Malware Analysis Report

2024-11-13 14:08

Sample ID 240227-bydhaadf5s
Target https://modaur.xyz/?HxpoXefjmM0V9t24hJ5unilgcsQ8ywYrDbCEPOqaT-I9WjAEPqROlY6BsvD5gVUbzcX3Gk-hyoxvzW8QqRJ9K2Xg5iEYu3SkpM
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://modaur.xyz/?HxpoXefjmM0V9t24hJ5unilgcsQ8ywYrDbCEPOqaT-I9WjAEPqROlY6BsvD5gVUbzcX3Gk-hyoxvzW8QqRJ9K2Xg5iEYu3SkpM was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Drops file in Windows directory

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Modifies registry class

Checks processor information in registry

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-27 01:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-27 01:32

Reported

2024-02-27 01:40

Platform

win10-20240221-en

Max time kernel

436s

Max time network

455s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://modaur.xyz/?HxpoXefjmM0V9t24hJ5unilgcsQ8ywYrDbCEPOqaT-I9WjAEPqROlY6BsvD5gVUbzcX3Gk-hyoxvzW8QqRJ9K2Xg5iEYu3SkpM

Signatures

Lumma Stealer

stealer lumma

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133534712014867884" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2c28277c1d69da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "137" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1520" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 30108b9f1d69da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "751" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 641aec8b1d69da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\game3rb.org C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\game3rb.org C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\game3rb.org\Total = "151" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 59c3f18a1d69da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "262" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\game3rb.org\Total = "137" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mediafire.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "202" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomain = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9c178b9f1d69da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\!_Files-PAsw0rds__9884.zip.np7uart.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2608 wrote to memory of 4184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 4844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2608 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://modaur.xyz/?HxpoXefjmM0V9t24hJ5unilgcsQ8ywYrDbCEPOqaT-I9WjAEPqROlY6BsvD5gVUbzcX3Gk-hyoxvzW8QqRJ9K2Xg5iEYu3SkpM

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbf80c9758,0x7ffbf80c9768,0x7ffbf80c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1588 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1576 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4876 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3788 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4916 --field-trial-handle=1824,i,2323810896571629420,6366795980011995188,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3516.0.1725528786\1314646286" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9020080-7835-48a8-8307-1039e7d5db9a} 3516 "\\.\pipe\gecko-crash-server-pipe.3516" 1764 236112c0c58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3516.1.612357370\1336606814" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31258665-5a48-49b5-be30-b4fba0921498} 3516 "\\.\pipe\gecko-crash-server-pipe.3516" 2120 23610c3d158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3516.2.451701802\413244504" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 3024 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac0fd066-b65d-4c8c-8a38-f3c8d9d72b68} 3516 "\\.\pipe\gecko-crash-server-pipe.3516" 2932 236153c9958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3516.3.251328752\476924308" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ff2d79-af7a-4487-ba20-99a3574f4063} 3516 "\\.\pipe\gecko-crash-server-pipe.3516" 3516 23613c0fb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3516.4.994258276\761730989" -childID 3 -isForBrowser -prefsHandle 3984 -prefMapHandle 3992 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00dcc1c4-e7d8-4ccd-b948-235ba348b205} 3516 "\\.\pipe\gecko-crash-server-pipe.3516" 3652 23616f78158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3516.5.2013127267\1473953478" -childID 4 -isForBrowser -prefsHandle 4748 -prefMapHandle 4476 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {690e9946-5a59-4c72-824e-ecf513e0139f} 3516 "\\.\pipe\gecko-crash-server-pipe.3516" 4760 23615335558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3516.7.1686419920\420542635" -childID 6 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2300fc4-9f80-4231-887d-45bbb42cfe29} 3516 "\\.\pipe\gecko-crash-server-pipe.3516" 4760 23615334358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3516.6.1626038326\1692695301" -childID 5 -isForBrowser -prefsHandle 4896 -prefMapHandle 4900 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28b26d50-2243-4573-8297-8f6729446188} 3516 "\\.\pipe\gecko-crash-server-pipe.3516" 4888 23615333d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3516.8.1045702321\1641784236" -childID 7 -isForBrowser -prefsHandle 5516 -prefMapHandle 5512 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {168d0a36-e828-45ae-94ca-7d7a1b2d03ba} 3516 "\\.\pipe\gecko-crash-server-pipe.3516" 5536 23618a05658 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap30299:106:7zEvent24651

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\" -ad -an -ai#7zMap23544:136:7zEvent926

