Analysis Overview
SHA256
3a5fc37142b10cae16e14fd10abb8a45b939ee1ce46cac8f72e4c8d787c85940
Threat Level: Known bad
The file source.exe was found to be: Known bad.
Malicious Activity Summary
Detect Pysilon
Pysilon family
Enumerates VirtualBox DLL files
Blocklisted process makes network request
Modifies Installed Components in the registry
Drops file in Drivers directory
Sets file to hidden
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Detects Pyinstaller
Gathers network information
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
Modifies Control Panel
Views/modifies file attributes
Kills process with taskkill
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-29 18:10
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-29 18:10
Reported
2023-11-29 18:41
Platform
win7-20231023-en
Max time kernel
1559s
Max time network
1566s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\source.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2460 wrote to memory of 2704 | N/A | C:\Users\Admin\AppData\Local\Temp\source.exe | C:\Users\Admin\AppData\Local\Temp\source.exe |
| PID 2460 wrote to memory of 2704 | N/A | C:\Users\Admin\AppData\Local\Temp\source.exe | C:\Users\Admin\AppData\Local\Temp\source.exe |
| PID 2460 wrote to memory of 2704 | N/A | C:\Users\Admin\AppData\Local\Temp\source.exe | C:\Users\Admin\AppData\Local\Temp\source.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\source.exe
"C:\Users\Admin\AppData\Local\Temp\source.exe"
C:\Users\Admin\AppData\Local\Temp\source.exe
"C:\Users\Admin\AppData\Local\Temp\source.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI24602\python311.dll
| MD5 | 5792adeab1e4414e0129ce7a228eb8b8 |
| SHA1 | e9f022e687b6d88d20ee96d9509f82e916b9ee8c |
| SHA256 | 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967 |
| SHA512 | c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b |
\Users\Admin\AppData\Local\Temp\_MEI24602\python311.dll
| MD5 | 5792adeab1e4414e0129ce7a228eb8b8 |
| SHA1 | e9f022e687b6d88d20ee96d9509f82e916b9ee8c |
| SHA256 | 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967 |
| SHA512 | c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b |
memory/2704-1260-0x000007FEF6490000-0x000007FEF6A79000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-11-29 18:10
Reported
2023-11-29 18:41
Platform
win10v2004-20231127-en
Max time kernel
1803s
Max time network
1158s
Command Line
Signatures
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\AppData\Local\Temp\source.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\RuntimeProc\Runtime Broker.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\RuntimeProc\Runtime Broker.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\AppData\Local\Temp\source.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\RuntimeProc\Runtime Broker.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\International\Geo\Nation | N/A | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\International\Geo\Nation | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Msoobe = "C:\\Users\\Admin\\RuntimeProc\\Runtime Broker.exe" | C:\Users\Admin\AppData\Local\Temp\source.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-2037190880-819243489-950462038-1000\desktop.ini | C:\Windows\explorer.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\Recovery | N/A | N/A |
| File opened for modification | C:\Windows\system32\Recovery\ReAgent.xml | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\ReAgent\ReAgent.log | N/A | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | N/A | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | N/A | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\Colors | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\Colors | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\Colors | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\Colors | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "934" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "934" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "901" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\system32\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "934" | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "901" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133455797585322918" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133455797585322918" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "934" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\RuntimeProc\Runtime Broker.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\source.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\RuntimeProc\Runtime Broker.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\source.exe
"C:\Users\Admin\AppData\Local\Temp\source.exe"
C:\Users\Admin\AppData\Local\Temp\source.exe
"C:\Users\Admin\AppData\Local\Temp\source.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x4fc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\RuntimeProc\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\RuntimeProc\activate.bat
C:\Windows\system32\attrib.exe
attrib +s +h .
C:\Users\Admin\RuntimeProc\Runtime Broker.exe
"Runtime Broker.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "source.exe"
C:\Users\Admin\RuntimeProc\Runtime Broker.exe
"Runtime Broker.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\RuntimeProc\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\tree.txt"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del rec_\29.11.2023_18.13.wav"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start "" "C:/Users/Admin/RuntimeProc/jumpscare.mp4""
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\RuntimeProc\jumpscare.mp4"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del ss.png"
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -version
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -encoders
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -f lavfi -i nullsrc=s=256x256:d=8 -vcodec libx264 -f null -
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -y -f rawvideo -vcodec rawvideo -s 1280x720 -pix_fmt rgb24 -r 30.00 -i - -an -vcodec libx264 -pix_fmt yuv420p -crf 10 -v warning C:\Users\Admin\RuntimeProc\recording.mp4
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\recording.mp4"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del rec_\29.11.2023_18.15.wav"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\cookies.txt"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del history.txt"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\cookies.txt"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del rec_\29.11.2023_18.17.wav"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc719b46f8,0x7ffc719b4708,0x7ffc719b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9403148701539848973,11721973970754420272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc719b46f8,0x7ffc719b4708,0x7ffc719b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del rec_\29.11.2023_18.19.wav"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill edge.exe"
C:\Windows\system32\taskkill.exe
taskkill edge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\ss.png"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Windows\explorer.exe
explorer.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -y -f rawvideo -vcodec rawvideo -s 1280x720 -pix_fmt rgb24 -r 30.00 -i - -an -vcodec libx264 -pix_fmt yuv420p -crf 10 -v warning C:\Users\Admin\RuntimeProc\recording.mp4
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ipconfig"
