9205233792628ecf0d174de470b2986abf3adfed702330dc54c4a76c9477949a
SHA512 d5d4c08b6aec0f3e3506e725decc1bdf0b2e2fb50703c36d568c1ea3c3ab70720f5aec9d49ad824505731eb64db399768037c9f1be655779ed77331a7bab1d51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 261d670b42a755adab19586606a9bad7
SHA1 f04a37aa324ce755da55ebb6d90fe7a0af209f13
SHA256 3ddf4e17184c981524874a56d7d781b1dc3736f39bfafdef8d4c9b619a98c704
SHA512 37429b6de97fb4f8ea7eeae49b8dbeea285fe9f0f5012e7cacb24ee77917703a323a4f7626b59057eb5794131e9667f7a7e18e331f2f573b8d768cd6e577248f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2f72329bcfe2df0fc4d988104fd93c57
SHA1 fba2f8d46d4c95e3f29600a2a0280e76c6fc684d
SHA256 08b0bce08a927fe9ade3448a3424a80f39b587fd24ae67cb735a9b8cbb6c8d29
SHA512 809a4387b0db31d3e19f5d5a93bbcf2f703ed6da37c972bfae15da94121e0af33d10914505b46a2e81de25f74efba4bd991082468b137e7612cfb8c0141bcb2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c4291e01497bef29efa0ff1d57a17845
SHA1 cd0d9e55dac8319179696532377a443c076feaae
SHA256 c09db9217c5b53bb3935287811edd5387953650efbf816d55d94f489c1190bf9
SHA512 6f35e41794c7f0b1b3cb4fd68ab2bed391e7dc74f72799e62fd9ec42aeaba089d003ba5d4965c497ec9afe9bb999faa850aa2409e5dd9e8ba697a4355d8fcc27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 567b2f4806785b8e36086edf324c37e9
SHA1 c7b07d885058c0be29dbec3048a811a658bb2e24
SHA256 7aac60853ccd32244c7af66d818e7d74a666e1b2158d0939fc42887da7b9c60e
SHA512 f4bcbc6784bd1f3dabd3a777e1448ad7273859821c2027e2c389a37474e18bc6341d5da6ca8fc19b0af9aa6280abaf8034df6ddcfe63d9d8e136244c50a7d66c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2df5d44440d3301421051950089224c8
SHA1 4691db56bdb279cef29dd1a8c81ff10d462407cd
SHA256 51d4dcd7ad596d929883a5f67edd14f30fbacff188fa661db5dfc90df45f9312
SHA512 7f4eca0914d79ed355299bf4c9749dd168d3abe9efba2fa6b4511c6328c0b304718fdb798ebd438dd4d69bae780066c16decbfd8363b9d7ef5d80b1e844011c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5854d2.TMP

MD5 a83c968936cb8ab6d99a534792e3fb22
SHA1 c9ce91a4c7a88361d4fcf204555894d9316083a5
SHA256 a9afd069ccd4afca85c3a8ebfd63f423800f805c22d0a5f86da6004f896fc1e0
SHA512 7d0232ea6b92558c9b53922773a8e8060a0327388c0e1fae01436b1d95c080965eb6c1a870eb50e2f4d51e9f2aed7d934323ef1b9efe629751fa1c9250c7f08e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05592d6b429a6209d372dba7629ce97c
SHA1 b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA256 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512 caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

MD5 9b756bc85e5324eb8f87a69e3f9959ab
SHA1 1778b2e2d6a00c421578a284db1e743931611d66
SHA256 e347a39e49ca8c835cc47d3f039230969e7c4156089f2e83e8a0aed1df88016e
SHA512 c897af3307e3c3163762021f49934ac5fbeab27f123e814bc390bdf1f0ed46671afeadcc87a8a4b18ddf13f4abd0d8ef00343af91ff999d7d447c96505d866d8

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c4291e01497bef29efa0ff1d57a17845
SHA1 cd0d9e55dac8319179696532377a443c076feaae
SHA256 c09db9217c5b53bb3935287811edd5387953650efbf816d55d94f489c1190bf9
SHA512 6f35e41794c7f0b1b3cb4fd68ab2bed391e7dc74f72799e62fd9ec42aeaba089d003ba5d4965c497ec9afe9bb999faa850aa2409e5dd9e8ba697a4355d8fcc27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8085b685c1df8962c6409f99c0f95bd9

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Local State

MD5 840b56c8826b926b14cf5ce9201e8af9
SHA1 3422dcf7e72e99eee865f741f4792a78fa7d76a6
SHA256 bbae65b9ac5e7125a901713875cf2a2c067cbefeae0b5022a44f1ca992e0389d
SHA512 ae79869d001b139d150dabfed1cbcf15cd77259237980c8e95f6ad2214c6042528228b1fd85e8bb12712e93b4015ef1904a1dd1337d6bb11215f5bf4cd5cb3fe

\??\pipe\crashpad_4588_WDNDOUWPOCHKNDRP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Local Storage\leveldb\LOG

MD5 f099ea0e53ec9d84e05f867c83eef0b6
SHA1 b62b4a8fade3d111eebc9176bc8ecfd06452249b
SHA256 1195b2c5870b0af077139bf8354994a91ec1e4a4ebbf6202ced48db74dfd2be3
SHA512 f9f877dca1a825b966e9abeb27d93a5f5e08d2c721a530ce7e24aa387c7c79bebacc17b12505b54614b8e36356cb4ad35114e2dab8d1bd2994b37ea58f02ddf8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Local Storage\leveldb\LOG.old

MD5 dc1e115f4840b9ac2e122c39c338d19f
SHA1 e154349508aa0bfe7713c4e5bcff55716434f60a
SHA256 a51514d2222db33693b36c6d569424f680a53de8a8c5d1266153911c83fb0a31
SHA512 db1af790aae820d1ea821aa363d292de03de1e6c024af3bd1c7076d87a00702c564369b234a47139b78d6de6b805e740d37f4f02b6e08135268dffe05515a1be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\GPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f7d33e8e4afdff816083eaec1515591e
SHA1 b6bce51ec21f74fecc755bc162715467a3be6a5b
SHA256 adb35da51b66a2c2d44373b0e73aeb6e5de045b57ec1fb2d64897df11984bbc8
SHA512 4c692cb55731b23e0194dfd1790d27bed944817240bfd7254a4ee5d8740f3f51fade59b4748b29c3c4ecd3e66468cfdebc95ea354a4da49bdc3d99fa8070f480

