Analysis Overview
SHA256
078f586ebb8a22305540fb5982b2521f1b82e4317f286e13bab680fff0a9d164
Threat Level: Known bad
The file 6958ACC382E71103A0B83D20BBBB37D2.exe was found to be: Known bad.
Malicious Activity Summary
Glupteba payload
SmokeLoader
Glupteba
DcRat
Djvu Ransomware
Detected Djvu ransomware
Lumma Stealer
Downloads MZ/PE file
Modifies Windows Firewall
Checks computer location settings
Modifies file permissions
Executes dropped EXE
Deletes itself
Looks up external IP address via web service
Adds Run key to start application
Suspicious use of SetThreadContext
Enumerates physical storage devices
Unsigned PE
Program crash
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Runs ping.exe
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: MapViewOfSection
Uses Task Scheduler COM API
Enumerates processes with tasklist
Creates scheduled task(s)
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 17:01
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 17:01
Reported
2024-02-22 17:04
Platform
win10v2004-20240221-en
Max time kernel
96s
Max time network
156s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\74d70445-d187-41d4-b9c8-62687af4d0d8\\E698.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\E698.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
SmokeLoader
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\E698.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\B8C1.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E698.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E698.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E698.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E698.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1B17.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AD37.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B8C1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BB62.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\74d70445-d187-41d4-b9c8-62687af4d0d8\\E698.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\E698.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2136 set thread context of 1092 | N/A | C:\Users\Admin\AppData\Local\Temp\E698.exe | C:\Users\Admin\AppData\Local\Temp\E698.exe |
| PID 3608 set thread context of 4484 | N/A | C:\Users\Admin\AppData\Local\Temp\E698.exe | C:\Users\Admin\AppData\Local\Temp\E698.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\E698.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530949222631878" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe
"C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ACE9.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd07d9758,0x7ffcd07d9768,0x7ffcd07d9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4716 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\E698.exe
C:\Users\Admin\AppData\Local\Temp\E698.exe
C:\Users\Admin\AppData\Local\Temp\E698.exe
C:\Users\Admin\AppData\Local\Temp\E698.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\74d70445-d187-41d4-b9c8-62687af4d0d8" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\E698.exe
"C:\Users\Admin\AppData\Local\Temp\E698.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\E698.exe
"C:\Users\Admin\AppData\Local\Temp\E698.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4484 -ip 4484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 568
C:\Users\Admin\AppData\Local\Temp\1B17.exe
C:\Users\Admin\AppData\Local\Temp\1B17.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1F00.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5188 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5556 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3164 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4748 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5048 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6048 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0xfc,0x128,0x7ffcbed946f8,0x7ffcbed94708,0x7ffcbed94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\AD37.exe
C:\Users\Admin\AppData\Local\Temp\AD37.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\B8C1.exe
C:\Users\Admin\AppData\Local\Temp\B8C1.exe
C:\Users\Admin\AppData\Local\Temp\BB62.exe
C:\Users\Admin\AppData\Local\Temp\BB62.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Unlikely Unlikely.bat & Unlikely.bat & exit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
cmd /c md 1808
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Here + Td + Passwords + Movements + Cambodia 1808\Upgrades.pif
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Meaning 1808\Z
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\1808\Upgrades.pif
1808\Upgrades.pif 1808\Z
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\AD37.exe
"C:\Users\Admin\AppData\Local\Temp\AD37.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=1744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11154271542793038236,16536531868625792996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2684 --field-trial-handle=1936,i,5702953491111303587,8411567864540341091,131072 /prefetch:2
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trad-einmyus.com | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | 182.126.12.185.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | brusuax.com | udp |
| UZ | 195.158.3.162:80 | brusuax.com | tcp |
| US | 8.8.8.8:53 | 162.3.158.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 188.114.96.2:443 | api.2ip.ua | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | m2reg.ulm.ac.id | udp |
| ID | 103.23.232.80:80 | m2reg.ulm.ac.id | tcp |