C:\Windows\system32\ipconfig.exe
ipconfig
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\recording.mp4"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del rec_\29.11.2023_18.21.wav"
C:\Windows\SYSTEM32\reagentc.exe
reagentc.exe /disable
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI19802\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -y -f rawvideo -vcodec rawvideo -s 1280x720 -pix_fmt rgb24 -r 30.00 -i - -an -vcodec libx264 -pix_fmt yuv420p -crf 10 -v warning C:\Users\Admin\RuntimeProc\recording.mp4
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\wabbit.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeProc\recording.mp4"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=5624 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10091051665561622320,13390797228872649201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5528 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| N/A | 127.0.0.1:54955 | tcp | |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.177.238.8.in-addr.arpa | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | gateway-us-east1-b.discord.gg | udp |
| US | 162.159.136.234:443 | gateway-us-east1-b.discord.gg | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | pornhub.com | udp |
| US | 66.254.114.41:80 | pornhub.com | tcp |
| US | 66.254.114.41:80 | pornhub.com | tcp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| NL | 64.210.135.115:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.115:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.119:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.119:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.119:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.119:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.119:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.119:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | es.phncdn.com | udp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | di.phncdn.com | udp |
| US | 8.8.8.8:53 | hubt.pornhub.com | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 216.18.168.30:443 | hubt.pornhub.com | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| NL | 64.210.135.117:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| NL | 64.210.135.117:443 | media.trafficjunky.net | tcp |
| NL | 64.210.135.118:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ads.trafficjunky.net | udp |
| US | 8.8.8.8:53 | ads2.contentabc.com | udp |
| NL | 64.210.135.112:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | m1.nsimg.net | udp |
| US | 104.16.124.175:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | m2.nsimg.net | udp |
| US | 8.8.8.8:53 | vz-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | vz-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | 115.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.168.18.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.135.210.64.in-addr.arpa | udp |
| NL | 64.210.135.115:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 175.124.16.104.in-addr.arpa | udp |
| NL | 64.210.135.119:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | adktrk.com | udp |
| US | 66.254.114.38:443 | ads.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 34.160.198.209:443 | adktrk.com | tcp |
| NL | 64.210.135.151:443 | hw-cdn2.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ht-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | adiktive.b-cdn.net | udp |
| NL | 64.210.135.146:443 | hw-cdn2.trafficjunky.net | tcp |
| US | 169.150.236.99:443 | adiktive.b-cdn.net | tcp |
| US | 8.8.8.8:53 | 38.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.198.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.236.150.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| DE | 172.217.23.219:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 219.23.217.172.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | www.hackertyper.com | udp |
| US | 188.114.96.0:443 | www.hackertyper.com | tcp |
| US | 188.114.96.0:443 | www.hackertyper.com | tcp |
| US | 8.8.8.8:53 | hackertyper.com | udp |
| US | 8.8.8.8:53 | 0.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.getclicky.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 188.114.96.0:443 | hackertyper.com | udp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| US | 104.17.97.108:443 | static.getclicky.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 2.19.194.250:80 | apps.identrust.com | tcp |
| NL | 2.19.194.250:80 | apps.identrust.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 188.114.96.0:443 | hackertyper.com | udp |
| US | 8.8.8.8:53 | 59.214.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.194.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.97.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | js.sparkloop.app | udp |
| US | 8.8.8.8:53 | onesignal.com | udp |
| US | 172.67.71.3:443 | js.sparkloop.app | tcp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | udp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | script.sparkloop.app | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 18.239.50.110:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | 3.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.136:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | in.getclicky.com | udp |
| US | 8.8.8.8:53 | 136.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dash.sparkloop.app | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 104.17.98.108:443 | in.getclicky.com | udp |
| US | 8.8.8.8:53 | 108.98.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pornhub.com | udp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | di.phncdn.com | udp |
| US | 8.8.8.8:53 | es.phncdn.com | udp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | hubt.pornhub.com | udp |
| NL | 64.210.135.114:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| NL | 64.210.135.112:443 | ss.phncdn.com | tcp |
| NL | 64.210.135.115:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | ads.trafficjunky.net | udp |
| US | 8.8.8.8:53 | ads2.contentabc.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| US | 104.16.122.175:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | m1.nsimg.net | udp |
| NL | 64.210.135.119:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | m2.nsimg.net | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | vz-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| US | 8.8.8.8:53 | vz-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | 114.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.122.16.104.in-addr.arpa | udp |
| NL | 64.210.135.115:443 | ht-cdn.trafficjunky.net | tcp |
| NL | 64.210.135.112:443 | ht-cdn.trafficjunky.net | tcp |
| US | 66.254.114.38:443 | ads.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ht-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | in.getclicky.com | udp |
| US | 104.17.98.108:443 | in.getclicky.com | udp |
| NL | 64.210.135.112:443 | ht-cdn2.trafficjunky.net | tcp |
| NL | 64.210.135.115:443 | ht-cdn2.trafficjunky.net | tcp |
| NL | 64.210.135.114:443 | ht-cdn2.trafficjunky.net | tcp |
| NL | 64.210.135.115:443 | ht-cdn2.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | vz-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | vz-cdn2.trafficjunky.net | udp |
| US | 66.254.114.171:443 | ads2.contentabc.com | tcp |
| NL | 64.210.135.148:443 | hw-cdn2.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.135.210.64.in-addr.arpa | udp |