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a7a2cf82787f5263ce90a6c535fb1fdb
SHA1 014a4a3485109de7af9834f2d92d3ad5aed5c166
SHA256 9e719b7b133a45ba12d2e08e4b6f1753f7de37abc679a6beac84332f2fd41f0b
SHA512 f5506d255c417de0d6d3d6a087c581930d1a49666260367babf7f23e051ab447dafc3b033ec30c34f0d7c6fa48ca95100854b94dc9cd33ced3989fbcb2574aa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b476.TMP

MD5 ffb19cdab4f3f784355e0ca766a932fc
SHA1 5aab10982b86a99f3c21bacb51fdd4ffd06a6ec4
SHA256 79f7be4f54d9654c4dddf0b35ce4fed392e4e110aba7f6eaaa44452ac8c27743
SHA512 cb3142a2cba5822a79f871905d68be887dbc4847ecd6bf42aeed9d2372b09605a9cfe18711920495d2cd7ef97e6ae78872f0d567e0bcb89f69957638f44a0c76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Code Cache\js\index-dir\the-real-index~RFe58c37a.TMP

MD5 9c6461b4a2b7f8f90fbdaab2ba7e00de
SHA1 c46546b2b8eeaecc7c2a0618928a85e6d100244a
SHA256 8d946d971ea12af8b27aa041c953a4abb2bdd892671bc1778c053e241c28aa15
SHA512 fffef1036e47ef913f552e274ed513f385a4158fb4cb75e6a0119fce6a4d1b93fc3e38d9071ed511e2f8a9c53c5c9bc6d2344a1ac4c88147d9d713384ff96184

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 44b56982410dafc5cd468d7ec678ea56
SHA1 3f2df0f00ded9709b5f35a4c72315516422edf31
SHA256 ad6abf9682345e4f8b9080a77f0df5eda7391ac8a8e353972875f790572525fd
SHA512 3076d816691c59ca00c302968f9d662f0fc55c07c48f5f383c89d209bb9edb89c364e999538bb390b07cc33087a0dca2e361ae59f107828505bb5adbace5b3f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Code Cache\js\index-dir\the-real-index

MD5 ca4a52b053b236b02386cd4d7f6caf3c
SHA1 b2c8243614a5f56aa4042ec208315e19a763ff22
SHA256 55be3c7da4b3c829bc9229e1fbea6f35ffb53e68ebc7c285b69d3f807886ab23
SHA512 52668b30fe0538f89d46826617d291a9adcea72f631ea5dadb895fccae3357959fbbe64bc11ae61f7eefa8bf21622abe2bb08213491dcc0c62642b03c6f99484

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d55f56d-8a75-4a7f-ac51-6692de7dcdd8\index-dir\the-real-index~RFe58c37a.TMP

MD5 fa7c96efdb8abd492afd0eae099008fd
SHA1 28e6b2b41ec1094ce81532335935f628bae7eb37
SHA256 487cbf849856bd3a4351570b723e300759fa0cf4664bdd8fc67551139052f5c6
SHA512 4dfb34a62ce005bb685e1ccbae6dd06e7aec98801f658406f9572bca4a915db7a6f9e7e20632cbc39fdc9ad88d73b1525c2864b5f1450895e372099222a7f00e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 080d77c2917dc190c247a9cacc6ecb04
SHA1 e343fa135160a36e72cbd7abad4945b9d4219870
SHA256 ff05e4abf3499968547038cc71226bd2586dd6189270432b3a5e77a456d0d404
SHA512 233ea682ba88b5026402495835be0fc3d1f5a842baa4b908edb80ff3ae9360dfa6cc744bc78f063f6669aab90a96134d51a21a51115ece3803b0ad999283027c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c38a.TMP

MD5 8233556ecd13d18b577f96bf6a3e8828
SHA1 3beadc3fcda668e2a11f2dd37829f0aa24ef3e64
SHA256 459ec34abee0fceee5f8064737f5448390e43a9160000567414f5f00c04f780e
SHA512 22122262547c31e7094fff348631abd3edb8e17c3153374bc02ef9338eb1497f7722922c3ca575c7c70e9a05932f8ec0f5153e53f6657026e5a96c3751e7a66e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data4DVHG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d55f56d-8a75-4a7f-ac51-6692de7dcdd8\index-dir\the-real-index

MD5 508608243c9bde8c9900ee634a4ae9c1
SHA1 9a20483aa5bd31cec5ff9633702ef9507ed61de8
SHA256 59fd5d8572d21a1ad1e0c7c3e4f64ff774bb2547e59c918e34ae9e3671c05604
SHA512 33c7dfb89394f419962b0f65f19fdcf57bed5b83b3e822dfcaddc95654f7b234c1ac4ab2538aa4ed6592ecef2e7f665c276948d8b71374139cdb0cb06bf5798a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Cache\f_000001

MD5 b38618d73414464c59d36b97cc192b46
SHA1 75df2cccc016c2d27734f5ecfcfdd870b96cc06f
SHA256 160e9bf125ca8f8576df7a0116f3678a8189e7e9328f4fa89d4bc4f226fefb61
SHA512 abc1824b7af9fcb7309c30d625de66394a2c123d0b138307d0e8f953d28cea1bd6241b1110c584228a057f76406f29519abc2ad9074687b2d9384f8884140861

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Cache\f_000003

MD5 3275a2ca76dc8f815c70a4debc38bfc3
SHA1 9663dfc792adb040b3592ded101a4245dac871f1
SHA256 ebe640f85df69db0097a2809b7989e98e8dc3ecc07452e9428d2f84667f1c8f4
SHA512 5e44bd94fc0c7b8e8de9a4366eeafccd8b5b230de233d925284bfb0b813c42cc27c1fab7e3bc738bc7fc0cb41c198ee03eb38dffd76bedb594a6ac4ccd996fde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Cache\f_000004

MD5 117b6fa9275a2447a08de6f831448580
SHA1 b1c629759a6cc823b7ea8722a1215e58df804f8e
SHA256 ceb83e479cbf7789242592a3898cd1b815db08de8fe76e194b5857c3cca8649c
SHA512 de7e62959b10325461bf6f75734fd07ef6155e8066107c8d23e98067d656b2e4c8567b939cbaf1720e031a9f4da9536e2bf923ab7c7746f7bf210f887b0e0f78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Cache\f_000006