| US | 8.8.8.8:53 | 80.232.23.103.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | mahta-netwotk.click | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | notmalware.top | udp |
| US | 8.8.8.8:53 | thepiratebay.com | udp |
| SE | 16.170.71.23:443 | thepiratebay.com | tcp |
| SE | 16.170.71.23:443 | thepiratebay.com | tcp |
| RU | 5.188.88.181:80 | notmalware.top | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | smut.com | udp |
| NL | 88.208.20.10:443 | smut.com | tcp |
| US | 8.8.8.8:53 | 23.71.170.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.88.188.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.20.208.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.strpst.com | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| NL | 88.208.20.10:443 | smut.com | udp |
| US | 104.18.63.124:443 | img.strpst.com | tcp |
| US | 104.18.63.124:443 | img.strpst.com | tcp |
| US | 104.18.63.124:443 | img.strpst.com | tcp |
| US | 104.18.63.124:443 | img.strpst.com | tcp |
| US | 104.18.63.124:443 | img.strpst.com | tcp |
| US | 104.18.63.124:443 | img.strpst.com | tcp |
| US | 104.18.63.132:443 | img.strpst.com | tcp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 188.114.96.2:443 | resergvearyinitiani.shop | tcp |
| US | 104.18.63.124:443 | img.strpst.com | udp |
| US | 104.18.63.124:443 | img.strpst.com | udp |
| US | 8.8.8.8:53 | 124.63.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.63.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 188.114.96.2:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 88.208.20.10:443 | smut.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 92.123.128.140:443 | www.bing.com | tcp |
| GB | 92.123.128.140:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 140.128.123.92.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | trypokemon.com | udp |
| US | 104.21.51.193:443 | trypokemon.com | tcp |
| US | 8.8.8.8:53 | loftproper.com | udp |
| US | 188.114.97.2:443 | loftproper.com | tcp |
| US | 8.8.8.8:53 | 193.51.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.182:443 | r.bing.com | tcp |
| GB | 92.123.128.182:443 | r.bing.com | tcp |
| GB | 92.123.128.174:443 | r.bing.com | tcp |
| GB | 92.123.128.174:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | transfer.sh | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | 182.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.136.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| DE | 185.149.146.82:80 | 185.149.146.82 | tcp |
| US | 8.8.8.8:53 | 82.146.149.185.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | r.l1nc0in.ru | udp |
| FR | 20.190.177.20:443 | login.microsoftonline.com | tcp |
| US | 172.67.201.20:80 | r.l1nc0in.ru | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.201.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | thepiratebay.org | udp |
| US | 162.159.137.6:443 | thepiratebay.org | tcp |
| US | 162.159.137.6:443 | thepiratebay.org | tcp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iconcardinal.com | udp |
| US | 8.8.8.8:53 | torrindex.net | udp |
| US | 104.21.70.143:443 | torrindex.net | tcp |
| US | 104.21.70.143:443 | torrindex.net | tcp |
| US | 8.8.8.8:53 | 143.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.wpadmngr.com | udp |
| NL | 45.133.44.53:443 | js.wpadmngr.com | tcp |
| US | 192.243.59.20:443 | iconcardinal.com | tcp |
| US | 8.8.8.8:53 | ricewaterhou.xyz | udp |
| US | 54.225.185.110:443 | ricewaterhou.xyz | tcp |
| US | 8.8.8.8:53 | 53.44.133.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.capndr.com | udp |
| US | 8.8.8.8:53 | na.nawpush.com | udp |
| NL | 45.133.44.52:443 | js.capndr.com | tcp |
| NL | 45.133.44.24:443 | na.nawpush.com | tcp |
| US | 8.8.8.8:53 | onautcatholi.xyz | udp |
| US | 3.141.96.53:443 | onautcatholi.xyz | tcp |
| US | 8.8.8.8:53 | storage.multstorage.com | udp |
| US | 8.8.8.8:53 | ntvpforever.com | udp |
| US | 8.8.8.8:53 | 9d5ed16be3.2f2bef3deb.com | udp |
| US | 104.21.30.242:443 | storage.multstorage.com | tcp |
| DE | 167.235.163.216:443 | ntvpforever.com | tcp |
| US | 8.8.8.8:53 | fp.metricswpsh.com | udp |
| US | 54.225.185.110:443 | ricewaterhou.xyz | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| NL | 45.133.44.52:443 | 9d5ed16be3.2f2bef3deb.com | tcp |
| DE | 157.90.84.242:443 | fp.metricswpsh.com | tcp |
| US | 8.8.8.8:53 | 52.44.133.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.185.225.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.44.133.45.in-addr.arpa | udp |
| DE | 157.90.84.242:443 | fp.metricswpsh.com | tcp |
| US | 8.8.8.8:53 | 53.96.141.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.30.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.84.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | AKDHTrZGmMfGSiQC.AKDHTrZGmMfGSiQC | udp |
| US | 8.8.8.8:53 | 216.163.235.167.in-addr.arpa | udp |
| US | 54.225.185.110:443 | ricewaterhou.xyz | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 54.225.185.110:443 | ricewaterhou.xyz | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | client.wns.windows.com | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| GB | 20.90.153.243:443 | client.wns.windows.com | tcp |
| US | 8.8.8.8:53 | 243.153.90.20.in-addr.arpa | udp |
| US | 54.225.185.110:443 | ricewaterhou.xyz | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | abservinean.com | udp |
| US | 8.8.8.8:53 | a.exdynsrv.com | udp |
| US | 8.8.8.8:53 | a.exosrv.com | udp |
| US | 192.243.59.20:443 | iconcardinal.com | tcp |
| US | 8.8.8.8:53 | d1n3aexzs37q4s.cloudfront.net | udp |