| NL | 64.210.135.117:443 | ht-cdn2.adtng.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 104.17.98.108:443 | in.getclicky.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | rotterdam7172.discord.media | udp |
| US | 162.159.128.235:443 | rotterdam7172.discord.media | tcp |
| NL | 66.22.197.99:50013 | udp | |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 235.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.197.22.66.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 104.17.98.108:443 | in.getclicky.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.20:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI6802\python311.dll
| MD5 | 5792adeab1e4414e0129ce7a228eb8b8 |
| SHA1 | e9f022e687b6d88d20ee96d9509f82e916b9ee8c |
| SHA256 | 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967 |
| SHA512 | c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
memory/2888-1262-0x00007FFC830B0000-0x00007FFC83699000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI6802\python311.dll
| MD5 | 5792adeab1e4414e0129ce7a228eb8b8 |
| SHA1 | e9f022e687b6d88d20ee96d9509f82e916b9ee8c |
| SHA256 | 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967 |
| SHA512 | c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\python3.DLL
| MD5 | b711598fc3ed0fe4cf2c7f3e0877979e |
| SHA1 | 299c799e5d697834aa2447d8a313588ab5c5e433 |
| SHA256 | 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a |
| SHA512 | b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\python3.dll
| MD5 | b711598fc3ed0fe4cf2c7f3e0877979e |
| SHA1 | 299c799e5d697834aa2447d8a313588ab5c5e433 |
| SHA256 | 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a |
| SHA512 | b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\python3.dll
| MD5 | b711598fc3ed0fe4cf2c7f3e0877979e |
| SHA1 | 299c799e5d697834aa2447d8a313588ab5c5e433 |
| SHA256 | 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a |
| SHA512 | b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_ctypes.pyd
| MD5 | 1adfe4d0f4d68c9c539489b89717984d |
| SHA1 | 8ae31b831b3160f5b88dda58ad3959c7423f8eb2 |
| SHA256 | 64e8fd952ccf5b8adca80ce8c7bc6c96ec7df381789256fe8d326f111f02e95c |
| SHA512 | b403cc46e0874a75e3c0819784244ed6557eae19b0d76ffd86f56b3739db10ea8deec3dc1ca9e94c101263d0ccf506978443085a70c3ab0816885046b5ef5117 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\base_library.zip
| MD5 | 2f6d57bccf7f7735acb884a980410f6a |
| SHA1 | 93a6926887a08dc09cd92864cd82b2bec7b24ec5 |
| SHA256 | 1b7d326bad406e96a4c83b5a49714819467e3174ed0a74f81c9ebd96d1dd40b3 |
| SHA512 | 95bcfc66dbe7b6ad324bd2dc2258a3366a3594bfc50118ab37a2a204906109e42192fb10a91172b340cc28c12640513db268c854947fb9ed8426f214ff8889b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_ctypes.pyd
| MD5 | 1adfe4d0f4d68c9c539489b89717984d |
| SHA1 | 8ae31b831b3160f5b88dda58ad3959c7423f8eb2 |
| SHA256 | 64e8fd952ccf5b8adca80ce8c7bc6c96ec7df381789256fe8d326f111f02e95c |
| SHA512 | b403cc46e0874a75e3c0819784244ed6557eae19b0d76ffd86f56b3739db10ea8deec3dc1ca9e94c101263d0ccf506978443085a70c3ab0816885046b5ef5117 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libffi-8.dll
| MD5 | 08b000c3d990bc018fcb91a1e175e06e |
| SHA1 | bd0ce09bb3414d11c91316113c2becfff0862d0d |
| SHA256 | 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece |
| SHA512 | 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_bz2.pyd
| MD5 | 2d461b41f6e9a305dde68e9c59e4110a |
| SHA1 | 97c2266f47a651e37a72c153116d81d93c7556e8 |
| SHA256 | abbe3933a34a9653a757244e8e55b0d7d3a108527a3e9e8a7f2013b5f2a9eff4 |
| SHA512 | eef132df6e52eb783bad3e6af0d57cb48cda2eb0edb6e282753b02d21970c1eea6bab03c835ff9f28f2d3e25f5e9e18f176a8c5680522c09da358a1c48cf14c8 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libcrypto-1_1.dll
| MD5 | dffcab08f94e627de159e5b27326d2fc |
| SHA1 | ab8954e9ae94ae76067e5a0b1df074bccc7c3b68 |
| SHA256 | 135b115e77479eedd908d7a782e004ece6dd900bb1ca05cc1260d5dd6273ef15 |
| SHA512 | 57e175a5883edb781cdb2286167d027fdb4b762f41fb1fc9bd26b5544096a9c5dda7bccbb6795dcc37ed5d8d03dc0a406bf1a59adb3aeb41714f1a7c8901a17d |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_hashlib.pyd
| MD5 | f10d896ed25751ead72d8b03e404ea36 |
| SHA1 | eb8e0fd6e2356f76b5ea0cb72ab37399ec9d8ecb |
| SHA256 | 3660b985ca47ca1bba07db01458b3153e4e692ee57a8b23ce22f1a5ca18707c3 |
| SHA512 | 7f234e0d197ba48396fabd1fccc2f19e5d4ad922a2b3fe62920cd485e5065b66813b4b2a2477d2f7f911004e1bc6e5a6ec5e873d8ff81e642fee9e77b428fb42 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_uuid.pyd
| MD5 | 46e9d7b5d9668c9db5caa48782ca71ba |
| SHA1 | 6bbc83a542053991b57f431dd377940418848131 |
| SHA256 | f6063622c0a0a34468679413d1b18d1f3be67e747696ab972361faed4b8d6735 |
| SHA512 | c5b171ebdb51b1755281c3180b30e88796db8aa96073489613dab96b6959a205846711187266a0ba30782102ce14fbfa4d9f413a2c018494597600482329ebf7 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libssl-1_1.dll
| MD5 | 8e8a145e122a593af7d6cde06d2bb89f |
| SHA1 | b0e7d78bb78108d407239e9f1b376e0c8c295175 |
| SHA256 | a6a14c1beccbd4128763e78c3ec588f747640297ffb3cc5604a9728e8ef246b1 |
| SHA512 | d104d81aca91c067f2d69fd8cec3f974d23fb5372a8f2752ad64391da3dbf5ffe36e2645a18a9a74b70b25462d73d9ea084318846b7646d39ce1d3e65a1c47c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | 139e752804a38934d26aaa8004717d04 |
| SHA1 | 0497671e1ae3481c05eec2ef0877539db853a536 |
| SHA256 | 07e4ab01b93792ea0beff08f4f6e41b2404186602774b2756854022f170a64ac |
| SHA512 | 8d62d854568decc39400dd2e4bb63999da25bf19bfc173086cfb92709a35d71a40c8a3a02dcd8f97af74d467b5d049ac26edd5a9710c58c879daecd411173347 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | 347c9de8147ee24d980ca5f0da25ca1c |
| SHA1 | e19c268579521d20ecfdf07179ee8aa2b4f4e936 |
| SHA256 | b6c3e565d152392aa2f1ea5a73952ae2a2b80e7d337759fce0ab32cd03c44287 |
| SHA512 | 977a6e6e374e46b8bf699f285496dbb9777c8488bb16d61c0d46002ae4fcf5b2f9cd8cd8fa0e35ca442c43c9c286250edc10ef6eb1d2ef56578bcaac580f9fbb |
memory/2888-1327-0x00007FFC94620000-0x00007FFC9462D000-memory.dmp
memory/2888-1328-0x00007FFC93C60000-0x00007FFC93C8E000-memory.dmp
memory/2888-1329-0x00007FFC89880000-0x00007FFC89938000-memory.dmp
memory/2888-1330-0x00007FFC93C10000-0x00007FFC93C1D000-memory.dmp
memory/2888-1332-0x00007FFC93BD0000-0x00007FFC93BF6000-memory.dmp
memory/2888-1331-0x00007FFC93C00000-0x00007FFC93C0B000-memory.dmp
memory/2888-1326-0x00007FFC83CF0000-0x00007FFC84068000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI6802\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | 347c9de8147ee24d980ca5f0da25ca1c |
| SHA1 | e19c268579521d20ecfdf07179ee8aa2b4f4e936 |
| SHA256 | b6c3e565d152392aa2f1ea5a73952ae2a2b80e7d337759fce0ab32cd03c44287 |
| SHA512 | 977a6e6e374e46b8bf699f285496dbb9777c8488bb16d61c0d46002ae4fcf5b2f9cd8cd8fa0e35ca442c43c9c286250edc10ef6eb1d2ef56578bcaac580f9fbb |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_queue.pyd
| MD5 | decdabaca104520549b0f66c136a9dc1 |
| SHA1 | 423e6f3100013e5a2c97e65e94834b1b18770a87 |
| SHA256 | 9d4880f7d0129b1de95becd8ea8bbbf0c044d63e87764d18f9ec00d382e43f84 |
| SHA512 | d89ee3779bf7d446514fc712dafb3ebc09069e4f665529a7a1af6494f8955ceb040bef7d18f017bcc3b6fe7addeab104535655971be6eed38d0fc09ec2c37d88 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_ssl.pyd
| MD5 | 2089768e25606262921e4424a590ff05 |
| SHA1 | bc94a8ff462547ab48c2fbf705673a1552545b76 |
| SHA256 | 3e6e9fc56e1a9fe5edb39ee03e5d47fa0e3f6adb17be1f087dc6f891d3b0bbca |
| SHA512 | 371aa8e5c722307fff65e00968b14280ee5046cfcf4a1d9522450688d75a3b0362f2c9ec0ec117b2fc566664f2f52a1b47fe62f28466488163f9f0f1ce367f86 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\select.pyd