C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe

"C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe

"C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe

"C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe

"C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 modaur.xyz udp
US 172.67.134.87:443 modaur.xyz tcp
US 172.67.134.87:443 modaur.xyz tcp
US 172.67.134.87:443 modaur.xyz udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 87.134.67.172.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 172.67.134.87:443 modaur.xyz udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 44.237.149.213:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:50064 tcp
US 8.8.8.8:53 213.149.237.44.in-addr.arpa udp
N/A 127.0.0.1:50070 tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.22:443 login.microsoftonline.com tcp
NL 20.190.160.22:443 login.microsoftonline.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
US 8.8.8.8:53 game3rb.org udp
US 172.67.166.6:443 game3rb.org tcp
US 172.67.166.6:443 game3rb.org tcp
US 8.8.8.8:53 6.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 t.dtscout.com udp
DE 141.101.120.10:443 t.dtscout.com tcp
DE 141.101.120.10:443 t.dtscout.com tcp
US 172.67.166.6:443 game3rb.org tcp
US 172.67.166.6:443 game3rb.org tcp
US 8.8.8.8:53 cdnstat.net udp
US 104.21.56.41:443 cdnstat.net tcp
US 104.21.56.41:443 cdnstat.net tcp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 41.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 2.19.169.32:80 x2.c.lencr.org tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 asjjlh.cfd udp
US 104.21.53.149:443 asjjlh.cfd tcp
US 104.21.53.149:443 asjjlh.cfd tcp
US 8.8.8.8:53 readytoga.click udp
US 172.67.200.71:443 readytoga.click tcp
US 172.67.200.71:443 readytoga.click tcp
US 8.8.8.8:53 149.53.21.104.in-addr.arpa udp
US 172.67.200.71:443 readytoga.click tcp
US 172.67.200.71:443 readytoga.click tcp
US 8.8.8.8:53 71.200.67.172.in-addr.arpa udp
US 172.67.132.237:443 threshapab.xyz tcp
US 172.67.132.237:443 threshapab.xyz tcp
US 8.8.8.8:53 i.ibb.co udp
US 8.8.8.8:53 static.mediafire.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 code.jquery.com udp
FR 162.19.58.157:443 i.ibb.co tcp
FR 162.19.58.157:443 i.ibb.co tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 151.101.130.137:443 code.jquery.com tcp
US 151.101.130.137:443 code.jquery.com tcp
US 8.8.8.8:53 237.132.67.172.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 157.58.19.162.in-addr.arpa udp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 172.67.132.237:443 threshapab.xyz tcp
US 172.67.132.237:443 threshapab.xyz tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
GB 172.217.16.238:443 translate.google.com tcp
GB 172.217.16.238:443 translate.google.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
GB 18.172.155.21:443 cdn.amplitude.com tcp
GB 18.172.155.21:443 cdn.amplitude.com tcp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.155.172.18.in-addr.arpa udp
US 8.8.8.8:53 190.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.180.10:443 translate.googleapis.com tcp
GB 142.250.180.10:443 translate.googleapis.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 35.160.198.38:443 api.amplitude.com tcp
US 35.160.198.38:443 api.amplitude.com tcp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.198.160.35.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 142.251.173.155:443 stats.g.doubleclick.net tcp
BE 142.251.173.155:443 stats.g.doubleclick.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 download2350.mediafire.com udp
US 199.91.155.91:443 download2350.mediafire.com tcp
US 199.91.155.91:443 download2350.mediafire.com tcp
US 8.8.8.8:53 155.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 91.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 technologyenterdo.shop udp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 118.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 253.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 126.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 172.67.147.18:443 associationokeo.shop tcp

Files

\??\pipe\crashpad_2608_BRETKJEFJUNZUTOQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c97de3c8-2e46-4dea-be1c-2f2fc34099d2.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 234a84bffbbcde53b34d1cb4ec9417bb
SHA1 aaf9a315d14bbfd5d3cfddfc2383a818b64fa7e5
SHA256 7b4a43ffaa6ca7eda4a1368e757d239e948632c37224ce394c309b4db77b2458
SHA512 f0778443852d5c9c9b2c191c08b4e6fc9da380dc81c71b8ce568c765a68f0f38960bf15012d4695a696586d1948692a7431aa753e0265aac5d73af10115a1374