| US | 8.8.8.8:53 | apibay.org | udp |
| US | 8.8.8.8:53 | cdn.engine.spotscenered.info | udp |
| DE | 18.155.139.134:443 | d1n3aexzs37q4s.cloudfront.net | tcp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | ameoutofthe.info | udp |
| US | 8.8.8.8:53 | ukworlowedonh.com | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 172.67.206.158:443 | ameoutofthe.info | tcp |
| FR | 18.155.129.51:443 | ukworlowedonh.com | tcp |
| US | 104.21.24.208:443 | pogothere.xyz | tcp |
| US | 104.21.24.208:443 | pogothere.xyz | tcp |
| GB | 18.244.140.102:443 | ghabovethec.info | tcp |
| US | 172.67.137.143:443 | apibay.org | tcp |
| US | 8.8.8.8:53 | 29.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.206.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.137.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.139.155.18.in-addr.arpa | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 157.240.253.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 54.225.185.110:443 | ricewaterhou.xyz | tcp |
| US | 104.18.96.60:443 | cdn.engine.spotscenered.info | tcp |
| GB | 89.187.167.5:443 | a.exdynsrv.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | s.uuidksinc.net | udp |
| NL | 31.220.27.135:443 | s.uuidksinc.net | tcp |
| NL | 31.220.27.135:443 | s.uuidksinc.net | tcp |
| US | 8.8.8.8:53 | dotsply.com | udp |
| NL | 108.177.119.84:443 | accounts.google.com | udp |
| US | 172.66.40.43:443 | dotsply.com | tcp |
| NL | 45.133.44.52:443 | 9d5ed16be3.2f2bef3deb.com | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 3.141.96.53:443 | onautcatholi.xyz | tcp |
| US | 8.8.8.8:53 | js.cabnnr.com | udp |
| US | 8.8.8.8:53 | c.adsco.re | udp |
| NL | 45.133.44.53:443 | js.cabnnr.com | tcp |
| US | 8.8.8.8:53 | 35.253.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.96.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.119.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.27.220.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.40.66.172.in-addr.arpa | udp |
| US | 104.17.167.186:443 | c.adsco.re | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | adsco.re | udp |
| US | 8.8.8.8:53 | 4.adsco.re | udp |
| US | 8.8.8.8:53 | 6.adsco.re | udp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 104.17.166.186:443 | 6.adsco.re | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | 186.167.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.214.252.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.166.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 162.252.214.5:2087 | 4.adsco.re | tcp |
| US | 104.17.166.186:2087 | 6.adsco.re | tcp |
| US | 8.8.8.8:53 | fcnctltd7eno.l4.adsco.re | udp |
| US | 8.8.8.8:53 | fcnctltd7eno.s4.adsco.re | udp |
| US | 8.8.8.8:53 | fcnctltd7eno.n4.adsco.re | udp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| GB | 185.200.118.51:443 | fcnctltd7eno.l4.adsco.re | tcp |
| US | 38.132.109.186:3478 | udp | |
| SG | 185.200.116.90:3478 | udp | |
| GB | 185.200.118.90:3478 | udp | |
| US | 38.132.109.115:443 | fcnctltd7eno.n4.adsco.re | tcp |
| GB | 185.200.118.51:443 | fcnctltd7eno.l4.adsco.re | tcp |
| SG | 185.200.116.51:443 | fcnctltd7eno.s4.adsco.re | tcp |
| US | 8.8.8.8:53 | engine.4dsply.com | udp |
| US | 104.16.159.17:443 | engine.4dsply.com | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | 186.109.132.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.116.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.118.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.109.132.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.159.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.116.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.prtrackings.com | udp |
| NL | 34.90.81.51:443 | tracking.prtrackings.com | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
| US | 8.8.8.8:53 | eusway.azurewebsites.net | udp |
| US | 8.8.8.8:53 | dad40ce8-a97f-445f-bae4-f321b8ac9197.uuid.alldatadump.org | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 20.119.0.47:443 | eusway.azurewebsites.net | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | 51.81.90.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.118.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.0.119.20.in-addr.arpa | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | engine.spotscenered.info | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| IE | 108.128.158.24:443 | ad.crwdcntrl.net | tcp |
| DE | 52.85.92.42:443 | tags.crwdcntrl.net | tcp |
| IE | 34.246.36.174:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 24.158.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.36.246.34.in-addr.arpa | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | askdomainad.com | udp |
| GB | 18.244.155.34:443 | askdomainad.com | tcp |
| US | 8.8.8.8:53 | xml.cow-timerbudder.org | udp |
| US | 198.134.116.29:443 | xml.cow-timerbudder.org | tcp |
| US | 198.134.116.29:443 | xml.cow-timerbudder.org | tcp |
| US | 8.8.8.8:53 | 34.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.servingserved.com | udp |
| GB | 88.221.135.114:443 | static.servingserved.com | tcp |
| GB | 88.221.135.114:443 | static.servingserved.com | tcp |
| DE | 168.119.9.23:443 | nnipth.xyz | tcp |
| DE | 168.119.9.23:443 | nnipth.xyz | tcp |
| US | 8.8.8.8:53 | click-eu.pclk.name | udp |
| NL | 77.245.57.64:443 | click-eu.pclk.name | tcp |
| NL | 77.245.57.64:443 | click-eu.pclk.name | tcp |
| US | 8.8.8.8:53 | wnt-some-push.net | udp |
| US | 8.8.8.8:53 | cdn4image.com | udp |
| DE | 157.90.33.74:443 | wnt-some-push.net | tcp |
| DE | 46.4.15.55:443 | cdn4image.com | tcp |