| MD5 | 90fea71c9828751e36c00168b9ba4b2b |
| SHA1 | 15b506df7d02612e3ba49f816757ad0c141e9dc1 |
| SHA256 | 5bbbb4f0b4f9e5329ba1d518d6e8144b1f7d83e2d7eaf6c50eef6a304d78f37d |
| SHA512 | e424be422bf0ef06e7f9ff21e844a84212bfa08d7f9fbd4490cbbcb6493cc38cc1223aaf8b7c9cd637323b81ee93600d107cc1c982a2288eb2a0f80e2ad1f3c5 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_socket.pyd
| MD5 | bcc3e26a18d59d76fd6cf7cd64e9e14d |
| SHA1 | b85e4e7d300dbeec942cb44e4a38f2c6314d3166 |
| SHA256 | 4e19f29266a3d6c127e5e8de01d2c9b68bc55075dd3d6aabe22cf0de4b946a98 |
| SHA512 | 65026247806feab6e1e5bf2b29a439bdc1543977c1457f6d3ddfbb7684e04f11aba10d58cc5e7ea0c2f07c8eb3c9b1c8a3668d7854a9a6e4340e6d3e43543b74 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_tkinter.pyd
| MD5 | bd62e34283812da3487154594296db60 |
| SHA1 | 3664b4425cbdc5a49d7bb13bd09c9aae89058152 |
| SHA256 | 7932a64e347ca9d6099cbb764958610a37e652c709d792a1348e2f56c6b20dbd |
| SHA512 | 62ebb04660a5a51796ee1b69f1118ae1b9deb8f01e73c840eb3ab01c7fad45c48fd0edd7285d041fa6df94ac6b3d728b6799d2d1f7bb266cb0bcdc793444735f |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_ssl.pyd
| MD5 | 2089768e25606262921e4424a590ff05 |
| SHA1 | bc94a8ff462547ab48c2fbf705673a1552545b76 |
| SHA256 | 3e6e9fc56e1a9fe5edb39ee03e5d47fa0e3f6adb17be1f087dc6f891d3b0bbca |
| SHA512 | 371aa8e5c722307fff65e00968b14280ee5046cfcf4a1d9522450688d75a3b0362f2c9ec0ec117b2fc566664f2f52a1b47fe62f28466488163f9f0f1ce367f86 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_sqlite3.pyd
| MD5 | eb6313b94292c827a5758eea82d018d9 |
| SHA1 | 7070f715d088c669eda130d0f15e4e4e9c4b7961 |
| SHA256 | 6b41dfd7d6ac12afe523d74a68f8bd984a75e438dcf2daa23a1f934ca02e89da |
| SHA512 | 23bfc3abf71b04ccffc51cedf301fadb038c458c06d14592bf1198b61758810636d9bbac9e4188e72927b49cb490aeafa313a04e3460c3fb4f22bdddf112ae56 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_socket.pyd
| MD5 | bcc3e26a18d59d76fd6cf7cd64e9e14d |
| SHA1 | b85e4e7d300dbeec942cb44e4a38f2c6314d3166 |
| SHA256 | 4e19f29266a3d6c127e5e8de01d2c9b68bc55075dd3d6aabe22cf0de4b946a98 |
| SHA512 | 65026247806feab6e1e5bf2b29a439bdc1543977c1457f6d3ddfbb7684e04f11aba10d58cc5e7ea0c2f07c8eb3c9b1c8a3668d7854a9a6e4340e6d3e43543b74 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_queue.pyd
| MD5 | decdabaca104520549b0f66c136a9dc1 |
| SHA1 | 423e6f3100013e5a2c97e65e94834b1b18770a87 |
| SHA256 | 9d4880f7d0129b1de95becd8ea8bbbf0c044d63e87764d18f9ec00d382e43f84 |
| SHA512 | d89ee3779bf7d446514fc712dafb3ebc09069e4f665529a7a1af6494f8955ceb040bef7d18f017bcc3b6fe7addeab104535655971be6eed38d0fc09ec2c37d88 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_overlapped.pyd
| MD5 | 6344223b2c04b31fc69b988f76ad0fee |
| SHA1 | 7012f4f8bcf181e1a7e30203fbcdec0c0afb5c9c |
| SHA256 | 5adfbf048f45eb734974fdc6416e96f7904736f033648d0190bef3422b676df5 |
| SHA512 | 378dc5e900433b5412a035fc52be50285d10fbb2d3b3c488cae15cf1f84fcf7f2e082ec4bf14370b4c6cb8aefc6a64a625fff902b519c78b58bf68268ae444a9 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_multiprocessing.pyd
| MD5 | 75bca8d4f1e829385e25abc39d8fc437 |
| SHA1 | 0f289665b36aabc6f6f21b284f7d89ec320f56d3 |
| SHA256 | d0d4bbe992ef1e60af922926d1446a908c51cbf089b53b2c27166c90be7cd08c |
| SHA512 | bb0881a3bd765850a322f0fa4fc3014feafb081f17bb4cab705dccf77d7f2fc30fd200e5d6499041adfae5f2a0307804b69953086426f1c4e4eced2f5a979804 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_hashlib.pyd
| MD5 | f10d896ed25751ead72d8b03e404ea36 |
| SHA1 | eb8e0fd6e2356f76b5ea0cb72ab37399ec9d8ecb |
| SHA256 | 3660b985ca47ca1bba07db01458b3153e4e692ee57a8b23ce22f1a5ca18707c3 |
| SHA512 | 7f234e0d197ba48396fabd1fccc2f19e5d4ad922a2b3fe62920cd485e5065b66813b4b2a2477d2f7f911004e1bc6e5a6ec5e873d8ff81e642fee9e77b428fb42 |
memory/2888-1333-0x00007FFC842B0000-0x00007FFC843CC000-memory.dmp
memory/2888-1334-0x00007FFC93A90000-0x00007FFC93AC8000-memory.dmp
memory/2888-1335-0x00007FFC93BC0000-0x00007FFC93BCB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_elementtree.pyd
| MD5 | d64c52f740ac6f158a59736563b64c38 |
| SHA1 | f8cf372283b2599c894fa4d836f8d7700abbd5ed |
| SHA256 | 232933953bf1cdb575231c8f57cf7d9d00bd2179feb938ae34962f2c371bd0fa |
| SHA512 | 43879cba03c58935794c64dbfb0f4b2ed9e1b492ee75edd2720ee18c2089f1325dc01e3f8ee43e02fd7c8d2e923f10d0ee76d9a1edc9f946ebac1ea8b23a887a |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_decimal.pyd
| MD5 | a8952538e090e2ff0efb0ba3c890cd04 |
| SHA1 | cdc8bd05a3178a95416e1c15b6c875ee026274df |
| SHA256 | c4e8740c5dbbd2741fc4124908da4b65fa9c3e17d9c9bf3f634710202e0c7009 |
| SHA512 | 5c16f595f17bedaa9c1fdd14c724bbb404ed59421c63f6fbd3bfd54ce8d6f550147d419ec0430d008c91b01b0c42934c2a08dae844c308feec077da713ac842e |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_cffi_backend.cp311-win_amd64.pyd
| MD5 | cdc182dc9761dbad548061af8ed0bacb |
| SHA1 | 646c648471552ab5abb49ed07d0bdc9e88a26d75 |
| SHA256 | 213a68dface36e70bfc33d9b5932f01aab69010d50397f909b6721bfa42bf9dd |
| SHA512 | 968f518dbc5dd60c56e71cf7ca0331e1ebdab3c4ebb7614a2a8cbdee8d1e143e5103e37ec7fbb9d710bd0eca3cbda018564cfc08450178cf448086b1b5b86c1e |
memory/2888-1336-0x00007FFC93BB0000-0x00007FFC93BBB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_asyncio.pyd
| MD5 | 45f8a7ec700c08b35cd2e7a3ef8b4580 |
| SHA1 | 87ffe8dcabec09de34b60f71c9cfdc998fc6c152 |
| SHA256 | 6517366fa68c1c970e458132842b26e48db3c931f043142f84c3785b5373c236 |
| SHA512 | 474a1ec014d05ab1cf151b48ab3dbf361151614345878c2463f401b18621329aece959280db5e67c48bb48617b57f36760dde35f71470dd5ab9f48fb6155c870 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\zlib1.dll
| MD5 | ee06185c239216ad4c70f74e7c011aa6 |
| SHA1 | 40e66b92ff38c9b1216511d5b1119fe9da6c2703 |
| SHA256 | 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466 |
| SHA512 | baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\VCRUNTIME140_1.dll
| MD5 | 7e668ab8a78bd0118b94978d154c85bc |
| SHA1 | dbac42a02a8d50639805174afd21d45f3c56e3a0 |
| SHA256 | e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f |
| SHA512 | 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\unicodedata.pyd
| MD5 | c2556dc74aea61b0bd9bd15e9cd7b0d6 |
| SHA1 | 05eff76e393bfb77958614ff08229b6b770a1750 |
| SHA256 | 987a6d21ce961afeaaa40ba69859d4dd80d20b77c4ca6d2b928305a873d6796d |
| SHA512 | f29841f262934c810dd1062151aefac78cd6a42d959a8b9ac832455c646645c07fd9220866b262de1bc501e1a9570591c0050d5d3607f1683437dea1ff04c32b |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\tk86t.dll
| MD5 | 7d85f7480f2d8389f562723090be1370 |
| SHA1 | edfa05dc669a8486977e983173ec61cc5097bbb0 |
| SHA256 | aaeda7b65e1e33c74a807109360435a6b63a2994243c437e0cdaa69d2b8c6ac5 |
| SHA512 | a886475aeea6c4003dd35e518a0833574742b62cdbbbe5b098a5c0f74e89795ebddac31c4107dae6edee8fc476addaa34253af560d33bed8b9df9192c3e7f084 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\tcl86t.dll
| MD5 | 755bec8838059147b46f8e297d05fba2 |
| SHA1 | 9ff0665cddcf1eb7ff8de015b10cc9fcceb49753 |
| SHA256 | 744a13c384e136f373f9dc7f7c2eb2536591ec89304e3fa064cac0f0bf135130 |
| SHA512 | e61dc700975d28b2257da99b81d135aa7d284c6084877fe81b3cc7b42ac180728f79f4c1663e375680a26f5194ab641c4a40e09f8dbdeb99e1dfa1a57d6f9b34 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\sqlite3.dll
| MD5 | 395332e795cb6abaca7d0126d6c1f215 |
| SHA1 | b845bd8864cd35dcb61f6db3710acc2659ed9f18 |
| SHA256 | 8e8870dac8c96217feff4fa8af7c687470fbccd093d97121bc1eac533f47316c |
| SHA512 | 8bc8c8c5f10127289dedb012b636bc3959acb5c15638e7ed92dacdc8d8dba87a8d994aaffc88bc7dc89ccfeef359e3e79980dfa293a9acae0dc00181096a0d66 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\select.pyd