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ebd60cc37bac6fb45b548392d8e3e02e
SHA1 6f664f4b3f757fbb6ab19a133422c89ce01d9fa1
SHA256 414d93bf697b72b1ff7551cb539b6d4ebdb025e2f22417caeace78fc385c8eb4
SHA512 a669bd3c5f39393b67cbeb326824680940fded90f7816b18a13f865cadfcd871194dad1f34d280847d152b89443afd5b06ca7bef285e5b3f0cc819887608541c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b545dda3d9ed010f4bcc539c401630b
SHA1 9ca3b203db92ff3556d72d2244e9474ff6946a3d
SHA256 6e47f01e2c8b2ab77b6d707eb96c61343fde266f563ff4b3218883935f132f24
SHA512 43ddfbba230739eed20be58a0cf8a622189d07b3ddc8cadbf093d7c396ece62e6909e0e22709ca836c26db1f5a7c4e55078caa08e09e4c5de51fd8735c677581

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e872a4838428562260af926bc5d34b78
SHA1 91b1ef33449d1e4cb10efffa71cb9d4fb34af91f
SHA256 7ad39bd7e4395a6088305594891556246ae0558ac1cf67f4f1f3e6cad684dceb
SHA512 c44a31e6265b6037543cfb43b84a6d79a999e37ff5b3011349a7f6cbbb6ed61a38b4bd0135b557f737dc8602a8cb0f198ad8600d6a6bd0eb3afdfd3793fbb917

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d8da46bdbcd85abf5ca0437eaa73541
SHA1 d144b9c1335dfdd5bdae31fc944596e5f8ad1579
SHA256 0a099982d8344fe44213d965d68e9eab1e23272a981f8bc6fb9a7e2d7a8bc027
SHA512 222c0224311fd5d3e436d117ed1e54032b118b6f04d240a6236087bda6453e0a22080bc4bd51af6ae4dfd27730cf77ade4f60ccb06ea049d4a8941574b7712d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 72b790f16832bba99c97d58a2c1a56f2
SHA1 0353287a570a70476173af6f36bf80c1ce5c9764
SHA256 d0bc0f8a00952ac741f7c1549877d8d1c8b8d371afd4d6463560497a7799ca9e
SHA512 5bfec368442513f2383b7666efcfe59e1e100ae5552e1be56614cfe0e6c071f4d2761b7a086d1ab4f11b5229c202278358fce7d4211a757a3536c0ed50b38816

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 873734b55d4c7d35a177c8318b0caec7
SHA1 469b913b09ea5b55e60098c95120cc9b935ddb28
SHA256 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA512 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 224492afb5393286faf283f9841dcbb8
SHA1 4bb37bb76cf6be193681edad9dfc183f41a67d36
SHA256 68d1d5720c09a9e6113cf8b167544950a6ffb71e96b15cb9639f366b3f7837dc
SHA512 d791adf82510c1ebc7e9b4e58dfcf9647c651f387a98f8837be160807f820f64622258028bb6b407337cc75a6b8ea2dcd45c34c57c9222c71fc1163e42b8007b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2c20ce0a-2828-4904-813e-f3030be141d9.tmp

MD5 5956ebac5b6e94e4297a925ca5e92241
SHA1 fa5f98a849b1c19657782e210b30b30cdc597954
SHA256 3c44904ac29c18b20ff2a9fc6d456fc5515c3e65cc0e406a340bbe4b9294420c
SHA512 dc5cc796477ab04be57f6de061bbe25cfed485f4680b4aa1af69a3fc17f46f265c59080a5d0a054bf1c9eb67d3feb1ea62dd14b0574ab08258209d6d086a2254

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8288d30f899c7558ff24272f76447f9
SHA1 be9d4b0a8290928dc0e9bc0711a2bef422607eb1
SHA256 172a65e89490669666d8d68243afa88de42074c10c3a1271be9331c768aa21f9
SHA512 cb4019d0490050d3616c53e2416a53ea307e182bc9ee6b148a039553399da0fd1efe47a5b730e654ee6c62b70dfd6c92065eb8ad617f628038895c0c7d962aa9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 17b26bcebe1e9828c6ecf060569c8a91
SHA1 c38244e2ec42d7eb016dc1bee9bb091ab85fe37b
SHA256 dda7cbcfe4ce3000eec147efc794f92b54f2d3146b3ad7663e258b651b4841cb
SHA512 5d76f38819b6d6b2d25e1f2a83c1d847a9828be2a8cc4c430c84cfd22abb9ede6ba692544b9d6f8b07ecdbdfcd2799377847f5b32e633ddceb2823c894aca400