| US | 8.8.8.8:53 | 29.116.134.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.9.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.33.90.157.in-addr.arpa | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 54.225.185.110:443 | ricewaterhou.xyz | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | 55.15.4.46.in-addr.arpa | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| NL | 139.45.197.239:443 | dukirliaon.com | tcp |
| US | 8.8.8.8:53 | yourfreshjournal.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | propeller-tracking.com | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 172.64.133.4:443 | yourfreshjournal.com | tcp |
| NL | 139.45.197.240:443 | propeller-tracking.com | tcp |
| US | 172.64.133.4:443 | yourfreshjournal.com | tcp |
| US | 8.8.8.8:53 | sr7pv7n5x.com | udp |
| NL | 212.117.190.201:443 | sr7pv7n5x.com | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | littlecdn.com | udp |
| US | 104.22.25.116:443 | littlecdn.com | tcp |
| US | 8.8.8.8:53 | jouteetu.net | udp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 8.8.8.8:53 | 239.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.195.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.133.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.190.117.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.25.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | server3.alldatadump.org | udp |
| US | 8.8.8.8:53 | stun.stunprotocol.org | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| BG | 185.82.216.108:443 | server3.alldatadump.org | tcp |
| US | 8.8.8.8:53 | walkinglate.com | udp |
| US | 188.114.96.2:443 | walkinglate.com | tcp |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.216.82.185.in-addr.arpa | udp |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp | |
| US | 129.153.86.0:8778 | tcp |
Files
memory/1312-1-0x00000000006A0000-0x00000000007A0000-memory.dmp
memory/1312-2-0x0000000002050000-0x000000000205B000-memory.dmp
memory/1312-3-0x0000000000400000-0x000000000044A000-memory.dmp
memory/3356-4-0x0000000002A50000-0x0000000002A66000-memory.dmp
memory/1312-5-0x0000000000400000-0x000000000044A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ACE9.bat
| MD5 | 55cc761bf3429324e5a0095cab002113 |
| SHA1 | 2cc1ef4542a4e92d4158ab3978425d517fafd16d |
| SHA256 | d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a |
| SHA512 | 33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155 |
\??\pipe\crashpad_1332_VCSKTVVOGNSMTCNL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 44b32862abd91255470861b3167d0efe |
| SHA1 | 1a4e3be352b9b7a60d715ef397ea55ffcea5c3af |
| SHA256 | 824040d39f58856542d02d8593eb699864151e3723fbd90c091434716b1e6c50 |
| SHA512 | a04845d42325be97cd59f1b2d5eb05098167ceb46b94416002d143c03f8499f1d75979781a94419d36bcf056b4e66d3b8277c768393d6041bce51f5dd365d3f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e18ebca364d4aae3d06fac3c97b7083 |
| SHA1 | 373244d5b7029d0fc147acde6015ad8d670a6793 |
| SHA256 | 1fd7521dc917eb8c67d48d2b598483d30b85cdc0af61d5e8ad6af57d2dfe735e |
| SHA512 | fa9ad39df9f616933f83815d810327379a8f3aef38bb35c18e9ea338355b2d413b637fc4d25e5952bc471133cee212253836b32114b967298fd95574663f2f4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2a8b81a7280da6ce9987792def4da66a |
| SHA1 | 6fd14eb53c36cc25cb3f14fab395a5bcc7c44b6d |
| SHA256 | 4aca65e9e044123e35ad9119d4dec9a967ef555cfdbd3cdbd3a987c4d54e39ee |
| SHA512 | e40411dfebc9f148a7e67bdf0adb76d94684f4ab564ffbdad8404a19267c67890d85fde7f7a5a7e577906ecc8ebc843dafefcf8e9f0ec98644582a2e5f285c55 |
C:\Users\Admin\AppData\Local\Temp\E698.exe
| MD5 | cb6633c17f8d2dd5f66e10265a84d378 |
| SHA1 | a966573bf307e615e4020b1534c7516583142be2 |
| SHA256 | 1788b0f294ac1104d4a2306ee8615f53f04a6cb2ce199879b214b62a341c3ab8 |
| SHA512 | 1aa97f3acd0546dfd50aea2445df8bbfdcb0e676796926607af2348d31def34fb34796d6ca1de08ca2fa376acbd3699cfabce42278674d989cf560cfc959be68 |
memory/2136-55-0x0000000000A10000-0x0000000000AA3000-memory.dmp
memory/2136-56-0x0000000002680000-0x000000000279B000-memory.dmp
memory/1092-57-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1092-59-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1092-60-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 83e92676dd1a8e4131080ca9b876d4b4 |
| SHA1 | 0a4b603fefbce9ea1ec812d2e22ef85e69bf5eaa |
| SHA256 | 8137285376ee766eca2018e039d931f607510cd52cc18d96f51cf429b8d8e57c |
| SHA512 | 9e9d1dc1f4724f778e5b770d34de12e619969e43a76aa302c97e8d3750e757d563f534e41b255590a8785d64e166e1af89ff4c3203149e3677971cc38528ebd1 |
memory/1092-68-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E698.exe
| MD5 | 7a781a9608e9517259596c7168e25332 |
| SHA1 | b906995a75b28803c3b7cadb097b7ab25b225b1c |
| SHA256 | 58f2b881fb0410532ff80bb763586847b0cf9909084d35b1f4a864b372568d62 |
| SHA512 | 5cb100f6898f432d4b77fdcafdb78c79f688fe3febe3370b5f211cf13c64f43874fd30c3eb05f7990a3c521f2f7891a653037f0d33957ed0f5a654d2d1f892cc |
memory/1092-80-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3608-83-0x0000000000950000-0x00000000009E5000-memory.dmp
memory/4484-86-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4484-87-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4484-89-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1B17.exe
| MD5 | 479342d62078aaf31881972c7574f6f2 |
| SHA1 | 382fa9a95746ca6199e7dfb9ae2bd035f4000fb4 |
| SHA256 | a6b59e0a275b5314935a3f812a5ba7dd5d5cc9524d3a6efdeb3a103eea386f6d |
| SHA512 | 0e74e3e0b993968220e712ffd94a76c00d35f0452494d62b3f6780c80cc0cae2e9982978830c54bed3a57d17a5a84abbdc4c0cbb5961afcae785048ac4ac47da |