| MD5 | 90fea71c9828751e36c00168b9ba4b2b |
| SHA1 | 15b506df7d02612e3ba49f816757ad0c141e9dc1 |
| SHA256 | 5bbbb4f0b4f9e5329ba1d518d6e8144b1f7d83e2d7eaf6c50eef6a304d78f37d |
| SHA512 | e424be422bf0ef06e7f9ff21e844a84212bfa08d7f9fbd4490cbbcb6493cc38cc1223aaf8b7c9cd637323b81ee93600d107cc1c982a2288eb2a0f80e2ad1f3c5 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\SDL2_ttf.dll
| MD5 | eb0ce62f775f8bd6209bde245a8d0b93 |
| SHA1 | 5a5d039e0c2a9d763bb65082e09f64c8f3696a71 |
| SHA256 | 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a |
| SHA512 | 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\SDL2_mixer.dll
| MD5 | b7b45f61e3bb00ccd4ca92b2a003e3a3 |
| SHA1 | 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc |
| SHA256 | 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095 |
| SHA512 | d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\SDL2_image.dll
| MD5 | 25e2a737dcda9b99666da75e945227ea |
| SHA1 | d38e086a6a0bacbce095db79411c50739f3acea4 |
| SHA256 | 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c |
| SHA512 | 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\SDL2.dll
| MD5 | 2b13a3f2fc8f9cdb3161374c4bc85f86 |
| SHA1 | 9039a90804dba7d6abb2bcf3068647ba8cab8901 |
| SHA256 | 110567f1e5008c6d453732083b568b6a8d8da8077b9cb859f57b550fd3b05fb6 |
| SHA512 | 2ee8e35624cb8d78baefafd6878c862b510200974bef265a9856e399578610362c7c46121a9f44d7ece6715e68475db6513e96bea3e26cdccbd333b0e14ccfd8 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\pyexpat.pyd
| MD5 | f2d02bd2c933f5bd1f9f3d55c57a7417 |
| SHA1 | 40ce29a427bfd980bb8d7b95d75964e12a3cdf7f |
| SHA256 | c0a7b8d4458a7b3652e8e139285fc3743f5bbf5812ab744a3aa1d1aeab009959 |
| SHA512 | 4d18fb9b74ffcb9dd3d3cb61d6495fa5a75549cffbd8cbe3031fd6215fafe11e05a57b3bad07bc58c80321e1c443f1491ef65c4c65340c1ba7d7529c366939b6 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\portmidi.dll
| MD5 | 0df0699727e9d2179f7fd85a61c58bdf |
| SHA1 | 82397ee85472c355725955257c0da207fa19bf59 |
| SHA256 | 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61 |
| SHA512 | 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd |
memory/2888-1337-0x00007FFC93A80000-0x00007FFC93A8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libwebp-7.dll
| MD5 | b0dd211ec05b441767ea7f65a6f87235 |
| SHA1 | 280f45a676c40bd85ed5541ceb4bafc94d7895f3 |
| SHA256 | fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e |
| SHA512 | eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff |
memory/2888-1338-0x00007FFC93A70000-0x00007FFC93A7B000-memory.dmp
memory/2888-1339-0x00007FFC93240000-0x00007FFC9324C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libtiff-5.dll
| MD5 | ebad1fa14342d14a6b30e01ebc6d23c1 |
| SHA1 | 9c4718e98e90f176c57648fa4ed5476f438b80a7 |
| SHA256 | 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca |
| SHA512 | 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libssl-1_1.dll
| MD5 | 8e8a145e122a593af7d6cde06d2bb89f |
| SHA1 | b0e7d78bb78108d407239e9f1b376e0c8c295175 |
| SHA256 | a6a14c1beccbd4128763e78c3ec588f747640297ffb3cc5604a9728e8ef246b1 |
| SHA512 | d104d81aca91c067f2d69fd8cec3f974d23fb5372a8f2752ad64391da3dbf5ffe36e2645a18a9a74b70b25462d73d9ea084318846b7646d39ce1d3e65a1c47c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libpng16-16.dll
| MD5 | 55009dd953f500022c102cfb3f6a8a6c |
| SHA1 | 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb |
| SHA256 | 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2 |
| SHA512 | 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libopusfile-0.dll
| MD5 | 2d5274bea7ef82f6158716d392b1be52 |
| SHA1 | ce2ff6e211450352eec7417a195b74fbd736eb24 |
| SHA256 | 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5 |
| SHA512 | 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libopus-0.x64.dll
| MD5 | e56f1b8c782d39fd19b5c9ade735b51b |
| SHA1 | 3d1dc7e70a655ba9058958a17efabe76953a00b4 |
| SHA256 | fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732 |
| SHA512 | b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libopus-0.dll
| MD5 | 3fb9d9e8daa2326aad43a5fc5ddab689 |
| SHA1 | 55523c665414233863356d14452146a760747165 |
| SHA256 | fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491 |
| SHA512 | f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libogg-0.dll
| MD5 | 0d65168162287df89af79bb9be79f65b |
| SHA1 | 3e5af700b8c3e1a558105284ecd21b73b765a6dc |
| SHA256 | 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24 |
| SHA512 | 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libmodplug-1.dll
| MD5 | 2bb2e7fa60884113f23dcb4fd266c4a6 |
| SHA1 | 36bbd1e8f7ee1747c7007a3c297d429500183d73 |
| SHA256 | 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b |
| SHA512 | 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libjpeg-9.dll
| MD5 | c22b781bb21bffbea478b76ad6ed1a28 |
| SHA1 | 66cc6495ba5e531b0fe22731875250c720262db1 |
| SHA256 | 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd |
| SHA512 | 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4 |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libcrypto-1_1.dll
| MD5 | dffcab08f94e627de159e5b27326d2fc |
| SHA1 | ab8954e9ae94ae76067e5a0b1df074bccc7c3b68 |
| SHA256 | 135b115e77479eedd908d7a782e004ece6dd900bb1ca05cc1260d5dd6273ef15 |
| SHA512 | 57e175a5883edb781cdb2286167d027fdb4b762f41fb1fc9bd26b5544096a9c5dda7bccbb6795dcc37ed5d8d03dc0a406bf1a59adb3aeb41714f1a7c8901a17d |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\freetype.dll
| MD5 | 04a9825dc286549ee3fa29e2b06ca944 |
| SHA1 | 5bed779bf591752bb7aa9428189ec7f3c1137461 |
| SHA256 | 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde |
| SHA512 | 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec |
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_lzma.pyd
| MD5 | 3798175fd77eded46a8af6b03c5e5f6d |
| SHA1 | f637eaf42080dcc620642400571473a3fdf9174f |
| SHA256 | 3c9d5a9433b22538fc64141cd3784800c567c18e4379003329cf69a1d59b2a41 |
| SHA512 | 1f7351c9e905265625d725551d8ea1de5d9999bc333d29e6510a5bca4e4d7c1472b2a637e892a485a7437ea4768329e5365b209dd39d7c1995fe3317dc5aecdf |
memory/2888-1274-0x00007FFC985D0000-0x00007FFC985DF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_bz2.pyd
| MD5 | 2d461b41f6e9a305dde68e9c59e4110a |
| SHA1 | 97c2266f47a651e37a72c153116d81d93c7556e8 |
| SHA256 | abbe3933a34a9653a757244e8e55b0d7d3a108527a3e9e8a7f2013b5f2a9eff4 |
| SHA512 | eef132df6e52eb783bad3e6af0d57cb48cda2eb0edb6e282753b02d21970c1eea6bab03c835ff9f28f2d3e25f5e9e18f176a8c5680522c09da358a1c48cf14c8 |
memory/2888-1317-0x00007FFC93CB0000-0x00007FFC93CC4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI6802\_lzma.pyd
| MD5 | 3798175fd77eded46a8af6b03c5e5f6d |
| SHA1 | f637eaf42080dcc620642400571473a3fdf9174f |
| SHA256 | 3c9d5a9433b22538fc64141cd3784800c567c18e4379003329cf69a1d59b2a41 |
| SHA512 | 1f7351c9e905265625d725551d8ea1de5d9999bc333d29e6510a5bca4e4d7c1472b2a637e892a485a7437ea4768329e5365b209dd39d7c1995fe3317dc5aecdf |
memory/2888-1271-0x00007FFC94720000-0x00007FFC94743000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI6802\libffi-8.dll
| MD5 | 08b000c3d990bc018fcb91a1e175e06e |
| SHA1 | bd0ce09bb3414d11c91316113c2becfff0862d0d |
| SHA256 | 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece |
| SHA512 | 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf |
memory/2888-1345-0x00007FFC8EB80000-0x00007FFC8EB8C000-memory.dmp
memory/2888-1344-0x00007FFC8EB90000-0x00007FFC8EB9C000-memory.dmp
memory/2888-1343-0x00007FFC92D60000-0x00007FFC92D6E000-memory.dmp