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3b54a3d6ef0820ac70b94d79ec74971c
SHA1 2fb264d576684c35d0a158610701d25c06cfdb1b
SHA256 815fc77069a70e0c27a71f105138d31b8689f8d5d2c6a15fdde28ce19fbdc4e7
SHA512 1616b7db2068508828b6246507502d4bdbb4f8bce762c057517287b5b3d0b3b946409270ed7a2da92d541999404cb73ff9bcf4fd490859d4a2e12825fe75a55a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 484145c717b797f5d77f4399dadfe0a1
SHA1 6789832b319b08a3d4c729beae7db755ea444b79
SHA256 c091e92b7420508b9c6495d9bf51a300bc5feae97575b04e67832c22a95ea7ff
SHA512 2d85030d8a3230fd1df1e48bd80d503e0f1613cc598458cf5c3df0b9c15d75ab8c5943b2d358068d24c07ac38fdbe9fbcd58ef9623f395651847f5b26a3d90e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 933654711f10a6475981fb054e704e45
SHA1 cb6a03adb7fb009f49d083fba2edd26030128e87
SHA256 be3f8f6c83550889b9992668b5cea2ad7270b839842831611d022205399fe89b
SHA512 6faaf29dcdc67b8ee2d08811c1749c94df1cd634e89026afe935d8e19c3450f21ba777b27d38e9494e0c602575a2f8a3a789d67758d246490e510c9429c9b623

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5087788ce89bc81909df4d9074dbaf54
SHA1 250794733bdd9f6487b84986c528752fba2d8847
SHA256 46ff6268c54a20218a84ed8c117009e45ced9e2cf7bde7d5df10368a588485b6
SHA512 63df6fed339923e1786312c2e19ea485cc67af7fbce76f728816d560e6d01c88aff4c7528633d20451fd910c9bbae4457e77fb05226df52048fc1edda63222c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 709cb18c0d50b16d7725d627b6efc7f1
SHA1 d7234cd8af3ed5dce60e0a2594976cb573bea6d8
SHA256 183435dceffedce149ba520d6ceba1f6e3bd679eed70d473b34616b7bb509a6c
SHA512 1c8b295b1dc4252bea631dbe9a2922e60e8a7baee3b7c4f2ef2267a874a7b480d4447a287614e4bfdcdddd10f73409157ea70b35b25548882ff6353d69b5162f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\pending_pings\40186167-8245-4a59-a2a9-f5ad7ee8edda

MD5 cdb822f19143c8e77c1338104b553e99
SHA1 ace2391fad32e9914e266a69c14b13c2f0268fad
SHA256 9cd068a03373fe099c25d8425bb37d4a93ecc4a2f6d980a0994f9ddf7886ac04
SHA512 e2d663c49ed15813a11517231b893be12b5198b7142edcecde4a84fa9f74fe2283f3da02957afd42570efbea87f9dd68f2c992ab4b41b52d70474f93a23e84db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\db\data.safe.bin

MD5 7fff463bb043db829f6754ebbfc3966a
SHA1 6808a20e85693fb3030c50abc21dc15039567d04
SHA256 b8b44eeb6c6d17c2fe7ec8db1ac72b8e94e03d9b74f9f7fbafd11879a8d60650
SHA512 dc0e4f5a3ddac16efced11209fe22e1a86cf8ac872eb2349844783a7c60923532baa374de576b97d683dd9e8d370aa09df8e19396905beb92c38d9575a078695

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs.js

MD5 335155560b8e824c96b2200513e07a12
SHA1 911666b361eff7ec13d5f45e67f36a708eec0f30
SHA256 731c4a543563d9434dceb0d971411e74f94d3a995fd8ecdae5e1f3f4ed1d023f
SHA512 97a14f9e6c02bdeca8a6b7d2fd202b9a3304a4fc4d2bb4ef29a6f06fd7f7b6a1ce55425c89739247729609d9b6f0f123d9bbad51d73323165e0c12b6e31d5719

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hcue34dg.default-release\cache2\entries\569C61B7C5AF4CF1CD3C872D4AA55B34BC2D473F

MD5 4ad421e81142ee12415d5b4330003118
SHA1 25f0abd2a27f94ba0cb83c65eef127ee7adb19a0
SHA256 f31e874317255cc18d4cf8e89d1e50e22fea4d8bd02511f157894ecdabdcbc68
SHA512 43845bfc31565f69eafc9955be6828287f75eeeabf2f48efd93767d4428d818dc2a44f664833e1c94a869d1af4de716ccd6f3f25e8b44254c713f823777fbab1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs.js