MD5 85165d976852a9bf51b523fa849c21b4
SHA1 769225c2a7010671737c8ded72826a9c58963bda
SHA256 ac3a9927ce53c84253aad05fcec24b9efbc2e2807fcd118b279cf4abf31c5ea0
SHA512 f0245f9b28fa7ff3cf8f6c5ba86763381b6108c70cc79de055114f16bfc3cc7b12006b11dcdbd928948009ca3e6099d622b5f62cfc35374f1c1512ec2649647a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6c88222b2a31247b15784bec8fe753f9
SHA1 5bfa683862d81d4043fd37b42375734e85dde493
SHA256 2d2879d3e19daafda768e91c8b730af5e444d6d8b07cd5ac37deb14a82107c1c
SHA512 d3f533569a37faa2ca6582daaacf8375906dd5cefa539c733a39d196087940a063acf9447f5b0e53f53a56552fe7bbf2e5dde48a890922ae16a0d9129e8033ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fa8b47c2f4f227bb77f170b7b877b316
SHA1 313d6347b713b9fbcff905e3a1ebc43cd5a23bf5
SHA256 31237c7033fcfa11592fe4cc24277f74f6169fe348c4c2b641e213768ceb238c
SHA512 d8d26334ea01b200dd46ec0a8f334c8f6e4e332602d4e2e481266d9cac96b90b2201b61889690df027420df82d551bd096c1ab809863490f3540bf61aa9e30e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a9d367e2a9ebe13fb55f0b3f4b6b63c2
SHA1 82766633d3b7a9517212fc7be362dece38bb1f46
SHA256 b9575f4de3449eb1bedd0ee1265ad7c51b2bd644c3c8bb73d1c3dc4894e3c868
SHA512 f13f24b277c50ad4f783c625ca723f303e49582e9e063affb25abc68297a3a5bd81597cd7461e3dab12a743e89f32273cadf616f1ab6fefb5a6ac3993d2f9b92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2a3a7a8cf582d975263bdf923999d556
SHA1 d8463636977a6e81a927a82a82d9c515defeb0ab
SHA256 27da406253f910ed6e876a2d992cb844ae3a1bb519d3d0603f74942667175ac9
SHA512 a56d4f7f6ef530d7590b549758928f45652f15ecf7aebb4aaf31cbd4f84204d27dac1f841a1a182990f079508af0c31c22b6f5529004df56a9f78ef68cdebcfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Cache\f_00000e

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Cache\f_00000d

MD5 52129e62d5eb39c400e5e8ffc3f513c4
SHA1 f39c492c3c726ea266f2362ebc8902b53d0a677e
SHA256 37357ff2feb91efca153a9b27888fc16ba4e4eab4bf3d9371f9a7569d51542ed
SHA512 df751708c513cae8f07db74efd0d42ad1a855efbf9b192db54ada84cf38113d5b8aae6cbea630482731739086cec8d8062c4f13ab5ed45f8bae735c4c5cf2cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Cache\f_00000f

MD5 21dc60631385b40632f8614ea68b38bd
SHA1 37835a51d3179efb17df38b454103ff7f0a15e33
SHA256 50614d956ae125db1b18e061630f72ca8db2a324f71a52e3d2b58e09db95c1d7
SHA512 c770e763b28e811a40e1340bbb297602ed6b99dd0a4817f52729fd8447c8b28f06a71a338f7bf9f22104f2543e509bd57cfd6955e0133f0417255fcf8b5ea681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Cache\f_000016

MD5 236df4b6091f1a89b5a89ceb8179eb42
SHA1 489293dc1f1f5d365ecc362cc98af260e98e67f4
SHA256 37387b6d45102bf4ac9fbcec531b0c1c4910226d66e561279e46b7d9dd9b208a
SHA512 db76b4d52df9deb370f4bf2ab58bfd178fe54a50ecdbf52c0f85c4262ffd680e5e1c20a533c93d21fa046484f88e4350e7591d483363a2f94b99b952eedc5c99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f85300fc2087e615450cbfbf32078cdf
SHA1 e24c44ab2f60752f44323967bd95272a9767e2c5
SHA256 18e16f1de29d70a96d70e7f96aab8a287e450de13a24fc43883dad9850dba8ac
SHA512 3ae065351fe06b69f0869baba5a6654a79dddbac9b32ff68f038ed4239db4c47c9a5e2a6ea6587ca7c10ea3cb1031835eb7d0d9e5544fcfa14098a5a7804508f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c82010f-8d3c-4280-a8b6-5ae1691c1184\index-dir\the-real-index~RFe590e3f.TMP

MD5 fccaa9b7e2aabc22d0bfb1149a4ef1cc
SHA1 b04f0c1af572f1442ca5779f51c5ec61a669ae13
SHA256 f3edcee58c8dbc5b3d5c3092b5036f91fe87bb0ea713412beb4965b800c90346
SHA512 e1be9f68f9a410a27929d37a855d5ed1d6725fc66f812b9a4b59c4dbf9a68d52e6ae0fb07e79dcbbbe824dbc33082d5f85f10a2a68e6dd3f81f66b7199cd54e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590e1f.TMP

MD5 11804ce499b0c146b915045d77089d0f
SHA1 b3d3fa09c7cd1741f9a264acfaa28c8d08bbcefc
SHA256 e843395e2ba5ce97b3f8f66489b89101b8151bd23681eba51781f695ef40e481
SHA512 ead561bafe26ca1383d5aeaa16d28fd8658f00a28d570045bfb914e1969fe9dc52494f03950ce30e3cc2aa38abbc896e5368e750a624426677ca1fce2adfdc59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Code Cache\js\index-dir\the-real-index

MD5 1e7eb2ca5951149b00b8129eb07842a7
SHA1 963772c6de7188c52eae286da0b4841296becb36
SHA256 8006c3fdaea8112af07af94a574da9f3dee3bf3367b9f575acc3afa2aa01992f
SHA512 e59a3d275b1ac9fc1ed6a10452d97d17b444575a4d46f6df33834d8eb435804669ed3e464bba979505db9e8ddc53c21d5e4056c77823afeac9366a7ffc73c181

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a590b4790ce6e99b6123282ff25f3f8e
SHA1 3eeda01c2094946018d8db9cf4b0ecb19c8b96b3
SHA256 709903696607038b47e444778379b29e176a9df6daf3326cd3abf30bb0ac49ea
SHA512 0629da6952e73b9f9c01bec9cad82ab797b1ba82ca680837260089b6c41d2f6cb03c203ce8cb2d272b4a6e9beee64899b7f7ca323f2bc277726631f23a62987f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Code Cache\js\index-dir\the-real-index~RFe590e1f.TMP

MD5 13c1bddee9e4f01049174b3db3499889
SHA1 1f735613e954127ce648407a18d52086af1cb612
SHA256 2bd5b74ffc746969548c654530866e4043ed8b5f28bf1c5bb263b9e7de553620
SHA512 05b7a839ad201815b177771b8b37e7711b397b5fb960d7514355ae4cff13092003dcd53fae09ac536506e09e575341953ecf17d985eb8002dcb9912c75bb411c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21929403-54bd-4669-82d9-a7dc8d3f45d9\index-dir\the-real-index