memory/2888-1342-0x00007FFC92F80000-0x00007FFC92F8D000-memory.dmp
memory/2888-1341-0x00007FFC92FA0000-0x00007FFC92FAC000-memory.dmp
memory/2888-1340-0x00007FFC93210000-0x00007FFC9321B000-memory.dmp
memory/2888-1346-0x00007FFC8EB70000-0x00007FFC8EB7B000-memory.dmp
memory/2888-1347-0x00007FFC8EB60000-0x00007FFC8EB6B000-memory.dmp
memory/2888-1348-0x00007FFC8C4D0000-0x00007FFC8C4DC000-memory.dmp
memory/2888-1349-0x00007FFC8A360000-0x00007FFC8A36C000-memory.dmp
memory/2888-1350-0x00007FFC8A350000-0x00007FFC8A35D000-memory.dmp
memory/2888-1351-0x00007FFC89DF0000-0x00007FFC89E02000-memory.dmp
memory/2888-1352-0x00007FFC89DE0000-0x00007FFC89DEC000-memory.dmp
memory/2888-1353-0x00007FFC89DC0000-0x00007FFC89DD5000-memory.dmp
memory/2888-1354-0x00007FFC89DA0000-0x00007FFC89DB2000-memory.dmp
memory/2888-1355-0x00007FFC89860000-0x00007FFC89874000-memory.dmp
memory/2888-1356-0x00007FFC846E0000-0x00007FFC8472A000-memory.dmp
memory/2888-1357-0x00007FFC846C0000-0x00007FFC846D1000-memory.dmp
memory/2888-1359-0x00007FFC83CC0000-0x00007FFC83CEE000-memory.dmp
memory/2888-1358-0x00007FFC846A0000-0x00007FFC846BC000-memory.dmp
memory/2888-1360-0x00007FFC93F00000-0x00007FFC93F19000-memory.dmp
memory/2888-1361-0x00007FFC93E30000-0x00007FFC93E5D000-memory.dmp
memory/2888-1362-0x00007FFC93C90000-0x00007FFC93CA9000-memory.dmp
memory/2888-1364-0x00007FFC89840000-0x00007FFC89857000-memory.dmp
memory/2888-1363-0x00007FFC84750000-0x00007FFC84772000-memory.dmp
memory/2888-1366-0x00007FFC841D0000-0x00007FFC8422D000-memory.dmp
memory/2888-1365-0x00007FFC84730000-0x00007FFC84749000-memory.dmp
memory/2888-1368-0x00007FFC83C90000-0x00007FFC83CB3000-memory.dmp
memory/2888-1367-0x00007FFC841A0000-0x00007FFC841C9000-memory.dmp
memory/2888-1369-0x00007FFC83B10000-0x00007FFC83C87000-memory.dmp
memory/2888-1370-0x00007FFC84290000-0x00007FFC842A8000-memory.dmp
memory/2888-1371-0x00007FFC84100000-0x00007FFC8410B000-memory.dmp
memory/2888-1372-0x00007FFC83B00000-0x00007FFC83B0C000-memory.dmp
memory/2888-1375-0x00007FFC83AF0000-0x00007FFC83AFB000-memory.dmp
memory/2888-1376-0x00007FFC83AD0000-0x00007FFC83ADB000-memory.dmp
memory/2888-1379-0x00007FFC83AA0000-0x00007FFC83AAE000-memory.dmp
memory/2888-1377-0x00007FFC83AC0000-0x00007FFC83ACC000-memory.dmp
memory/2888-1380-0x00007FFC830A0000-0x00007FFC830AC000-memory.dmp
memory/2888-1378-0x00007FFC83AB0000-0x00007FFC83ABD000-memory.dmp
memory/2888-1381-0x00007FFC83090000-0x00007FFC8309C000-memory.dmp
memory/2888-1382-0x00007FFC83080000-0x00007FFC8308B000-memory.dmp
memory/2888-1383-0x00007FFC83070000-0x00007FFC8307B000-memory.dmp
memory/2888-1385-0x00007FFC83050000-0x00007FFC8305C000-memory.dmp
memory/2888-1384-0x00007FFC83060000-0x00007FFC8306C000-memory.dmp
memory/2888-1386-0x00007FFC83020000-0x00007FFC83032000-memory.dmp
memory/2888-1387-0x00007FFC83010000-0x00007FFC8301C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_p25t0rur.4sq.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2888-1521-0x00007FFC830B0000-0x00007FFC83699000-memory.dmp
memory/2888-1522-0x00007FFC94720000-0x00007FFC94743000-memory.dmp
memory/2888-1523-0x00007FFC985D0000-0x00007FFC985DF000-memory.dmp
memory/2888-1525-0x00007FFC93E30000-0x00007FFC93E5D000-memory.dmp
memory/2888-1524-0x00007FFC93F00000-0x00007FFC93F19000-memory.dmp
memory/2888-1526-0x00007FFC93CB0000-0x00007FFC93CC4000-memory.dmp
memory/2888-1527-0x00007FFC83CF0000-0x00007FFC84068000-memory.dmp
memory/2888-1528-0x00007FFC93C90000-0x00007FFC93CA9000-memory.dmp
memory/2888-1529-0x00007FFC94620000-0x00007FFC9462D000-memory.dmp
memory/2888-1530-0x00007FFC93C60000-0x00007FFC93C8E000-memory.dmp
memory/2888-1531-0x00007FFC89880000-0x00007FFC89938000-memory.dmp
memory/2888-1532-0x00007FFC93C10000-0x00007FFC93C1D000-memory.dmp
memory/2888-1534-0x00007FFC93BD0000-0x00007FFC93BF6000-memory.dmp
memory/2888-1535-0x00007FFC842B0000-0x00007FFC843CC000-memory.dmp
memory/2888-1533-0x00007FFC93C00000-0x00007FFC93C0B000-memory.dmp
memory/2888-1536-0x00007FFC93A90000-0x00007FFC93AC8000-memory.dmp
memory/2888-1537-0x00007FFC89DC0000-0x00007FFC89DD5000-memory.dmp
memory/2888-1538-0x00007FFC89DA0000-0x00007FFC89DB2000-memory.dmp
memory/2888-1539-0x00007FFC89860000-0x00007FFC89874000-memory.dmp
memory/2888-1540-0x00007FFC84750000-0x00007FFC84772000-memory.dmp
memory/2888-1541-0x00007FFC89840000-0x00007FFC89857000-memory.dmp
memory/2888-1542-0x00007FFC84730000-0x00007FFC84749000-memory.dmp
memory/2888-1543-0x00007FFC846E0000-0x00007FFC8472A000-memory.dmp
memory/2888-1544-0x00007FFC846C0000-0x00007FFC846D1000-memory.dmp
memory/2888-1545-0x00007FFC846A0000-0x00007FFC846BC000-memory.dmp
memory/2888-1546-0x00007FFC841D0000-0x00007FFC8422D000-memory.dmp
memory/2888-1548-0x00007FFC83CC0000-0x00007FFC83CEE000-memory.dmp
memory/2888-1547-0x00007FFC841A0000-0x00007FFC841C9000-memory.dmp
memory/2888-1550-0x00007FFC83B10000-0x00007FFC83C87000-memory.dmp
memory/2888-1552-0x00007FFC82FD0000-0x00007FFC83005000-memory.dmp
memory/2888-1549-0x00007FFC83C90000-0x00007FFC83CB3000-memory.dmp
memory/2888-1551-0x00007FFC84290000-0x00007FFC842A8000-memory.dmp
memory/2888-1553-0x00007FFC82F10000-0x00007FFC82FCC000-memory.dmp
memory/2888-1554-0x00007FFC82EE0000-0x00007FFC82F0B000-memory.dmp
memory/2888-1555-0x00007FFC82C50000-0x00007FFC82ED3000-memory.dmp
memory/2888-1556-0x00007FFC825E0000-0x00007FFC82C4D000-memory.dmp
memory/2888-1557-0x00007FFC82580000-0x00007FFC825D5000-memory.dmp
memory/2888-1558-0x00007FFC82270000-0x00007FFC8254F000-memory.dmp
memory/2888-1559-0x00007FFC80170000-0x00007FFC82263000-memory.dmp
memory/2888-1560-0x00007FFC80150000-0x00007FFC80167000-memory.dmp
memory/2888-1561-0x00007FFC80120000-0x00007FFC80141000-memory.dmp
memory/2888-1562-0x00007FFC800F0000-0x00007FFC80112000-memory.dmp
memory/2888-1563-0x00007FFC80050000-0x00007FFC800EC000-memory.dmp
memory/2888-1564-0x00007FFC80020000-0x00007FFC80050000-memory.dmp
memory/2888-1565-0x00007FFC7FFE0000-0x00007FFC80013000-memory.dmp
memory/2888-1566-0x00007FFC7FF90000-0x00007FFC7FFD7000-memory.dmp
memory/2888-1567-0x00007FFC7FF70000-0x00007FFC7FF8A000-memory.dmp
memory/2888-1568-0x00007FFC7FF50000-0x00007FFC7FF69000-memory.dmp
memory/2888-1570-0x00007FFC7FF30000-0x00007FFC7FF4D000-memory.dmp
memory/2888-1594-0x00007FFC7FF10000-0x00007FFC7FF23000-memory.dmp
memory/2888-1611-0x00007FFC7FE50000-0x00007FFC7FF04000-memory.dmp
memory/2888-1630-0x00007FFC7FE30000-0x00007FFC7FE4A000-memory.dmp
memory/2888-1651-0x00007FFC7FA20000-0x00007FFC7FE2F000-memory.dmp
memory/2888-1662-0x00007FFC7F980000-0x00007FFC7FA13000-memory.dmp
memory/2888-1665-0x00007FFC7F930000-0x00007FFC7F97B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI19802\cryptography-41.0.7.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
memory/2888-1671-0x00007FFC7DA30000-0x00007FFC7F923000-memory.dmp
memory/2888-1721-0x00007FFC7D980000-0x00007FFC7DA29000-memory.dmp
memory/2888-1727-0x00007FFC7D750000-0x00007FFC7D976000-memory.dmp
memory/2888-1733-0x00007FFC7D6D0000-0x00007FFC7D74B000-memory.dmp
memory/2888-1739-0x00007FFC7D640000-0x00007FFC7D6CA000-memory.dmp
memory/2888-1753-0x00007FFC7D5F0000-0x00007FFC7D638000-memory.dmp
memory/2888-1786-0x00007FFC7D550000-0x00007FFC7D592000-memory.dmp
memory/2888-1781-0x00007FFC7D5A0000-0x00007FFC7D5E2000-memory.dmp
memory/2888-1791-0x00007FFC7D4E0000-0x00007FFC7D54C000-memory.dmp
C:\Users\Admin\RuntimeProc\ss.png
| MD5 | 03f0c58f15cdb3e7a827ed6c05c97980 |
| SHA1 | 2fde7f24449ad5cfb9a42098cea5443991533ec8 |
| SHA256 | 657f263dc870ef2eb56de9287b0e8eb2f3c61e5823f1c4aeb236bb29f1b13300 |