MD5 da38b4b04cfa5667dca831bdef0484bc
SHA1 fc59483b223ea2443090780f7a6497f8f07dc348
SHA256 b60c1287e18f2ebc7cbab926ef29f9136c589b717c30cfc66720c662e7b9ef75
SHA512 b8f1690ff4d08016520fce989209147b2aa4357b94f5ce5091f8577e8d57b2c045939d8783d532815772fe4b11222a96c3dc2e1370c7008fc64f9b53b3bc6fb5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8c1d2c4fe296a102985a8c613be31e47
SHA1 d92ca3e7829734125e29255a55c3201b55d16d09
SHA256 126473a0ffdae986951c90540d5ccd257d8d47ca95889e6b799a313d5b283371
SHA512 ba3dfe6acd1adc8f0971541fdd90acc32124aa8eebf38526280f5ee4285b28595bbd3b8d94f8f3d4db34f56fd743714f0d60cd81d075976e6a202e8f511ecef7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore.jsonlz4

MD5 c529ef0c3c6cf58bbe936c5f4876bb3d
SHA1 35fd62d898125455a5c252b73c3b33965e934230
SHA256 9d383f1ff0076da60818f27256b6fb7b2690a490439806bf38a6db0e2e92a359
SHA512 2825651dc809c3c0ee6a4e17655147ddc9d4c3e4db5abb2ba7e3ae3369c418d78034a611e04b05c6cb8430654229d8a974f56d6cda8028566e0b0b481e449cf0

memory/3936-482-0x00000294C1120000-0x00000294C1130000-memory.dmp

memory/3936-498-0x00000294C1220000-0x00000294C1230000-memory.dmp

memory/3936-517-0x00000294C02A0000-0x00000294C02A2000-memory.dmp

memory/5104-588-0x0000027AD29A0000-0x0000027AD29C0000-memory.dmp

memory/5104-625-0x0000027AD30A0000-0x0000027AD30C0000-memory.dmp

memory/5104-659-0x0000027AD30A0000-0x0000027AD30C0000-memory.dmp

memory/5104-804-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-805-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-806-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-807-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-808-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-809-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-810-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-811-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-813-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-812-0x0000027AD3060000-0x0000027AD3080000-memory.dmp

memory/5104-814-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-815-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-816-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-817-0x0000027AD3060000-0x0000027AD3080000-memory.dmp

memory/5104-818-0x0000027AD4200000-0x0000027AD4300000-memory.dmp

memory/5104-819-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-820-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-821-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-823-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-824-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-822-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-825-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-826-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-827-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-828-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-829-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-830-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

memory/5104-831-0x0000027AC1B90000-0x0000027AC1BA0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2YWSAZTB\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YO3RWYDM\Y26LIcmRz0EdnBtSjtN2P4pbrp4.br[1].js

MD5 b3ca28114670633e5b171b5360bb1696
SHA1 683f2fb3d4b386753c1f1a96ede3ca08547f0e02
SHA256 a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490
SHA512 bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UR81DVRJ\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

MD5 9085e17b6172d9fc7b7373762c3d6e74
SHA1 dab3ca26ec7a8426f034113afa2123edfaa32a76
SHA256 586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d
SHA512 b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

MD5 4c14ff980b61031e4673897f9d4a60ee
SHA1 61448e20d3f96acc111057c6f35152d0ace99f3c
SHA256 b96aba61bd9d96365b937b75a90d4deb45447a0edc679139dd43618bc21bb13f
SHA512 8b9c4df0f41c64bfb823fcb0e9187c904724fe9b5ad4a7822cae54e3d2edd22a507fb05dfe097a91f4424ceadd331e8124795316a4991a23831ebe1a61dff229

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

MD5 4551afaedcbc99a476ff7e60b2d80fc7
SHA1 0c10a80735b3a5a07c2d5eff69859b8a8cd4d2b9
SHA256 1bdb6514d810dd35c8a7d747b33447770c657e171faecf2a5f0914fbda5f2c3b
SHA512 7ebcb756ad437eb7218993aab8692b48daa57ae8e1d19f92279a165b69f1ef708826ee22aebf747fa2b2993b641f3667749909fe8b04645c193ff15d0e3bf1c3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\00L2HDJP\favicon[1].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RWKUDI8R\game3rb[1].xml