MD5 827a1010d0bbbf179595cbe162825239
SHA1 d7cd484e33c783c420a828f1f9ffe3f5aaeab80d
SHA256 bf2b498f189745a7e7767379f214a7023f50b4c84901441ab68ba2164a8a8299
SHA512 a9ef6ea05b312baa91b4a1c68f522128568fa2f7802712bfc9b9c5911d103c302cb0e8587fbe652626ce791cca924dd40de17dc003aec0f1edfd81f80c10cfe3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\21929403-54bd-4669-82d9-a7dc8d3f45d9\index-dir\the-real-index~RFe590e3f.TMP

MD5 8a43b82c56d3359fa545309de819f560
SHA1 5ea6a77d28ebe16b572307d44d2ed3c46fc93339
SHA256 b38a30aeac12cc1b67b67864c0bde5adaa1852ddbf265ffa0119f14e01900684
SHA512 968b5408b247cf6e47b0fc154b74754464748615e05d6a2f55c4ca0e661db91b5f1ce1709608543df6b504e3cd7d98af09ca0077ab413122524d899d74180111

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0ZU67\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c82010f-8d3c-4280-a8b6-5ae1691c1184\index-dir\the-real-index

MD5 82be492f62f88b18b864a2028329d46b
SHA1 b3a2fcf23637d349cb08a4bdb215472e0fbaea88
SHA256 8d750ca874c245def2c444f7ee455349d060ebb5e51579bae6a7a24458c2f92b
SHA512 bc34e81834c49d093c514fc67a51779a0863c611912d7894bbf70c10c0b1bffcf62e264c8a6922d1339e47dfc9cfc23865c54661b387bf03b90109452d77711c

C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe

MD5 a137245d8bc8109c4bc3df6e2b37d327
SHA1 ed8973e65b2aacb60683787831de37e7c805fa6c
SHA256 f342950ea78a3910911df852de530912090acea09b895e299d4ba0132ee146ee
SHA512 5d83e91ac5862c62d5b90418a75feaedcffb01aa2a396d1cb71c11d9dfbfb0e415d38687ce0736b7159f874835ace02f27d11067b2ab6b81f58a948f10fabc00

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-15 13:12

Reported

2023-09-15 13:15

Platform

win7-20230831-en

Max time kernel

37s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe"

Signatures

Amadey

trojan amadey

Detected Djvu ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Djvu Ransomware

ransomware djvu

RedLine

infostealer redline

SmokeLoader

trojan backdoor smokeloader

Vidar

stealer vidar

Downloads MZ/PE file

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2887.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\373B.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2572 set thread context of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2540 set thread context of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2816 set thread context of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1200 wrote to memory of 2572 N/A N/A C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 1200 wrote to memory of 2572 N/A N/A C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 1200 wrote to memory of 2572 N/A N/A C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 1200 wrote to memory of 2572 N/A N/A C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 2572 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2887.exe C:\Users\Admin\AppData\Local\Temp\2887.exe
PID 1200 wrote to memory of 3000 N/A N/A C:\Users\Admin\AppData\Local\Temp\2AC9.exe
PID 1200 wrote to memory of 3000 N/A N/A C:\Users\Admin\AppData\Local\Temp\2AC9.exe
PID 1200 wrote to memory of 3000 N/A N/A C:\Users\Admin\AppData\Local\Temp\2AC9.exe
PID 1200 wrote to memory of 3000 N/A N/A C:\Users\Admin\AppData\Local\Temp\2AC9.exe
PID 1200 wrote to memory of 2736 N/A N/A C:\Users\Admin\AppData\Local\Temp\2C21.exe
PID 1200 wrote to memory of 2736 N/A N/A C:\Users\Admin\AppData\Local\Temp\2C21.exe
PID 1200 wrote to memory of 2736 N/A N/A C:\Users\Admin\AppData\Local\Temp\2C21.exe
PID 1200 wrote to memory of 2736 N/A N/A C:\Users\Admin\AppData\Local\Temp\2C21.exe
PID 1200 wrote to memory of 2816 N/A N/A C:\Windows\system32\conhost.exe
PID 1200 wrote to memory of 2816 N/A N/A C:\Windows\system32\conhost.exe
PID 1200 wrote to memory of 2816 N/A N/A C:\Windows\system32\conhost.exe
PID 1200 wrote to memory of 2816 N/A N/A C:\Windows\system32\conhost.exe
PID 1200 wrote to memory of 2492 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1200 wrote to memory of 2492 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1200 wrote to memory of 2492 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1200 wrote to memory of 2492 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1200 wrote to memory of 2492 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2492 wrote to memory of 2504 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2492 wrote to memory of 2504 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2492 wrote to memory of 2504 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2492 wrote to memory of 2504 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2492 wrote to memory of 2504 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2492 wrote to memory of 2504 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2492 wrote to memory of 2504 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1200 wrote to memory of 2540 N/A N/A C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 1200 wrote to memory of 2540 N/A N/A C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 1200 wrote to memory of 2540 N/A N/A C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 1200 wrote to memory of 2540 N/A N/A C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2540 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\373B.exe C:\Users\Admin\AppData\Local\Temp\373B.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2816 wrote to memory of 1964 N/A C:\Windows\system32\conhost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe

"C:\Users\Admin\AppData\Local\Temp\a9890f87b21ea9eb9f36f6d569ce7051c4b44bdc8b6a709ec294d6dc324d82a8_JC.exe"

C:\Users\Admin\AppData\Local\Temp\2887.exe

C:\Users\Admin\AppData\Local\Temp\2887.exe

C:\Users\Admin\AppData\Local\Temp\2887.exe

C:\Users\Admin\AppData\Local\Temp\2887.exe

C:\Users\Admin\AppData\Local\Temp\2AC9.exe

C:\Users\Admin\AppData\Local\Temp\2AC9.exe

C:\Users\Admin\AppData\Local\Temp\2C21.exe

C:\Users\Admin\AppData\Local\Temp\2C21.exe

C:\Users\Admin\AppData\Local\Temp\3121.exe

C:\Users\Admin\AppData\Local\Temp\3121.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\35A5.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\35A5.dll

C:\Users\Admin\AppData\Local\Temp\373B.exe

C:\Users\Admin\AppData\Local\Temp\373B.exe

C:\Users\Admin\AppData\Local\Temp\373B.exe

C:\Users\Admin\AppData\Local\Temp\373B.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\c9e963df-d3ba-43ea-b654-4fa6894c667f" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Users\Admin\AppData\Local\Temp\48BA.exe

C:\Users\Admin\AppData\Local\Temp\48BA.exe

C:\Users\Admin\AppData\Local\Temp\48BA.exe

C:\Users\Admin\AppData\Local\Temp\48BA.exe

C:\Users\Admin\AppData\Local\Temp\373B.exe

"C:\Users\Admin\AppData\Local\Temp\373B.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\373B.exe