| SHA512 | 830f19642a5b8fb8c8650ddea876d57a4df05fac8e98f756a64a5f6e9c17b84e995e8da445491d546d7d8bdd9a2613254117c40ad480ef0a07bbaf263598c7b8 |
C:\Users\Admin\AppData\Local\Temp\tmp6wsdx2qp\places.sqlite
| MD5 | 191158f62b0cbbd453bac7ffaee6f2b1 |
| SHA1 | e7ccc023a958261438713f6931e1dbfa86f5b72c |
| SHA256 | b0d92611e5ba3f485d3060fbc9c08091e2710e37ae410655f5b644ae80d1b4d8 |
| SHA512 | 7fdb793be35d9366e8582a55fca531abbc4822a776ca0412550caa097d9b77c6a20b4b003196ebaf2aacdbab86398348ad39639fa98bc5c7250d80170dc26fbe |
C:\Users\Admin\tmp\wht5dgycQD
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\RuntimeProc\rec_\29.11.2023_18.17.wav
| MD5 | d8857ee4047ebb33068d1a240a5063ba |
| SHA1 | 2e1a620640b56e754bd1f47f8ad8d8fd501075b0 |
| SHA256 | b7c1a83a6ac956100c803267c26aa175d2a002721ade15e4faf506b6aabffdd9 |
| SHA512 | ecc0e6df0ac567fc96167fdf633a939844774e6cc65441ccc1b6c57e65cd12a84e314dd753f7c0835012d3dd4cb61e1cc76300519490511e952ece6f3d60872a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e5c27b4a4d5a3c9c60ba18cb867266e3 |
| SHA1 | dea55f1d4cdc831f943f4e56f4f8e9a926777600 |
| SHA256 | 860ed0acc83eb0096cc8911725e2c631ff879ad8c35854577651af502c4b69c9 |
| SHA512 | 56eda28e9c61e8081dadc220d23e7bb3320a9ba557eb7511d17a3d2836aa61f301d1d714a3d611eedd7c4b91886c790af7366b01acdb3b637f3dc4fb024f3f6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a0c05ef60dde00d4c37e3db2c60bd60 |
| SHA1 | 3dbc91a6d26ad8892fdb1d72bb596906b1be052c |
| SHA256 | 658c554a708ec373025119814bb2c9d02d7ea699f0b56a9c4d9ecd992239d341 |
| SHA512 | 53306ca40d0b2601565e9f2dadc01dba1df98a679fc03f423d54c0bcf02ec013cfed9d12160689823d0a3421dccfec513b68841e8b29dd483f29b30f7e69539e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0594c043f3d30d464716e8fbdaee5f33 |
| SHA1 | bcc36f6ddb8f206ef372962ffe63eae7de102b7e |
| SHA256 | d763b7ecd1f199dde1b4fa8b989b14d92e6d0e390e59492108e09e365109925f |
| SHA512 | a8cc7bf1f8297c5e1e608e8e4092753c52ab2567754b0c0e06c64d844ba61c61fea4b677d4a97244b7baf873b5ab57b86291b296329b523e5e435ca1a4f968d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce78c7259578d24c4ff181360b13a400 |
| SHA1 | 65cc27070429e34ecb756c41017c9baac768065f |
| SHA256 | c4809909a9f176c735f868884015c3acc743014508c18514443738080400a2e9 |
| SHA512 | f882b8f6216c1430f32cafeb18209ed52aa4d61dfc696433c424495e758bb72ecddb125c4d5c5e83bcd69a72d206aa8971fa4a40990b7fe1f3b62f6ab68ddbc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e30738d93d6789672ce8e1c4bfe275a8 |
| SHA1 | ce2195ec1f2e3830b9a106a9dc8d7fa5397d10fc |
| SHA256 | 7d60046d1238ff11bdf616d83c212ad6866a7cc630ee9be8580050dee7f74832 |
| SHA512 | e39c9590f558477a1b823de555bf27542a725566d8bd839a1c493459444d49d755445d8ff34f59681ede12a8e654c5a7fc34b6008c9abcfd65d09f6b1b523a65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a6b9e549292a23ffe6c00307b2cf1d3 |
| SHA1 | 5eae52186c12bd014459947b11f0183b5dced582 |
| SHA256 | 8512a3327249cd2c979b4df522dc74da12afd0fbc81d1ee728e9b1d3cf2110ad |
| SHA512 | e2b6ee270d8fbb51cd222f5c9107154692c1636aa3ca5ca38be26730b34e9b40db93345110b3069045fc9f4a215bafa6dcfb0d4e4553f8992ae6ed94046fafc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 53e07066c3863cad22a0d25026712dbd |
| SHA1 | 6ea3cb68b951fa5043ebb99d41d59f37ef7f8fda |
| SHA256 | d0a7ba013b9e4e1683f842db7f6c8b184dce06735c60211c48937726593f3e9b |
| SHA512 | 740113dbe90a87d26fa38a0e99e7f5fc4cf1ef31b9faa365f1e5eecacc07cab0a68e12c80e637a3b9433434ad41f43d0c7d457af66c664c8691a58328261b716 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 830308f415d76c1a0a6cf3a8809ba3be |
| SHA1 | b83123c9fe68dff6486627b3831f56e8ad793614 |
| SHA256 | 45748b8df34f81a8212f634f4a9ffc28f8ac14a048c92356cc62a79d03ea3747 |
| SHA512 | 5388a1729c003f56199e4e906d82531eb18ef322cf9c245025ee0e2a6fa0d06a6b53986bd2535482bf629509199bc4616e6eff7d0989b5dc68168f459fb02e02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 912cec8b2e949a5ab309a308041c1a4c |
| SHA1 | 7ef0d724c0ecfa1bbcb9a17901d44f066c2179d9 |
| SHA256 | fb4cef039742f3be0b50aba34e81fcb1cad1ebf7e99facf07190446bd879bd97 |
| SHA512 | 6508dad4fc512dd03390730b1b2559b2ab7f2256ae2350024ef5ae0d912e16febc455b7349522956fbc1f8f2e4aec355211327325422534427f6770970d37942 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf1ae2372a853cf79b41ada1a1767489 |
| SHA1 | 63603ea81acfb0c3b865b0bf6d3151ec83e2a497 |
| SHA256 | 3c3fb673780c031b6bc1608d3af77ea5d353d9a256f9b3879fe22905de8e36c3 |
| SHA512 | dac4787a5629539740b7f12f254d0616154e5ae66a1be3ce9a5a56da3b271485b989dd226901eea1df11cf408b2c6a7c2a2a111742c25852bf7a9233a0cd17b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ed743.TMP
| MD5 | 31fe89293dcbd439390af4f43c5423a9 |
| SHA1 | aad7c54017d76c2674ab9b939889318834212049 |
| SHA256 | e75bcf9823a59a31059c5c7246e3e9c878877ba00c84c110513c75292fc9d5a4 |
| SHA512 | 796f0bfcf936c1f05922b2c8fc252c88dcf7307a4f713d5d30143daa312021a68450bf8277868b82bc975242e8470063de9ee3e5c0eb3565ddb3757c7bea442f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c53829ef29a037f8654079f18e883e33 |
| SHA1 | 24a969dc888d884af4c95aceae6d377988b45063 |
| SHA256 | 3f734e50fafbe753af668391cd25ab59fea75a83cdb944c07753c4e8cafd601c |
| SHA512 | 312d4886ab5582a23f7bf6c24af187a89502b4187d7f05c5289bfa51f9ab4aebe94ef37c430ad63c08c85578216155bd193e310cb0e57505ee8e20791c2efedb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5f11e228717621de9a90f4d16c4590bc |
| SHA1 | df8079f8db08bdddfe7375c39ef9a1f5d4ecb725 |
| SHA256 | 2a8490f553aa88591cb8254957cf5c7ff38015da08bf6d36a7bceed8ddbe151d |
| SHA512 | dd0ff8ff9008586fe9f520f9147cd7fe96c8c53580e3e4066fe65db71b9c7d8615b064b719766e4a508d404221c8b21bf406aeea293651be8bdc62ca1a75ab13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 43b5aaf5fb31315d1eac3f3ae46dd2fb |
| SHA1 | b3c03aa2560dcc144a23819d537cfcfb9b7c1c81 |
| SHA256 | 60dcd1eb376225fe6d5744207304297b1a47a6764bc31c48197d376804ae9e1f |
| SHA512 | 92be7a3059e7dc6ab34c278340e57ead0372c8aa702c5e34f762be1cb7c9134b509192a08729e04d75f8fccb18e920595756184ac7a78d320749d4594bbffbc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f52ef96a1a4a2e47dbfffe9264ead96d |
| SHA1 | daf0be707a510b9f402fe32f84a549ad313559c0 |
| SHA256 | 5c340f78fc1b8870aa74b07e2748f309fdf55647b511ac39bb27874286cc2fdf |
| SHA512 | 2f2be13961dcc3f7f58980333344b264b8b06c76b5baf7b61ce5e357145be7a6dd27215441e19d93e89c4ae106ce30b1e530529e1bfaa89dbdeb64aa58b515ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 968f36ddd088d13fe45c36f23e92050e |
| SHA1 | 467027309cd08a02b5e5cdccd299630e6133d76e |
| SHA256 | bd1bec0a36a42e34d1f29445d999e70f60a410d9026220fd0bc18716a38730ca |
| SHA512 | a3a5422384f5892b723430666a54d1e5c9108928667e3de31d6d2b36abc11d0abd382a76860926f2bbdfc475163534200484012afd4fb9014765e05b23bf1e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b76e24a8032c755c862ce57fb1d107ed |
| SHA1 | a06a5b0f69c045c140d1fd788f2d3fb9a1bd3c7b |
| SHA256 | ef8e7ff76959023082a3859d67bd6bb4267c79f2fe6e2dc21960baa4879a6a92 |
| SHA512 | a84c3aba306373bdb4c3ba1f76173567c68444f71cfea5dcbd94b30893296464d1d0e8e662a6de1b850f125a89b7ffa3c1fa36f509a7e66ee6a786118d52d7d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_hackertyper.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3f2f2168fad9e422815fd1988b999728 |
| SHA1 | 5be95051bfa2cb17e30ed773c2cd47a419c2d402 |
| SHA256 | ff0321b2e0bfe119ca4eb3248dd22226edadebe99216a1bae9f35d6ae3470b7f |
| SHA512 | 05bd9942a92b31989ed9ed1a5ba997ed0f519cc9717ccbb271e8e00d2087faf2ccc9544b8072902d34af0cfbf119109bbd4ab8c260ac8a71a58b4a6955e9ff07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e2fa10e4187126fc28cb94f27b8d27a7 |
| SHA1 | 8eee33a2528ba93ea2aa7ddd96e76ee5f9b27ba7 |