MD5 c65494d88ecbfb184c3cff8f111af6e9
SHA1 dade75d73e1b043aad48d9d5ad6934247360f81b
SHA256 7fb91d9a43f1ef3c32e89a41a0c022c4c9cf4a1f1093a6ef11eb3b25f7b07353
SHA512 c604b9ae05ae40c061251e2ca1f8904a11bcf21c900d698d70addad8975d77a4436ef0c3b051ed9c36331fc632d75ea6cb3c470e4be95ca8d6095d99e891de9e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DDGB4VKW\cropped-favicon-4[1].png

MD5 5676e8244ae76499be6b3103b4919034
SHA1 558032463812518f325082b388097691a2dd1f8d
SHA256 c851c3698015e986988f6b0ea6c9c22ba023bf98b3e83ec58d408514c6b2a2ea
SHA512 ffa344f4c3764ca881bc78e8f8149119440142fc6138c2710e46971e0bc5c144fb3550637b0bc08bc79e03fd87b4364165b17805297d1fedab740f565716f2e7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NZZSGF9\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 a769686bd68c2d1dcee1cf36a9167fe8
SHA1 ea340452f3058bfa63f4dbda8568d0184ab8ee60
SHA256 c42930b790bdc2548a16f055c559e9753bc1d15c8b73d17eebfc262ba62f1970
SHA512 70d44acc404d53c4ce11253be6b85657691a39c6e9241888e156c0bc9ade5025ab9075480a907879c14b59e508886490c07b1d9f0c7a25d025bf9c97a6d1eb80

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 dc61965f8af7067b44d9ed290dc0d773
SHA1 218c60c130c96373eef7a9ff84892eff1221908c
SHA256 44ba181586dddf15daf8d7ed409ddaa2dc66f95aeea5bd4c420ce693f311f516
SHA512 99e1c8441ac2f107b6f5322a0115a50a51bab4b36b90d258f6b01405015e888f1f812bdbc88efe7c86c165cf27cd74a8dd2f7578d130b9107ec9a0fb0fc34932

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2b282e44ef49c44139fb8f0f1247f256
SHA1 3052e8a9dcc6107b14f92c7d69f2587ec0caa738
SHA256 4f95feea61e482c08dbbbf8e6cfca3c935a968e9386f0f1ee89cc861836e4337
SHA512 66d11b38dc583084a741cb22033822481179db89caa84ccb3cf046ba25793477008a872af1c332b9aa6d64837bf573a467e567c0fb3e1bab60bf62155297acff

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 92693fe0b1edf1cb5f175f6699639dfc
SHA1 f9d011267d1058c4582f6a3e8500c2a75249acd2
SHA256 bf0f163eaabcda28f2c5db32b40539c80630053d009b786721a9eddca782fd30
SHA512 44dd86cbf201441e2ccff71d508b2d0894f4885762a99c844ade51624ee3a4c027ae47c7475bb015e3f90031fd11ee847a2ee25514d4277d5de1f98824d8595c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 28e9be1f197e683eaf0e4714021e5197
SHA1 f8b1b3d0303252221f0d5e5698b959789713d2c7
SHA256 236508f9481ebb532a5e30b6c84f33bfc88d98eb8b6155bd35411dec2ddc2306
SHA512 f157a866dfb45b793cd8e0433197a9c28f8bcc5567a475ab5b37ed7e90f23dd229779d2b4733d741a702ca40d0f6ccae74a872e0cb34894a2c99a705f7f646d9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_91363364208F5CFFAABFD122AF4FD6BD

MD5 78bc6418bd1834c15feb54745185558a
SHA1 96010133ee77632516a6fa5502b46fe4c24c6f54
SHA256 38d5887d0a211d7d67eeca4b99d595703510673dbe8d54e43a5cf880cf5112df
SHA512 e47ddb11092787f51d1a8a51f1359aa7a2491ebcbdf8b009faefbb818d978ad15d8af1c4ad85a46461e5b7a4487c2f58b593e77616d762ff3bb5ccdcfcd35f8d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_91363364208F5CFFAABFD122AF4FD6BD

MD5 64f931f66e5a17733cd5948cfc9cf6ca
SHA1 a5cde493db8b980faf3a5955235dde9a655fc7c7
SHA256 0e786a712515a7ecb81b5beccb6a7a5567110079fadadb57cb8daa730a530ed6
SHA512 ad2c9600f53612cd3fb8dec80385d133cc807a450a218f5c9b53859fefe3ee493dd41871496b95af118f5f6b188adec1f1625527335679bf133eef6c671b3d85

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_BBC8EE443265F117ED41E23C259776AF