"C:\Users\Admin\AppData\Local\Temp\373B.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\53C2.exe

C:\Users\Admin\AppData\Local\Temp\53C2.exe

C:\Users\Admin\AppData\Local\Temp\56CF.exe

C:\Users\Admin\AppData\Local\Temp\56CF.exe

C:\Users\Admin\AppData\Local\Temp\48BA.exe

"C:\Users\Admin\AppData\Local\Temp\48BA.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\2887.exe

"C:\Users\Admin\AppData\Local\Temp\2887.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe

"C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe"

C:\Users\Admin\AppData\Local\Temp\48BA.exe

"C:\Users\Admin\AppData\Local\Temp\48BA.exe" --Admin IsNotAutoStart IsNotTask

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN yiueea.exe /TR "C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe" /F

C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe

"C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "176311411-1106559215931117517-348025941-1959606294-975408830-83251009-877240205"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "yiueea.exe" /P "Admin:N"&&CACLS "yiueea.exe" /P "Admin:R" /E&&echo Y|CACLS "..\577f58beff" /P "Admin:N"&&CACLS "..\577f58beff" /P "Admin:R" /E&&Exit

C:\Users\Admin\AppData\Local\Temp\2887.exe

"C:\Users\Admin\AppData\Local\Temp\2887.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

"C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "yiueea.exe" /P "Admin:N"

C:\Windows\SysWOW64\cacls.exe

CACLS "yiueea.exe" /P "Admin:R" /E

C:\Windows\SysWOW64\cacls.exe

CACLS "..\577f58beff" /P "Admin:N"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\577f58beff" /P "Admin:R" /E

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build3.exe

"C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build3.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\system32\taskeng.exe

taskeng.exe {7862A1FE-EF5B-4D27-8CB2-CFC533A04FB5} S-1-5-21-3185155662-718608226-894467740-1000:YETUIZPU\Admin:Interactive:[1]

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 potunulit.org udp
US 188.114.96.0:80 potunulit.org tcp
US 8.8.8.8:53 colisumy.com udp
BR 187.18.108.158:80 colisumy.com tcp
BR 187.18.108.158:80 colisumy.com tcp
US 8.8.8.8:53 api.2ip.ua udp
US 8.8.8.8:53 api.2ip.ua udp
NL 162.0.217.254:443 api.2ip.ua tcp
NL 162.0.217.254:443 api.2ip.ua tcp
US 38.181.25.43:3325 tcp
MD 176.123.9.142:14845 tcp
GB 51.38.95.107:42494 tcp
BG 193.42.32.101:80 193.42.32.101 tcp
NL 162.0.217.254:443 api.2ip.ua tcp
NL 162.0.217.254:443 api.2ip.ua tcp
RU 79.137.192.18:80 79.137.192.18 tcp
BR 187.18.108.158:80 colisumy.com tcp
US 8.8.8.8:53 zexeq.com udp
MX 189.232.123.108:80 zexeq.com tcp
US 8.8.8.8:53 api-alajman.com udp
GB 193.32.208.75:443 api-alajman.com tcp
GB 193.32.208.75:443 api-alajman.com tcp
MX 189.232.123.108:80 zexeq.com tcp
US 38.181.25.43:3325 tcp
NL 162.0.217.254:443 api.2ip.ua tcp
US 38.181.25.43:3325 tcp
RU 79.137.192.18:80 79.137.192.18 tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
US 38.181.25.43:3325 tcp
DE 116.203.7.16:80 116.203.7.16 tcp
US 38.181.25.43:3325 tcp

Files

memory/2012-0-0x00000000001B0000-0x00000000001C5000-memory.dmp

memory/2012-1-0x00000000001D0000-0x00000000001D9000-memory.dmp

memory/2012-2-0x0000000000400000-0x0000000000480000-memory.dmp

memory/2012-4-0x0000000000400000-0x0000000000480000-memory.dmp

memory/1200-3-0x00000000021E0000-0x00000000021F6000-memory.dmp

memory/2012-8-0x00000000001B0000-0x00000000001C5000-memory.dmp

memory/2012-7-0x00000000001D0000-0x00000000001D9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/2572-18-0x0000000000320000-0x00000000003B2000-memory.dmp

memory/2572-19-0x0000000000320000-0x00000000003B2000-memory.dmp

memory/2572-20-0x00000000020A0000-0x00000000021BB000-memory.dmp

\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/2340-23-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2AC9.exe

MD5 fc55462468d1a34e514d01aa30c0a5cd
SHA1 168e4cd58a14f9e4591d49877ab5cb08e9a142a0
SHA256 74ccc20216ebd15c3f9c937b7b40653a8c04537a15c95bb46f381c40e0ff194b
SHA512 e2ba1facb596a2e54284b6556bb6a485cc213deae1b270f71e283412c4ba58aff78cff349ab329e110c09455c531f2d1b65b1cbb1c23ed0cd74647bfba7f4b6d

C:\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/2340-25-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2AC9.exe

MD5 fc55462468d1a34e514d01aa30c0a5cd
SHA1 168e4cd58a14f9e4591d49877ab5cb08e9a142a0
SHA256 74ccc20216ebd15c3f9c937b7b40653a8c04537a15c95bb46f381c40e0ff194b
SHA512 e2ba1facb596a2e54284b6556bb6a485cc213deae1b270f71e283412c4ba58aff78cff349ab329e110c09455c531f2d1b65b1cbb1c23ed0cd74647bfba7f4b6d

memory/2340-34-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2340-35-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2C21.exe

MD5 ed6778e6fe0c07587f4892c807d7f883
SHA1 3a94caa9336934ca2b12173b24fa815ea963edcb
SHA256 a9f19ec6eec891e21b885a04030995a5c996f0b673c6425ee28b0ef6c70d2898
SHA512 b3fffd8485429cbe7c87a6eda24af95d2f497d3d3b47656ea3930c2ced6344f9b13099d419503f0c3dc40661111dac8df1d91eed66f448d58e0880c766859544

C:\Users\Admin\AppData\Local\Temp\2C21.exe

MD5 ed6778e6fe0c07587f4892c807d7f883
SHA1 3a94caa9336934ca2b12173b24fa815ea963edcb
SHA256 a9f19ec6eec891e21b885a04030995a5c996f0b673c6425ee28b0ef6c70d2898
SHA512 b3fffd8485429cbe7c87a6eda24af95d2f497d3d3b47656ea3930c2ced6344f9b13099d419503f0c3dc40661111dac8df1d91eed66f448d58e0880c766859544

memory/3000-43-0x00000000001C0000-0x00000000001F0000-memory.dmp

memory/3000-42-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2736-49-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2736-46-0x00000000003D0000-0x0000000000400000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2AC9.exe