memory/4768-99-0x0000000000430000-0x0000000000F07000-memory.dmp
memory/4768-104-0x0000000001310000-0x0000000001311000-memory.dmp
memory/4768-106-0x0000000002F50000-0x0000000002F51000-memory.dmp
memory/4768-105-0x0000000001460000-0x0000000001461000-memory.dmp
memory/4768-107-0x0000000000430000-0x0000000000F07000-memory.dmp
memory/4768-108-0x0000000002F60000-0x0000000002F61000-memory.dmp
memory/4768-109-0x0000000002F70000-0x0000000002F71000-memory.dmp
memory/4768-110-0x0000000002F80000-0x0000000002F81000-memory.dmp
memory/4768-111-0x0000000002F90000-0x0000000002F91000-memory.dmp
memory/4768-113-0x00000000030C0000-0x00000000030C1000-memory.dmp
memory/4768-114-0x00000000030D0000-0x00000000030D1000-memory.dmp
memory/4768-112-0x00000000030B0000-0x00000000030B1000-memory.dmp
memory/4768-118-0x00000000030F0000-0x00000000030F1000-memory.dmp
memory/4768-115-0x00000000030E0000-0x00000000030E1000-memory.dmp
memory/4768-119-0x0000000003100000-0x0000000003101000-memory.dmp
memory/4768-120-0x0000000003110000-0x0000000003111000-memory.dmp
memory/4768-121-0x0000000003120000-0x0000000003121000-memory.dmp
memory/4768-122-0x0000000003130000-0x0000000003131000-memory.dmp
memory/4768-123-0x0000000003140000-0x0000000003141000-memory.dmp
memory/4768-124-0x0000000003150000-0x0000000003151000-memory.dmp
memory/4768-125-0x0000000003160000-0x0000000003161000-memory.dmp
memory/4768-126-0x0000000000430000-0x0000000000F07000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1B17.exe
| MD5 | 8ac7252482f3d4598ab58532cffba5f6 |
| SHA1 | cccf1eb2cbc0f0608904e4be3f6a8fade7a2d4a5 |
| SHA256 | 80e16958b4b80b23ef61dc76a389757c57cc903859e974c6f0c7ebc7c3e8fb99 |
| SHA512 | 2da2a9590276ca7e94188e2091456daac34416a24533340f97f3b2e55d9f1df4622beee92b442debc4c999d1dbdc011a45e76995f4551bcff931a28d1fae5849 |
memory/4768-130-0x00000000031A0000-0x000000000373D000-memory.dmp
memory/4768-141-0x0000000003170000-0x0000000003171000-memory.dmp
memory/4768-132-0x00000000031A0000-0x000000000373D000-memory.dmp
memory/4768-167-0x0000000000430000-0x0000000000F07000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 04e1c0fb7c50efaf86ba32ac99af0cd4 |
| SHA1 | 844aeeaba2b3c0a23a3f3580ee9eafde8eee9aa0 |
| SHA256 | 59cd12f0b76ce31550e9068fed1da5c917f8b4361ef4f3c62c9522473162705a |
| SHA512 | 3394f7025fe90250bc8ae1caeba12ec23019a31c1762e5ab757cd874ff33160b1596be9bb079b5641b7476c306c8ebd520fab5f00a0dca06372c67387f21ce40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 49843ce327a27318abb429bcc99856e0 |
| SHA1 | 1bdef0df314da759111a167c67864d908cf44224 |
| SHA256 | 64571a844c89b47be34131227a91f195db9b8d8faa098bc3a086158aeeb776a4 |
| SHA512 | f4e6ef6ac94fd33f32dc041e06091d5a72c3ed99537c49c63c744e9f09d5565683dd26887541c53120e16e72a8d6fa8f17285c3d3dd842222d637e44ea182772 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3b39f22db641f1d78e5bd2885ed1a2e7 |
| SHA1 | 4ae692f5e44ced6a131f06f62550385a1b17a83a |
| SHA256 | 4ae931a89c289b6a33f7e530428ecf25475c984596c7432d9360f5e46e93d2b4 |
| SHA512 | 918a9b0b182b7474047a59a88948b73d08ab4ee70753d9439114e4bfb5bcb24fd13f3513eb0e0dc6740daf450e2612e90e8ab9679d809ba2c7218d1b17902496 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584dcd.TMP
| MD5 | 455f4823cd3369825a2743aa5984d597 |
| SHA1 | 9fe46860cd54b851f02f85698a5a38b54119b4e9 |
| SHA256 | 711375f74fa3edeea2dcb5a88ca63d55421a0c638dacf924cab1c91bfa152974 |
| SHA512 | b62068488cfe82e5c07e00dcca64b9f4724568dc436a1d85f5d6fafc7c2ed78622123811924106c135d514a7c4ee4bd5891db221954ef2765ff639553ea1e3b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 659b60b703e3e97b0405495cdba2c1d9 |
| SHA1 | 6cbc95bd7f44ae175029efb476e62dd77100fbc1 |
| SHA256 | ae74449234420607db8861a40704fce88902bab4aa391a6a7b1bce0515dc1bcd |
| SHA512 | e7d4edb915dd857fbd26068009e2a3ce7f520073034d4acb7cf1081009598e4b5e97866f789107b65314eeb4ee7bff9df29f1621ab8bd90da01948445a8fb1c8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | df6d865b0079d18e62db13d494eaa6b9 |
| SHA1 | a087b0a25f92ac9b0e83ab67b1650d6b0a337efc |
| SHA256 | 3a2a8479a533868610598ea98b998af17614def5b732ab851cdd773b5c53e38f |
| SHA512 | f1bef902f92676afb11db708c250f6d7584528221ad72726524d91ceeb6e4ca5154f8125920946a7b982f23b866470010963307074f80566ec0309bec596eb63 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | a1e142b5a77919ef3ae70b9f2ec21e0e |
| SHA1 | bc8cd40b94e6d9642d453fabe8bdf09c22bd1dc9 |
| SHA256 | 0977e872acb48492eea0114fdf5304cf67fe754fe2092ef85f71b624871564ea |
| SHA512 | 5eae19432333b61998f81562d817255a0c27554eada0f0abd023ebb874e7e810bf5b3c925ca70c21c11b0a1e0b4f1ec804f4dd046c84b82f3c97c0fd6ec06bf6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 887a3be0bc379eb908a0ff2f2e58d0c6 |
| SHA1 | 29c1455a130bd5794cc6e333cee9e7f2c1a0db11 |
| SHA256 | 344b656e1908534b824fe5d545a16a4be0f8f60356fe28bf06e8e81bebc334bc |
| SHA512 | 6eb77b735f348dee5d2c6e1cf942743165df2357cd725ca620249f2ee83c2faac8e91452d51893e55e512288eabd52b926e7c03b8ed5ddee895549f24ea6bd76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 51514ab4d4752413845b75c1899bc7d9 |
| SHA1 | 1d995bedfa21963dab63be436e14309c611e4437 |
| SHA256 | 3b9ad91cbd0caf892a8bc07ba3a5340e55d054329103e33bd2d73b52d3b50cd6 |
| SHA512 | 3149d52feabb31bd230028bb2f4560d1bfcf56eb5295bc677fb618681c9c89a576722b72628c4fc0e5ec187015ca397cadea75c1a2d10111be4ef8ba70514dbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 873734b55d4c7d35a177c8318b0caec7 |
| SHA1 | 469b913b09ea5b55e60098c95120cc9b935ddb28 |
| SHA256 | 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d |
| SHA512 | 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 100ebfbb692d4c8c0526171a5fe16c11 |