MD5 e6c6da80af4274765ddc7bf272944e93
SHA1 0c37f47569c0c1c20bdc87f73e32c21f30f18b4a
SHA256 46d18eadffbd3800a827509830cd3f0d4486e7955c87dd109ef0b056a7c703ca
SHA512 003fc40648c55edb9d443f3f479e030779f98619b9ed08e31d3dfbfaf782181547d40f18e96fd6ffe70677f84b1414fb7575c6b549b216371e1f26b4be805f98

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_BBC8EE443265F117ED41E23C259776AF

MD5 936e930ffb026b3366c09b2a3ad5d1d5
SHA1 b1e450f66e0abb9396a10541e27b26d506fb7bc7
SHA256 090157b7bd1808b7246422013abf00e77617fc27a6b0261bf5fb334e8347ba02
SHA512 f0a04e871b5a598a909a57de9cac9174a3a405ed3dd8e9a9500653fa7cc61d47df37152cb14470439c4adab6e6f81a550613287fd4645fcc82d4d9f95d151d0e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2HSYXL63\www.mediafire[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2HSYXL63\www.mediafire[1].xml

MD5 50016cb3eaf1a5c17419df05690cba08
SHA1 7d81c4ce4d57f0901cdff5ccdf58a5f186ee8526
SHA256 2b84b7fa5ed7656b82913fd23acf2f0a5bad4211c0f2a821e4d6edf5ad5e9cf4
SHA512 1d6d836e8e2f187c3aab3ea75024e51b25c1482483d0c14a8100b1d6899ae27aaf06e5bc8404f72814ab28b2545fca71982620b4a919a8ee556d5214e9e9de56

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\337neep\imagestore.dat

MD5 37c15f822d12953ffc6d40965932fd8b
SHA1 a8d5691af7aae555be576ceb96689cac7c3a0717
SHA256 ad0d13c0f2d44d2ebca8cc30a688c2ebbd1e53ea493b141c495dfade92a4a7ef
SHA512 49e50b129adcddce9e79f46bd1ead6963ffa22ad46c13907c5f6afa158fb70746a2e73cd1aadf90d4a8c86b146c43fd67d0835d5a2024acba07db6118bc091a2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\7XQY3LQ6\favicon[1].ico

MD5 a301c91c118c9e041739ad0c85dfe8c5
SHA1 039962373b35960ef2bb5fbbe3856c0859306bf7
SHA256 cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
SHA512 3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBDRI2WP\!_Files-PAsw0rds__9884[1].zip

MD5 634097232e1ad91e5468f7f8525e519d
SHA1 6a46a6b8f8641aceaf1969860d4341ec4b4165a1
SHA256 6198e8512fd7a03e17491104c343af7d49c03cf3347f74799438698751b610e5
SHA512 2195af1d6df2d927bb28bc3903356266601fa04f5574878aa2c40f43367296f400868ac7cbf27522bce44cca936cf99c549bf14bc76c0b4b4d4d0ef5408e501e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2YWSAZTB\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\Downloads\!_Files-PAsw0rds__9884.zip.np7uart.partial

MD5 8c26b8f670917f755753d1601d7ace8b
SHA1 35c1c917ae44d979954b4506ab64187fe5ca9d03
SHA256 d23b5515fa03250d000834ed6e37b30b4ea208ada2dc8bfbe0e3c36882b5ba62
SHA512 dfaa2e9dc590654d7ffc09f9b0a94d22812a84cae34c66cadabfa4785acfadd941054649e51a4ed0bd2048b73d9b6da09b39707eb691cf5a4ecbc6028a5be603

C:\Users\Admin\Downloads\!_Files-PAsw0rds__9884.zip

MD5 d1e234e3361ca30d8e88bfee800e9edd
SHA1 b1008a6e9bd5ee300e59157a06b9dc2aa516b9ba
SHA256 bbca23ce68f1edf153f1d866c1456c0d7d756160e8bae38e3074c1471c4f7f36
SHA512 15275463e459a348f87775b0784701119bc127f844273932c3f72efbe1c4c6a201e43088c3f2452baf3e2769cc959ec299075124a3e1fbfb53a2e078b7163a65

C:\Users\Admin\Downloads\!_Files-PAsw0rds__9884.zip

MD5 8b6dc0ba8b5b0325a7a2863ea90284d0
SHA1 328594ba44bc9170b85a57156c86debe92768949
SHA256 c2d21cce406b014b22a8b3cf57f0106eb656d4e7f0b5c749b27632e91515d5b9
SHA512 19163289ba3269de932fa6598778dd038758989ae732795a7b24a82afaf0bc4442f44feafbd15eed3083cd10fec5a66051268943cc90447bd1346f90b188b674