MD5 fc55462468d1a34e514d01aa30c0a5cd
SHA1 168e4cd58a14f9e4591d49877ab5cb08e9a142a0
SHA256 74ccc20216ebd15c3f9c937b7b40653a8c04537a15c95bb46f381c40e0ff194b
SHA512 e2ba1facb596a2e54284b6556bb6a485cc213deae1b270f71e283412c4ba58aff78cff349ab329e110c09455c531f2d1b65b1cbb1c23ed0cd74647bfba7f4b6d

C:\Users\Admin\AppData\Local\Temp\2C21.exe

MD5 ed6778e6fe0c07587f4892c807d7f883
SHA1 3a94caa9336934ca2b12173b24fa815ea963edcb
SHA256 a9f19ec6eec891e21b885a04030995a5c996f0b673c6425ee28b0ef6c70d2898
SHA512 b3fffd8485429cbe7c87a6eda24af95d2f497d3d3b47656ea3930c2ced6344f9b13099d419503f0c3dc40661111dac8df1d91eed66f448d58e0880c766859544

memory/2736-54-0x00000000738A0000-0x0000000073F8E000-memory.dmp

memory/3000-56-0x00000000738A0000-0x0000000073F8E000-memory.dmp

memory/3000-58-0x0000000001CE0000-0x0000000001CE6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3121.exe

MD5 c7b34cc95676afe2b43fce196202d3fa
SHA1 92eb09a6883ef684d3d175ece6599a61266bada9
SHA256 8d5bfbac46cfe1f428ba5905fbb0252b08e71d7061b32c3a90d20f451df72060
SHA512 0e581a66baba515995b3513698cdf5bd8c6119ea4ce3c3b0f9b7bcf58cbef4eb27188ef976f8f2aaef7b5cd673fb2718df6d4133fc891ccc207d136babbeaa16

memory/2736-60-0x00000000007E0000-0x00000000007E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\35A5.dll

MD5 e0286fab4e36e2523d461e6294395e22
SHA1 f0a6ac98bb771e720ac3683a75f7ec3af7ad75cd
SHA256 a03129d4c88ef87b55f37dcc126c02ffb9231800655eb0885936b2764577d919
SHA512 7d637411a7566053b2bf37b75e907052af66b8a404499afa9b23477bfc318952bb94837b8aa9c14e16156afa080cba0ca91663e068a482953b3576daf8c4f467

C:\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

C:\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/2540-70-0x00000000002A0000-0x0000000000332000-memory.dmp

memory/2540-71-0x00000000002A0000-0x0000000000332000-memory.dmp

memory/2540-72-0x0000000002030000-0x000000000214B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

C:\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/2968-77-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2968-80-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2968-81-0x0000000000400000-0x0000000000537000-memory.dmp

\Users\Admin\AppData\Local\Temp\35A5.dll

MD5 e0286fab4e36e2523d461e6294395e22
SHA1 f0a6ac98bb771e720ac3683a75f7ec3af7ad75cd
SHA256 a03129d4c88ef87b55f37dcc126c02ffb9231800655eb0885936b2764577d919
SHA512 7d637411a7566053b2bf37b75e907052af66b8a404499afa9b23477bfc318952bb94837b8aa9c14e16156afa080cba0ca91663e068a482953b3576daf8c4f467

memory/2504-83-0x00000000001F0000-0x00000000001F6000-memory.dmp

memory/2504-84-0x0000000010000000-0x0000000010243000-memory.dmp

memory/1964-86-0x0000000000400000-0x0000000000430000-memory.dmp

memory/2340-87-0x0000000000400000-0x0000000000537000-memory.dmp

memory/1964-89-0x0000000000400000-0x0000000000430000-memory.dmp

memory/1964-91-0x0000000000400000-0x0000000000430000-memory.dmp

memory/1964-92-0x0000000000400000-0x0000000000430000-memory.dmp

memory/1964-93-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

memory/2736-90-0x0000000004670000-0x00000000046B0000-memory.dmp

memory/3000-88-0x0000000004760000-0x00000000047A0000-memory.dmp

memory/1964-94-0x0000000000400000-0x0000000000430000-memory.dmp

memory/1964-96-0x0000000000400000-0x0000000000430000-memory.dmp

memory/1964-98-0x0000000000400000-0x0000000000430000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab43B5.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

memory/1964-113-0x00000000738A0000-0x0000000073F8E000-memory.dmp

memory/1964-114-0x0000000000310000-0x0000000000316000-memory.dmp

memory/2736-115-0x00000000738A0000-0x0000000073F8E000-memory.dmp

memory/3000-116-0x00000000738A0000-0x0000000073F8E000-memory.dmp

memory/1964-117-0x00000000048B0000-0x00000000048F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tar4695.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a14670f8439a3ba391e88c6b30faf07
SHA1 d8b9f333f814fcae6433e6251fd6083bdad16844
SHA256 bcc620f5d6f03556bc9f5fe4c93b23d9b1912af611c67b14c633aa4b636b0ff0
SHA512 e6e7005acd41b89e761046dafa3ac4e35a4c3f35f994f7e9ffd0d291cc7fc00f5b0ae74b212200ba35074a101f676991060c7af24e23c458c09b6879e84357a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 f8391418c2aeab97b1da04625b661fc6
SHA1 738fd2b40c0b9762f351f20270dbb0df3115fef3
SHA256 0a12d53f707eb7440c87c15ec9d590ec15937b700e883a4f2402df8f360961a0
SHA512 aada0c25bf39f3f9f32daa4bf28b8cc0e9882f4d04795eb5a77aec755886d89aa18edeb496016136313f29bced8104bfc922f43cf6c9220f71f1917af2edf8b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 f8391418c2aeab97b1da04625b661fc6
SHA1 738fd2b40c0b9762f351f20270dbb0df3115fef3
SHA256 0a12d53f707eb7440c87c15ec9d590ec15937b700e883a4f2402df8f360961a0
SHA512 aada0c25bf39f3f9f32daa4bf28b8cc0e9882f4d04795eb5a77aec755886d89aa18edeb496016136313f29bced8104bfc922f43cf6c9220f71f1917af2edf8b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 fa4ae5fcb44bfaf845b845961180d250
SHA1 8257ee68bdd2bc3ea2723eda7aeba404195d46bf
SHA256 574c66c19561773196a88f115168cf5d73b71fd26f9034606fe38a5535d4df96
SHA512 ad1de0c1d0f5a4a7e3615b48537f75250779368b388520b001d96367d5aa19fa88a9f471d1212e679ab9eaae854374445807877891bf1b803fa6c7886877d253