| SHA1 | 968a56f591ea4f0f63cee93ecb691facbe56f9e4 |
| SHA256 | 929c1a1c5a551c7197d5b1aa0be3bae864d88ca770b102bae13b05f6a3e3563c |
| SHA512 | 5f6b5edf025f61a843875fd07492b7e6f7bfa431033d60a8478911165d35a754315db75c667c59f281e74d8bb76a7353cb5aff006f1150c91b389885518a3f30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce1273b7d5888e76f37ce0c65671804c |
| SHA1 | e11b606e9109b3ec15b42cf5ac1a6b9345973818 |
| SHA256 | eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c |
| SHA512 | 899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c35d05fcd7e8623d1129fe11f6a5ce5 |
| SHA1 | d85499eb9771a4bd152bd1f388ac593523fc814d |
| SHA256 | 41e5dd003b4cdd97ee5b8e898ea4984a69effcf5f78c211813dbdc0351d2ac96 |
| SHA512 | b0e6fffcd25b150e07f270d584a6c8ad10e4e11919229b3d790bf3839b2b97f4a5ec8225d8d48256fcdaa2c3a4f6d36a79bab33df242f35618ff6125ab78ccf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589083.TMP
| MD5 | aa046ff3068f17ebb2f285d2fa8f260f |
| SHA1 | 9cc47b72d792f130e949d18f102ed838f2b3441e |
| SHA256 | 026d9bc7bb5293ab03c0b2f3c7cfb584a3fe190e5996603d1fd067fe3f6f68fc |
| SHA512 | f1c8088b69b3306c6845f97f2afadf191319f5cc815b2bcbebf69ed20d9d3503cfd3e1d2f38cdecee3421593404be6e52232161f9f12369daa22e9e948298477 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7f7fe372ae23b9dab5d92e657a3e5a0e |
| SHA1 | 978be32a4de1f168272b3f94dca39fb4c30697d0 |
| SHA256 | 9c3878b720157a80829bc4f3bb32cc8ca85bd017385fc0354e5bbd2f23fd868b |
| SHA512 | fc2db4e326e3d3e3aa9f103b343d8c56f78b543fbbd13cb8d0756fd3e21bc4a6007538fbd7985931140dc98b03964ce29800d4fad5d5d11072ffff92388eeff3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7f64109c8e893c4107b24658a65a15878bb9abac\index.txt~RFe5890a2.TMP
| MD5 | dee85b25d86971c62c3a8c0ed2849cab |
| SHA1 | 7967575b2a7ebee00c2a047b99ba07fc685d4a4b |
| SHA256 | 03140cb0391460b310d8929757bc1f1c9989d82019d2599821d5f0b3caea1255 |
| SHA512 | 7c593d90c1165ac18e017df5543b38b6c23d9edce5da58b40ee727b6cbcf244c89ed2ffe9777abd65b1fa9288c25ae18e0f7145db837163d7d902f193830e52f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7f64109c8e893c4107b24658a65a15878bb9abac\index.txt
| MD5 | 9308cf80d1188ea31e5155605d3c4557 |
| SHA1 | 861fd9f45a48113cae967ed656c90f5e94e2e506 |
| SHA256 | 2e4bc3248512a2ebaf641805a7b3f966659f0f4978fe02d3b04671d315ecd615 |
| SHA512 | de7b0678c4fb2d635c8c82e4ac4d2bd124b389f06fab2cdf0931aeaf0da8ea1e116814b933619d49746f74fddbe7f85750445418afac69a5f3b6d2feadfab5ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2bfc8052ca940260c70b106ea1a7fb99 |
| SHA1 | 3b8884da78bf8a5c3752f68024430842b7a26ea4 |
| SHA256 | 99e13bc11c4bd6b75ed7aa662b88bfe64c4617983fe1f7f4b9924532ac0e930d |
| SHA512 | 0c23802ca19705a0fe027893ec338c5914e5fb069db7b916ed908e54ac55bf926dd1550df2c8876114b29343dcf1303fa6e767db669d9aa77ef96c191ccb4d0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Temp\AD37.exe
| MD5 | 330aae36d68355784bae2eed0594fff6 |
| SHA1 | fa20777e0b968eb2cf82e253fabfeea9eb9094e5 |
| SHA256 | 91a4546bf735a0480a77c3cbbce3d19a24211ffad783c2dfd5725df84a4ce3ee |
| SHA512 | 129f42c77f898b4c1e4d2842bf104091e2494e0fcc4f7e854d4c36550434224d747cbdc40e879176ad5bad8e783921c8329a8db0b0bb91f3a14b3b892575b0dc |
C:\Users\Admin\AppData\Local\Temp\AD37.exe
| MD5 | a6134d543c0fd4b8130d8d67797c2d13 |
| SHA1 | 257022e58feafa0292f791200695615cbcab6fec |
| SHA256 | 3a204be571842bd9411cac6084965f834933631bcf5de5aa41ae568fde81faed |
| SHA512 | 597cf322a16cd1a45c4adfbc466cef1b1b11397acc8989518d66741092a3e8635ab9d4da6f2fe700913794e310f324b614172abb7d4f09f05c2532f36a516a60 |
memory/5424-388-0x0000000002A60000-0x0000000002E5C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1ce5fe29d9083dd94789335a0815e38f |
| SHA1 | 8292ff692cc75c14d4613bd5e968bc41f00f7419 |
| SHA256 | be10a92b6d76abb86d9862a47fd94012626b04d73bd7d4ec9e12cf51250f6949 |
| SHA512 | 8114fff2585274fc8fb414b72254248312078fb0eccdd2529a37b7d947abe13c1c5b77a37486273de19e381d8f3a6be12f5e24c87548851db662443f2218b8f0 |
memory/5424-395-0x0000000002E60000-0x000000000374B000-memory.dmp
memory/5424-396-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e91d7b26bd14bb9aad425768ac7e9ce |
| SHA1 | 77c8ef1bf2665f2320061138182abaacaede2db0 |
| SHA256 | 3a75940bc8f9d1c6a80db627bf2b9d60818256a84fefbf421fa745825c51f392 |
| SHA512 | decd2f296cedc19a4dcbe6ff7c2310183752315bc3e5d05a321d2f431e6736bc5ca379cc5be357e8b76aecf830d744be9e554a1fda68778c46ee4e967a112508 |
C:\Users\Admin\AppData\Local\Temp\B8C1.exe
| MD5 | 14c94c064e19e7f27fb2f540b3488f78 |
| SHA1 | 19dddef106245f41bca6f0a60a98dbdd479f6e42 |
| SHA256 | 9b152367f59b72a872d3bd65252fd0a9b810da375659a61c5f69b67108a76582 |
| SHA512 | a3a96a4ee3c903a67f5e76f613192d3e3e0162fbb119a9445d4f1447a24ebac5444d56cdb4c4d66fad2c504075b3c3b1855e97d6806f439d87c424a58989802a |
C:\Users\Admin\AppData\Local\Temp\BB62.exe
| MD5 | 3d3ae7c2eddea19c3146543b95cdda7e |
| SHA1 | ea36133e7bfc1b57cd8e78a6daf24f59526ceba0 |
| SHA256 | 1f2a148765b1ef3247ca4312ea8d1460673744448ebd4559377eabd1ca1702f2 |
| SHA512 | 2ee471f0e0423610dbac9f9d472d529d0b9da22f7ca45ae973a80080920f9ac04342051ad16858918ac4bbab48068b16d78d4d177b8a029c21dde509e333c775 |
memory/4988-434-0x0000000000520000-0x000000000052A000-memory.dmp
memory/4988-450-0x00007FFCBCCD0000-0x00007FFCBD791000-memory.dmp
memory/4988-451-0x000000001B150000-0x000000001B160000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Unlikely
| MD5 | 19bc1bbe515dee767f02d503fa9d2cff |
| SHA1 | acc900deea8e8eff4e1bda1ac2c89aa70ef0e7f9 |
| SHA256 | 51ad4dc19fa436ac00a8b019da9ca49f30dcfe31d9aee0aabbb037fd10bca367 |