| SHA256 | 832a22e9696e9c31b70ebe3bcdad140db7712dafc79274c459c5e738572d29d1 |
| SHA512 | 17fe8debeb4cb1b8a9a0f49afc30aa311f594c9f560b510093d425273f122f36aad17fee5ef53df7fe50c82e143f30df5f8459fa7aa52ea7cf5bb4077c07cb35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bdd640cae2ec03747afc4fc8f4c50dc0 |
| SHA1 | a3c720323291a6453e75d9f109aa0e3c3921cf58 |
| SHA256 | 4b936203f70262eac5a04331d8bda17e70c1030889ebeff75372669a48922891 |
| SHA512 | 5715d7be22ee6e0c14f8cf118bcb1d515826c3947b8ff87d5bf2a071b73b975513beaaecc90eefb8a0fc2d58ce02bf9f4f24e04c2e9346a5a7bc9b1856937a4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c3921ffba14ab574e47a9986b03bb1a1 |
| SHA1 | 8f800e6ecbbdb68579dc844b6a92f304d4a7e94a |
| SHA256 | 82cf7b36ef4f14aeabd6e6f33275b67cd22b26643f17d3255c2b44e69f0ae7ee |
| SHA512 | e76b583288da53039d689fb2b58c4c834b28905f96fcd439f6b3e8e2e6c30b3117fb9e1f2dabd5a0b57098cd907b993107bdc593f97a6adb897dacee72d25aba |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\I6QKHGWG\microsoft.windows[1].xml
| MD5 | 0888d820fda13339cae16ad3bf7aff25 |
| SHA1 | 6961e9e45798a47d37f692c8cd8a3301de4a0c08 |
| SHA256 | 269eea426f93be88a064eaabb4fa37fa70a081c817d33efd5dc3235a65a3d237 |
| SHA512 | bf198ceb86f4f2731c250eadf944f905f01c4d3af98a02f7ac6ee229ac1aa7ef673a4ad872b167894cc063f184ad1cc81192564ce6fd0c7b2aedc6ccf3197f92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 221015865479c2642fdf345179164a9a |
| SHA1 | 843f0b9ecb9d9011c6a8d82e1f1b736a8662fc02 |
| SHA256 | 94f36e43abccd50651c78211366f229e97cb23d2e1abc44920f95ec3c4d94a55 |
| SHA512 | 53590eecac60c6e8f16ca41ed1803160855f355f12e9791e8221b92d24b2ad94284fc95725c69335783d0fae51a2a22040010bfd403de1a7cbbd59669100ebb2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133457556405005704.txt
| MD5 | da66cd4653369b16eb506249ee88b707 |
| SHA1 | eeb9f7df9eed3e656c238a3624736de9b72a3988 |
| SHA256 | 7b16d2cc1982943de32cc81330e948d5bda75322104b2da0cfcd346a31d1770f |
| SHA512 | 03dde808cadbc5c5f7b05e4b034b2c16ce34336f2e4713b9c1525d1d1b9f0701da0a229726b91d2b5c5cb5e6265357735e5af718aa51c704d3c2490013373da7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 3d09debeb9e4297510ee55f1a2986891 |
| SHA1 | 4beb80a39b0a9d0ffbb71441079b5a3d8a672e2f |
| SHA256 | eef9bbfbac2390b3e6d9359b36c8f55b579bb4f5ec81fe900fa5ba765bf88604 |
| SHA512 | c0a8188b2f44b8d5235683f011412d8b72d140058ef0f79cbcd40b5daa3702556cf6bc1fd3f6e1837aa50ffde2511fb66de013f414d814fba75dc3d98fc6ee18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3316310177a24749b92def162a010b53 |
| SHA1 | e1d0a82081441151e55d4445d08a6418a5705cb7 |
| SHA256 | bb61903cc4d5430c7e8204bb40a09361e7d5ebb77acbfaf841c5ec0c927e6ef9 |
| SHA512 | 5d94dd8dbfd6790376060cc57a328836650ebccb4e2ea1fd692d48e26fc8909367069209e36bedd95297c77aa6069be9b082b172e7ebddbb036e9c7f491d8881 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6d32e13c75f0d7cdf2efe92ad191ee7d |
| SHA1 | 611707fa462afcf692f726cf9b62da376e25a403 |
| SHA256 | e19e72329d59b26639430c1c3fac4de3fef7a3c799681aeda17c099e5a5875f5 |
| SHA512 | f3394107a2e1d1b4d02e2f98891c6dfe066aa6037008258c4cfdff50b2d1ba4581cff8f9a9f32881893db2ccad4a31a62462e74bd073c22d32e6e6be4265497f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8d9d466e9df901315d4693c6ffb27663 |
| SHA1 | 369e5c7d37b219cce41d35221b5cac9480bfb7de |
| SHA256 | 48ac907d923dc3e537d420d7a826280ea63fa3dd82f9a879d8683f1394664b2b |
| SHA512 | 0f76c7c2900715ad32a2f3c860e95dce223d4b8b4b78ce6905a4de062ff0f1b31a01aa9ffce799504b8e63a762ca522ec128e4799c07c2b4471653574c627e4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d79403833023dcfd76dfa100134b0a50 |
| SHA1 | 798fbe36ac18aa00118bf4abccb46248f69fe394 |
| SHA256 | 5ec2894a1c19b13e724560eb64c0ef65be0180804278a5e9594316f37f2ddc76 |
| SHA512 | d4e0be5fa5fdcd6d8006627ce8920fe4d31b443c778967db0bb581b063f96c8a94a273649fe9d60103f67d7e6733b28d9f510361760b48f48bc0c2055cb38a2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8f20c30e36565a923ae12415246ff63 |
| SHA1 | c96cbdc8fdd2a2eba9252f0cbad4a8e47f1605f6 |
| SHA256 | 351e2abac0c2161e8985d68d37baf2c9a726f6e241abc0616eff716efff5ec6b |
| SHA512 | 5624e83388da10d117adf94012eb64301ce69befaa10a0429d3b2bc7f2f7100bf53212e6d2a6df1f318278551417348f0c9bbfcb0f9a933331a8aa3bc8b4b6c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3ca3735e4ff30876e8c2983b934e5bc1 |
| SHA1 | 24c811082456cd15a145380595cfb3753378c6fb |
| SHA256 | edd645d8ff5bc79f0b3c8d70a1f3ec98283dadcc08cccbdea49f878c513c7ecf |
| SHA512 | 5f96959e31600868e54e834068dd42684d7d2f11e1d2fe955a9760bc504e88291bb77dc69f73af85e95031c9c09803cbcfb42a2498756b007e0fd70716b4a4fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7f8dd8db9f2329bea4a31714fffc3e8b |
| SHA1 | 43c3b1c329a8e39c1929015323625d9f757bc5b4 |
| SHA256 | 9b770f381f2fb9491ef7480306628a7364b6fae89ca6ea1a8e2271630851a9da |
| SHA512 | ef84b9c04612c12312396f160d6e99ae2bc8b7993da7a3a61860e6e98a7b530b1f26a234e4e6f690a698ec013275319f34cefdb71c312e6db1885123cdd3c476 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | c46695dfa96686216d12a8d71843e091 |
| SHA1 | 2e140db08de4971aa7d9da50a35898503dca1c8b |
| SHA256 | 95adeaa68f8827daa74e9b440394c06c504a8997b33a1a12c375a2c79e69a072 |
| SHA512 | f77acf4ce6f8e4b09de40fea05e963bae87e4f8e53091233774d2f02a7a418536a874db239a13a9051587084de8aba62ef3aa5ff0f43005459eeed22116e8995 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 71d2682dda8e90fbf5fc499cf1750140 |
| SHA1 | a447fdd2867ff09630e599fd51512feea3fc13cc |
| SHA256 | a05a1e291c8607e731b0c42f7a84c3f1b51d4c76cbae6f81543151abc19708e2 |
| SHA512 | f830b35e4f0dded115995102f93241d7cb2adc366b2eec847e39166256e20dcf7f4ac30c661cd8d78bd37ccdf3db4cb48dd792e5863750c513bb1bb8228dc3f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a6612cf97ac0ac50d3cfaa208cc2aed |
| SHA1 | 6dc56444a1bee7cbf8c2116f888716dd3ea7e203 |
| SHA256 | d828990509522c6dd0b415794b26d865d9d7ea795a9acdee017bc3796639b130 |
| SHA512 | 051c1ced8cbc9b6ccc357a01df504ef7d3da530c051b29320ccdc39262ea4e4ad1b5f7850c3c50c24ed017396ee0834cf74d410b8c547df20151ecaae9c05bcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\97686e5d-97d6-409f-b7d7-7e5aabeac2cb.dmp
| MD5 | d01e58f9639b58e3d2a8335a25a06de8 |
| SHA1 | 128f466ec22932f1873f9b02e53266d15fb531c5 |
| SHA256 | 7f27c347bee5fd569251fefbf5791d05c4a2b885d7efcd3202bdde1afa168735 |
| SHA512 | 50e27eaa265f7d4fd34fcea826c906e6f798bce2d181fe107822b56802a7fe0175421bae022d866e8dc05532f2c15c7b4bed4fe9764901360e242d3bd28fc8fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6b51736ef179baa1aa4d831995ed9de6 |
| SHA1 | 9b58b891dd7a4ba5215c1fe834fc69474c991b5b |
| SHA256 | 17e6a02eed0c31daae99d322a9d19511b369e7520e409ef04e263be7e4cef453 |
| SHA512 | 61bb05dcd8484f6d9ab7440341437ee17253100391b96442be63af6255e5febef8e5c961fe094be819c4c93964b8d63358af29a9ac9fbb619f87596da638f856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | d25b3e38a9ef7e241535edf983d92a50 |
| SHA1 | d440b34fa19e507f2c8e4d06588553cc7719b292 |
| SHA256 | 076604118c00aec6b22ae3f366e16aa859757c20168f2a237a33ba8aae659249 |
| SHA512 | 977d6754f9eb1b5f32405b6759ad5304e07f841a90e526b6c75e5c0086398f3d074612c2fd1389087b528da9aad6a2ef4fdd7122286c9874404b860d3a4954bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\3fa6ae33-f256-48a1-8eeb-43ee5071c7eb.dmp
| MD5 | eaa02a63e216fcb008e00189b9c3dde4 |
| SHA1 | b9cc79f3aafacd176ec3fdf109b1d906542fbeb8 |
| SHA256 | 33f13d814eaef3d8bdfdda81e89b9e4e004a091b28f0a865295aa1cf6c9837c7 |
| SHA512 | e5419f1460526f2d87c61ac7d19f73c89fe966a9ef0823114e33d3c25efbd8e121fc2075d19ab497dc240a63f6cfc35ff43f27d11069db8d93d02cc9b0ab4f21 |