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 f8391418c2aeab97b1da04625b661fc6
SHA1 738fd2b40c0b9762f351f20270dbb0df3115fef3
SHA256 0a12d53f707eb7440c87c15ec9d590ec15937b700e883a4f2402df8f360961a0
SHA512 aada0c25bf39f3f9f32daa4bf28b8cc0e9882f4d04795eb5a77aec755886d89aa18edeb496016136313f29bced8104bfc922f43cf6c9220f71f1917af2edf8b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 bcf9c82a8e06cd4dbc7c6f8166b03d62
SHA1 aa072fd0adc30bc7d45952443a137972eaea0499
SHA256 32b64ccb43add6147056e3f68bd46c762c8b38dea72735355fc422160a0f417d
SHA512 7a26e9797da034f01a08a1b62e4e7e39de67526257d015a0ef7590968af690fecb1852a0f3ee05f64bbf571344eb74ef4d404d2f145f7e7dd36f6a21816ba4a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2674048b69552226d2daff3285828b1
SHA1 f06ff88251bdc091c0ae2080caf1adc19102308e
SHA256 38232e52768c81b2ef07ff7a61969aca49ac37bb386e4ae1e4c2716725d81da1
SHA512 7d9248028cb0a030d96d64883e377892e9e1d29e7c7ddd08c6324c7eaac77a6031e000b07fe4456f669a484e7930a0e84d4be233207d5ea26591e014ff2aab0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 1f5c7792caea47897b6b09a2f856d6a1
SHA1 9bd5e12dffe8f36018eac57c52368c3c36f20829
SHA256 1caf135d97820afb9c003e090e370c3b8319657188582f55a8e8f10acc945c58
SHA512 2d9bc08ca11ee94043a2242967ae17eb5f4e4863c99643d0c07b26775ebc1c947681bbcc289de053592064b53ea5776f3234b64e2830d55cb263993335cf745e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2674048b69552226d2daff3285828b1
SHA1 f06ff88251bdc091c0ae2080caf1adc19102308e
SHA256 38232e52768c81b2ef07ff7a61969aca49ac37bb386e4ae1e4c2716725d81da1
SHA512 7d9248028cb0a030d96d64883e377892e9e1d29e7c7ddd08c6324c7eaac77a6031e000b07fe4456f669a484e7930a0e84d4be233207d5ea26591e014ff2aab0b

C:\Users\Admin\AppData\Local\Temp\48BA.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

\Users\Admin\AppData\Local\Temp\48BA.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\Local\Temp\48BA.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/2148-187-0x0000000000220000-0x00000000002B2000-memory.dmp

memory/2148-183-0x0000000000220000-0x00000000002B2000-memory.dmp

\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/2968-192-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

C:\Users\Admin\AppData\Local\Temp\48BA.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/880-198-0x00000000002B0000-0x0000000000342000-memory.dmp

\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/880-199-0x00000000002B0000-0x0000000000342000-memory.dmp

memory/2104-200-0x0000000000400000-0x0000000000537000-memory.dmp

\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

C:\Users\Admin\AppData\Local\Temp\373B.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/2340-208-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2112-209-0x0000000000400000-0x0000000000537000-memory.dmp

memory/3000-210-0x0000000004760000-0x00000000047A0000-memory.dmp

memory/2736-212-0x0000000004670000-0x00000000046B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\53C2.exe

MD5 2f212322c6b6d7db7250d0c282271925
SHA1 01676375932ea61ffb5128c244c0ecc7cb335a01
SHA256 3073eaf746e904b1e653992e78f7c5f95b3f9ad0989e4611412b038348c1afa1
SHA512 2dc544c11d9fb985b915d4af5ec2025468c6ca112c2301f161fd81577b24bdc28b2bf0e81979a7e4048e70ed8216fcac35cb055fd81b5b341e48c5ef8f2e446f

\Users\Admin\AppData\Local\Temp\53C2.exe

MD5 2f212322c6b6d7db7250d0c282271925
SHA1 01676375932ea61ffb5128c244c0ecc7cb335a01
SHA256 3073eaf746e904b1e653992e78f7c5f95b3f9ad0989e4611412b038348c1afa1
SHA512 2dc544c11d9fb985b915d4af5ec2025468c6ca112c2301f161fd81577b24bdc28b2bf0e81979a7e4048e70ed8216fcac35cb055fd81b5b341e48c5ef8f2e446f

C:\Users\Admin\AppData\Local\Temp\53C2.exe

MD5 2f212322c6b6d7db7250d0c282271925
SHA1 01676375932ea61ffb5128c244c0ecc7cb335a01
SHA256 3073eaf746e904b1e653992e78f7c5f95b3f9ad0989e4611412b038348c1afa1
SHA512 2dc544c11d9fb985b915d4af5ec2025468c6ca112c2301f161fd81577b24bdc28b2bf0e81979a7e4048e70ed8216fcac35cb055fd81b5b341e48c5ef8f2e446f

C:\Users\Admin\AppData\Local\c9e963df-d3ba-43ea-b654-4fa6894c667f\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 fa4ae5fcb44bfaf845b845961180d250
SHA1 8257ee68bdd2bc3ea2723eda7aeba404195d46bf
SHA256 574c66c19561773196a88f115168cf5d73b71fd26f9034606fe38a5535d4df96
SHA512 ad1de0c1d0f5a4a7e3615b48537f75250779368b388520b001d96367d5aa19fa88a9f471d1212e679ab9eaae854374445807877891bf1b803fa6c7886877d253

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2674048b69552226d2daff3285828b1
SHA1 f06ff88251bdc091c0ae2080caf1adc19102308e
SHA256 38232e52768c81b2ef07ff7a61969aca49ac37bb386e4ae1e4c2716725d81da1
SHA512 7d9248028cb0a030d96d64883e377892e9e1d29e7c7ddd08c6324c7eaac77a6031e000b07fe4456f669a484e7930a0e84d4be233207d5ea26591e014ff2aab0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 bcf9c82a8e06cd4dbc7c6f8166b03d62
SHA1 aa072fd0adc30bc7d45952443a137972eaea0499
SHA256 32b64ccb43add6147056e3f68bd46c762c8b38dea72735355fc422160a0f417d
SHA512 7a26e9797da034f01a08a1b62e4e7e39de67526257d015a0ef7590968af690fecb1852a0f3ee05f64bbf571344eb74ef4d404d2f145f7e7dd36f6a21816ba4a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 fca1a86bd5e4506d9705d6376f368772
SHA1 e3f5ff0f7a64aa3dd5e249df3fd67d901bced323
SHA256 d4e673d155ab64f59074fb2fd37fab741dd0cb539fd845f07fcdaaf59bcc993e
SHA512 2e0835a9a6b54ff70d6eca1c4985437926a75fb8e54ad8b2dd5fd8426ce9d8dee79402295622d2974dd99661c59ccd394bd01983695dbe348c1f272e573a8390