| SHA512 | fd0b3d6a867d8c7923d1166f546d4e14db0209df8d13dc46e9d08578ee78d4fc8739638e01f456f542cc383a2d086ed600931a8e889dcb1c4eb93d3cfe3a3dac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f6db9b5791d5275cc61d232fcc83eb36 |
| SHA1 | d91bc9d675169c8ad659535521e28bf0034e57f1 |
| SHA256 | c08fe33e89235e7aa1f8ee3bcb263828b106416acc11e477173342a895172c97 |
| SHA512 | a17912d55187ca779a1440217d2544b9c537fff094aa33d40fde8abb05b2520b4b532eab86b9cd1c988ef7c9b14165cd44093a030c1cd4c81a1199ff48553b5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | df4586c984c182c8ea5b54b574441d05 |
| SHA1 | 453f5061fa0b6de6a6fde5b19ac51fb51e393c8a |
| SHA256 | 88ea238b947d5fa7014ade9bfc3080da2731c434482bdb27f741dfdd6e928461 |
| SHA512 | 73de2481b73b10c59960af361b1c0a6e172f6c2f8bf37330766fd6ecee3fcaa57941712d2e48110711478efbcd527fda22b9ef094c3eb71904577c8b03c099ee |
memory/452-513-0x00000000733C0000-0x0000000073B70000-memory.dmp
memory/452-514-0x0000000004C40000-0x0000000004C76000-memory.dmp
memory/452-515-0x0000000004BF0000-0x0000000004C00000-memory.dmp
memory/452-516-0x0000000004BF0000-0x0000000004C00000-memory.dmp
memory/452-519-0x00000000052B0000-0x00000000058D8000-memory.dmp
memory/452-529-0x0000000005940000-0x0000000005962000-memory.dmp
memory/452-534-0x0000000005AE0000-0x0000000005B46000-memory.dmp
memory/452-540-0x0000000005BC0000-0x0000000005C26000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tglnlzvs.s3n.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/452-546-0x0000000005D30000-0x0000000006084000-memory.dmp
memory/4988-545-0x0000000000D80000-0x0000000000D92000-memory.dmp
memory/4988-547-0x000000001B0A0000-0x000000001B0DC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_thepiratebay.org_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Here
| MD5 | f99c27f6ce82ba40a3d8b3a681483602 |
| SHA1 | 342e47898949af0f730117b0b13e302116743a8f |
| SHA256 | e3bf730ed9213e0b8d3e42c81e6a63579b2a48e9a34d24122ccc91ff7988656e |
| SHA512 | fa1384a452aff07eee2aae22233491590ba2007a7972f246d57e0533302592b861785cee3f390e74d5e1e37a9772d44b956391cdce38c515b0b66d29dd321c9e |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Movements
| MD5 | d7563558933a24bd74f0254272cf7830 |
| SHA1 | 6982d08318ff2204d3714ce12d68a99b4f726fe7 |
| SHA256 | 1b11dc628b44a4982b7b13891fae62471a380eb2973af359655cf65254ac5a7e |
| SHA512 | fccdc060fd5ddd9b3892f82c343dcd80fdbc1bc24a24c50e9f86a1d917867c2b4189a3d4d6762daf8e9c719b999988a0d568f481c09802c5168010c490fdfcb5 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Cambodia
| MD5 | 4e9db9155039f5a6a04e16a6a6bfe3b0 |
| SHA1 | b293c7fe05d7e92ce7d9cc6f36940eba14f5d460 |
| SHA256 | bd3cd1801a2c226c63186f6fe3182fff1847609c5d99ca22209c7e9dbdd3db2d |
| SHA512 | 8692e29ec7717ddad30ea365bd4408a178f1d3ff7f7c3535f8ba1545ffdcfe78ae108259d4feb81b1ca819eedf4ef79531103512d29f7fd0fd8146beb14e854a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Passwords
| MD5 | 334f84837c9bcece9220e2c979503f68 |
| SHA1 | bdbdc63f1b85f72f8cf487dec6aaeb98e352c283 |
| SHA256 | 10dfb698a8c05eff79092b546608c15e7df803d4aa759090509da6d5d96373d7 |
| SHA512 | 37c3315a16d9f0e8ab044415a61220e2fa180e6f70f85435de7ccd7d1dcde84a0c13d48f670204e02ba7cfbe892a76f2efa979717b6b2b844a15aea0a845dcbb |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Meaning
| MD5 | a6c58504594ab91fc0ca6102abd10e80 |
| SHA1 | 03edc02d3806aa46d5e4c3c1aa8b6cff1b5c80f6 |
| SHA256 | b07a3cb7f4af841db56d43b6d8d35aea563993b8e0ec6d921eab372f637260f7 |
| SHA512 | 07d68c06afc66c71b04da74d387536cd800f7dcda422f4b67dbff60ba2b883fa360e9292190655448fc130d1ebbeb31af828ee1ba279f904b2a7e556dbb8f1ea |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Td
| MD5 | e32d058720e98d0fab73018ce1753b55 |
| SHA1 | f6b431cf3f225c3563591fbec4af922f6bff05d9 |
| SHA256 | 1cf7bcef592ee857c079e82d39a1c371868597ee1c33e692556d780b5040b83b |
| SHA512 | 8f259f0f2eccbe01dc4efe5d4ad34a94dcb0b97f20c3f36c6b7e6c24c14a73fbb6aeefc11e76142cdba83f9bf1dd4d0647bcd1ad2d3a6780e063c48d872caa11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ee1cd083315f257cab3399084d965cb1 |
| SHA1 | 56b599450bd6b8b21ad0c6ad4b0df805f09ce3e9 |
| SHA256 | 9cee23e884359e8be218308fff027fb32095bffc091f7053826d6b7ed0ec4ac0 |
| SHA512 | 6ef932b1d585a0e486223af5602537844be32927c89d7d978310b97624c0716966cacdf57a7a997c06414ccd0366d14a5522ff141deee4c6121c7cde8fff544a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\1808\Upgrades.pif
| MD5 | 848164d084384c49937f99d5b894253e |
| SHA1 | 3055ef803eeec4f175ebf120f94125717ee12444 |
| SHA256 | f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3 |
| SHA512 | aabe1cf076f48f32542f49a92e4ca9f054b31d5a9949119991b897b9489fe775d8009896408ba49ac43ec431c87c0d385daead9dbbde7ef6309b0c97bbaf852a |
memory/452-582-0x0000000006200000-0x000000000621E000-memory.dmp
memory/452-583-0x00000000062B0000-0x00000000062FC000-memory.dmp
memory/5424-586-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/5948-587-0x0000000077721000-0x0000000077841000-memory.dmp
memory/452-601-0x0000000006750000-0x0000000006794000-memory.dmp
memory/5424-605-0x0000000002A60000-0x0000000002E5C000-memory.dmp
memory/452-606-0x0000000004BF0000-0x0000000004C00000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
memory/452-623-0x0000000007580000-0x00000000075F6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec7132896d67887a6e6685e061a511b4 |
| SHA1 | a0a615ad87357c2a78375a785e9cce96d69b7e57 |
| SHA256 | 0caf7ef2bc9b99d612ff914e4cf405616131008db31c0d806b99286d27d68152 |
| SHA512 | 7744047b984162daa430db1f8d6807905af707589e68898cd30ffe65b04035a27f3f3ea3b9e7bb178d68558ee2acdddb2002d3f333a80877175ea22af3b2bd78 |