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 f8391418c2aeab97b1da04625b661fc6
SHA1 738fd2b40c0b9762f351f20270dbb0df3115fef3
SHA256 0a12d53f707eb7440c87c15ec9d590ec15937b700e883a4f2402df8f360961a0
SHA512 aada0c25bf39f3f9f32daa4bf28b8cc0e9882f4d04795eb5a77aec755886d89aa18edeb496016136313f29bced8104bfc922f43cf6c9220f71f1917af2edf8b2

memory/2504-237-0x00000000022C0000-0x00000000023DA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\56CF.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

\Users\Admin\AppData\Local\Temp\48BA.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

\Users\Admin\AppData\Local\Temp\48BA.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/2104-247-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\48BA.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

C:\Users\Admin\AppData\Local\Temp\56CF.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

memory/2112-250-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2504-252-0x0000000001D70000-0x0000000001E6F000-memory.dmp

memory/2112-251-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2504-253-0x0000000001D70000-0x0000000001E6F000-memory.dmp

\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe

MD5 d249cebde9fcfcddb47af02d6c10f268
SHA1 0c6a6a81326d9634b55e973cc4b0364693e9df53
SHA256 34e9b76c568bed90396850a59f181edb5233a045c1042fec1e29a42d8449cd40
SHA512 dfd33206b441eb51bd6c4544a11089d0f6754b124c43b7a33d6c7b3fd0de940df2e162337585dc7df66ac4ffb82fa404f140b877f531669bc84a9f8d1487a246

C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe

MD5 d249cebde9fcfcddb47af02d6c10f268
SHA1 0c6a6a81326d9634b55e973cc4b0364693e9df53
SHA256 34e9b76c568bed90396850a59f181edb5233a045c1042fec1e29a42d8449cd40
SHA512 dfd33206b441eb51bd6c4544a11089d0f6754b124c43b7a33d6c7b3fd0de940df2e162337585dc7df66ac4ffb82fa404f140b877f531669bc84a9f8d1487a246

\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe

MD5 d249cebde9fcfcddb47af02d6c10f268
SHA1 0c6a6a81326d9634b55e973cc4b0364693e9df53
SHA256 34e9b76c568bed90396850a59f181edb5233a045c1042fec1e29a42d8449cd40
SHA512 dfd33206b441eb51bd6c4544a11089d0f6754b124c43b7a33d6c7b3fd0de940df2e162337585dc7df66ac4ffb82fa404f140b877f531669bc84a9f8d1487a246

memory/2440-257-0x0000000001F20000-0x0000000001FB2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

\Users\Admin\AppData\Local\Temp\48BA.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/2360-291-0x0000000001FD0000-0x0000000002062000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/3032-288-0x0000000001100000-0x00000000011B0000-memory.dmp

C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe

MD5 d249cebde9fcfcddb47af02d6c10f268
SHA1 0c6a6a81326d9634b55e973cc4b0364693e9df53
SHA256 34e9b76c568bed90396850a59f181edb5233a045c1042fec1e29a42d8449cd40
SHA512 dfd33206b441eb51bd6c4544a11089d0f6754b124c43b7a33d6c7b3fd0de940df2e162337585dc7df66ac4ffb82fa404f140b877f531669bc84a9f8d1487a246

C:\Users\Admin\AppData\Local\Temp\2887.exe

MD5 1befd108d817dd955eb4401b572b68c3
SHA1 9dbebb44341577a816f25057751ce459ad731fb6
SHA256 7dda4a022cbbf64ac3a021a7cd535a2bc0b78af0db60e8a9c33c0f52801af7ff
SHA512 403823ed3fa70c52668ec1a144a600b01720ee80e5832bc83f4be42d7710eed46e333a09d8718c7959aad4f22ba0ad4eb9a328e1d38cb780d350d6d1cc098196

memory/2620-297-0x0000000002532000-0x0000000002561000-memory.dmp

memory/2620-298-0x0000000000220000-0x0000000000271000-memory.dmp

C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe

MD5 d249cebde9fcfcddb47af02d6c10f268
SHA1 0c6a6a81326d9634b55e973cc4b0364693e9df53
SHA256 34e9b76c568bed90396850a59f181edb5233a045c1042fec1e29a42d8449cd40
SHA512 dfd33206b441eb51bd6c4544a11089d0f6754b124c43b7a33d6c7b3fd0de940df2e162337585dc7df66ac4ffb82fa404f140b877f531669bc84a9f8d1487a246

memory/2360-278-0x0000000001FD0000-0x0000000002062000-memory.dmp

\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build2.exe

MD5 d249cebde9fcfcddb47af02d6c10f268
SHA1 0c6a6a81326d9634b55e973cc4b0364693e9df53
SHA256 34e9b76c568bed90396850a59f181edb5233a045c1042fec1e29a42d8449cd40
SHA512 dfd33206b441eb51bd6c4544a11089d0f6754b124c43b7a33d6c7b3fd0de940df2e162337585dc7df66ac4ffb82fa404f140b877f531669bc84a9f8d1487a246

memory/2340-259-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2504-258-0x0000000001D70000-0x0000000001E6F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build3.exe

MD5 9ead10c08e72ae41921191f8db39bc16
SHA1 abe3bce01cd34afc88e2c838173f8c2bd0090ae1
SHA256 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0
SHA512 aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a

\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build3.exe

MD5 9ead10c08e72ae41921191f8db39bc16
SHA1 abe3bce01cd34afc88e2c838173f8c2bd0090ae1
SHA256 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0
SHA512 aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a

C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build3.exe

MD5 9ead10c08e72ae41921191f8db39bc16
SHA1 abe3bce01cd34afc88e2c838173f8c2bd0090ae1
SHA256 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0
SHA512 aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a

C:\Users\Admin\AppData\Local\525c5b76-c2be-45ef-a073-bd7fc356103b\build3.exe

MD5 9ead10c08e72ae41921191f8db39bc16
SHA1 abe3bce01cd34afc88e2c838173f8c2bd0090ae1
SHA256 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0
SHA512 aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a

memory/3032-322-0x000007FEF5D60000-0x000007FEF674C000-memory.dmp

memory/1964-348-0x00000000738A0000-0x0000000073F8E000-memory.dmp

memory/2652-347-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2440-335-0x0000000001F20000-0x0000000001FB2000-memory.dmp

memory/3032-331-0x0000000000340000-0x0000000000348000-memory.dmp

memory/3032-350-0x000000001AF40000-0x000000001AFC0000-memory.dmp

memory/2656-349-0x0000000000400000-0x0000000000465000-memory.dmp