memory/452-646-0x0000000007C80000-0x00000000082FA000-memory.dmp
memory/452-648-0x0000000007540000-0x000000000755A000-memory.dmp
memory/452-672-0x000000007EE90000-0x000000007EEA0000-memory.dmp
memory/452-673-0x0000000007780000-0x00000000077B2000-memory.dmp
memory/452-675-0x0000000073260000-0x00000000732AC000-memory.dmp
memory/452-676-0x000000006FB40000-0x000000006FE94000-memory.dmp
memory/452-686-0x0000000007760000-0x000000000777E000-memory.dmp
memory/452-687-0x00000000077C0000-0x0000000007863000-memory.dmp
memory/452-688-0x00000000078B0000-0x00000000078BA000-memory.dmp
memory/452-695-0x0000000007970000-0x0000000007A06000-memory.dmp
memory/452-696-0x00000000078D0000-0x00000000078E1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/452-709-0x0000000007910000-0x000000000791E000-memory.dmp
memory/452-710-0x0000000007920000-0x0000000007934000-memory.dmp
memory/452-711-0x0000000007A10000-0x0000000007A2A000-memory.dmp
memory/452-712-0x0000000007960000-0x0000000007968000-memory.dmp
memory/452-715-0x00000000733C0000-0x0000000073B70000-memory.dmp
memory/5424-719-0x0000000002E60000-0x000000000374B000-memory.dmp
memory/7152-720-0x0000000002AA0000-0x0000000002EA4000-memory.dmp
memory/5424-721-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/4988-722-0x00007FFCBCCD0000-0x00007FFCBD791000-memory.dmp
memory/7152-723-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/1284-728-0x0000000073870000-0x0000000074020000-memory.dmp
memory/1284-730-0x0000000002E50000-0x0000000002E60000-memory.dmp
memory/4988-731-0x000000001B150000-0x000000001B160000-memory.dmp
memory/1284-741-0x0000000005CF0000-0x0000000006044000-memory.dmp
memory/1284-742-0x00000000064D0000-0x000000000651C000-memory.dmp
memory/1284-743-0x0000000002E50000-0x0000000002E60000-memory.dmp
memory/1284-744-0x000000007FD10000-0x000000007FD20000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eab184b06f43a209b095d39644b36f37 |
| SHA1 | a6edfac943c2de5fce297942be7ad203d5b1df56 |
| SHA256 | f99bb9894f1be4eadeafb7ac47e075b5c1ce7a834be03149adfd1f2ab172e67f |
| SHA512 | e3f151fb3c4842abbbb52741cf5b2ec50e974837d584dabc7d91cbca02bcfdadc07995d4519ecd496fc60ddfd4f3735fc44ae9a75016151c8315ec41dd0bdfcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4e54b1ce604395ca3646e1522f2b442b |
| SHA1 | 6e72284141062740a6b1f89509112e633523933d |
| SHA256 | d37357d515cb47309157147e6b8bb9cbe1ccf123c6f0d96d99267a3c8972426d |
| SHA512 | 5abfad562de6565ec68a4af5a4c53fb528b29c64fa05f0e3ff46693df33f7cb2c6d19bbabb298d8068eade6925f225656e4a3ffae67d927549a386af5ccbe7be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591ce5.TMP
| MD5 | fb21a6b70531c0f33c2c86d0cd62fd53 |
| SHA1 | aef0423a063ef9b1019a35f10a9c804bccb83a3d |
| SHA256 | 6e601873a76278e40ab0d2a19d2bdf22495e272d171ed7ee06fcc6cdeca12349 |
| SHA512 | d3941823a30fc4c5e82ca7192453a17dc12e8a6c7840b73200084c303327c2fa2529e1b9384fa4b2a0bdf556523ce853a8440e335c120522db387cae9a4b5589 |
memory/7152-818-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 85526d5c065c58d6f3540c6e044b41e1 |
| SHA1 | bfaa2c8cbcab5ec260f438a5d9f863ea6653c5e0 |
| SHA256 | 2dc6e1fb15bf147742fa9a6572ef6058a45582d4ca7896775eb320c696d3b037 |
| SHA512 | 2edf91b50cb0a8afb4106b171610fb17c909ce7ff4820ea20cd6f48553fb3a848e311eaa592e6975a2eb8580b2ee3d6735bd9f83a20de55d8663c7899da5b931 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592a71.TMP
| MD5 | bbf0d0a575bf858d8d9db59b081143e1 |
| SHA1 | 9e3be8a120fe838b16879bd0522642f8f7c949fc |
| SHA256 | 53701f82a03f62824c9fd81cd852a7a6455815626968bc5c9427a20c5e4a85f6 |
| SHA512 | 3696b9e451f9571f7399b5300dee9a0c41c3fd8402e3fb78651905d299342aac94085b7d570273c053fca2c298e32ebe366cf7173e250cfda75e32bd635cee0d |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/7152-905-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 191cd87d59bcfbb734fca7bb92bbc245 |
| SHA1 | 30514c4b000361fe9319ebbb84d5cf93b9b0a82f |
| SHA256 | cf07e157a37761abad2d2ccf9385f5023fca4dad5a3594c6832274a1b5823c9b |
| SHA512 | a72b2bfe8e6ba1fb307f4d89c1a38070261d315d36f12726c22b77fa90171fb28d6f62b112dcaad521aa09e89990ff810c363fa79e2e75b48329ddded879dc4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89802ad04cff2b3087521ec6b496bdb1 |
| SHA1 | 7b7c4ab2818a571bda9f056b09e2060c736c407c |
| SHA256 | aa9bf1e400ef54fa843d14a78010a0a4d772fc5e716eda00e8513b7894440dad |
| SHA512 | f40f8423cd0bb65345342443ffb19686373658ba2e77ae8cd0ffc200d38befbb8f00647785525b94ceab8abc7d6bf94c998d677d3e283f7387faf261a087330a |
memory/6336-1010-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 1e450129c968afdf540b2202d2d999dd |
| SHA1 | 4574b6440b074d4ab92dd8b85cb62e8e51733a30 |
| SHA256 | 50c5e54cfefb45f1537c13155d2a8f69f2ae386b45c39967370d994b3eef2343 |
| SHA512 | 5e51fd4009ec821b63d8b529fbb4216b2985cf8c26cf8bcd51d2d5caab922701cbd969e8f59ee6923ce0a345417de4bc7f58195aea863f392b6ac35fe7ee04a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70574371a1db62d5e7f925c92d310ec6 |
| SHA1 | a10f17d4aba30995eb3d78523f6d034d8aa7ab34 |
| SHA256 | 789579bc7e2dc305e13ce8f843c957ae8d585ac6d2cda00c653c1a73113e2c35 |
| SHA512 | 9a975fa50b2a1cf80f8d782aa0c43d924f4fc3bdfb416e6eedb0dafd88abfedc9e1393b5008e6b682b624da80c35ca1157d4fc75a75322a9da8b18447d7f8c52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/6336-1107-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 385b7a99c0b087da3aadc41dd6ac5091 |
| SHA1 | f038822b0b6a79515cef4e0cae9c1e94ea86daba |
| SHA256 | 69ab76d8cc1a6b3f8fb7ed9acea251ab22c0e311c27f27fee1ccbe9ef581bb2d |
| SHA512 | 01777f352e2e8c81128d807d90ee6d98aa848c72a067e9b5c759fb186d67e5cd541f04291cadcf0dca92dd47cd8ea851c0a8c23e94497aa5ede771ab2c2c56b4 |