C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884.rar

MD5 a2c2a62ce707582fffa0ad580ca103a6
SHA1 204258abef2ba9ed5a227d44328606c28d3c0e8e
SHA256 784e2138fd7a50e716855c606c46d63f2deeab2e01cbf77615937b71c62951db
SHA512 a433c7614461676f41a5ed4adf8602d8ff5da15de64eca1b3032cd80b7315a3b5adeb747c5b6e00e43df3403a4b32b2bf989e2057f4432817c6532a1ec30ef9b

C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\Setup_Full.exe

MD5 ae224c5e196ff381836c9e95deebb7d5
SHA1 910446a2a0f4e53307b6fdeb1a3e236c929e2ef4
SHA256 bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26
SHA512 f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c

C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\glib-2.0.dll

MD5 2c86ec2ba23eb138528d70eef98e9aaf
SHA1 246846a3fe46df492f0887a31f7d52aae4faa71a
SHA256 030983470da06708cc55fd6aca92df199a051922b580db5db55c8cb6b203b51b
SHA512 396a3883fa65d7c3a0af7d607001a6099316a85563147cb34fa9806c9a4b39cfa90c7fa9eb4456399977eb47438d10896d25ed5327ae7aa3e3ae28cd1d13701c

C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\intl.dll

MD5 d1a21e38593fddba8e51ed6bf7acf404
SHA1 759f16325f0920933ac977909b7fe261e0e129e6
SHA256 6a64c9cb0904ed48ce0d5cda137fcfd6dd463d84681436ca647b195aa2038a7e
SHA512 3f4390603cd68d949eb938c1599503fb1cbb1b8250638e0985fad2f40f08d5e45ea4a8c149e44a50c6aa9077054387c48f71b53bf06b713ca1e73a3d5a6a6c2e

\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\iconv.dll

MD5 862dfc9bf209a46d6f4874614a6631cc
SHA1 43216aae64df217cba009145b6f9ad5b97fe927a
SHA256 84538f1aacebf9daad9fdb856611ab3d98a6d71c9ec79a8250eee694d2652a8b
SHA512 b0611cd9ad441871cca62291913197257660390fa4ea8a26cb41dc343a8a27ae111762de40c6f50cae3e365d8891500fc6ad0571aa3cd3a77eb83d9d488d19a8

\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\vmtools.dll

MD5 de705a426104a3f6217675cfea33bdf2
SHA1 ffacdb8246ec4291e0eb43539066e0a9264fdd93
SHA256 fb298e80179281cc9e28542179f699012385d107b9f928377ba53c3f53d9c241
SHA512 f58f95460a6cf6560bd288060da6fb7ca74ca4d17a0a79e6019982f29c65ae0c8bb6bb31b92365483b2cacd5f4242816cae3769d57e76682e856a500bb00898a

\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\gobject-2.0.dll

MD5 24a7a712160abc3f23f7410b18de85b8
SHA1 a01c3e116b6496c9feaa2951f6f6633bb403c3a1
SHA256 78dd76027e10c17824978db821777fcaa58d7cd5d5eb9d80d6ee817e26b18ab8
SHA512 d1f14a7bd44e1fc9bfc61f0b751ee6e0677322807ce5621206eeef898bab6c71ef1464962b20dc50f706084e53281a0d4b6d9142c6c1170a1e0a5fe4b12171df

\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\gthread-2.0.dll

MD5 78cf6611f6928a64b03a57fe218c3cd4
SHA1 c3f167e719aa944af2e80941ac629d39cec22308
SHA256 dbaad965702b89c371462e735dd925c694eda8d8557b280f7264bba992c0e698
SHA512 5caf019a6b75ba0330b8d0b60d362201d4863c0f3d70d2a9c84b6dbea2027d09bc8a6433820f28a41d126c7aaa13dbe126b38dc5c6d14a67ddef402fed9d9b7c

\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\gmodule-2.0.dll

MD5 b0a421b1534f3194132ec091780472d8
SHA1 699b1edc2cb19a48999a52a62a57ffc0f48f1a78
SHA256 2d6bc34b38bc0abf0c5e2f40e2513b4df47af57848534e011a76d4e974ad958b
SHA512 ba74654843c5b0f94dfefbed81cbee4c5f360193ef8ea92836c712fbeada39fa8179a51f0849f6c4be23add1ced08f5e25f873c4b0e7533ae647fa2b19b83f98

C:\Users\Admin\Downloads\Free_Setup_New\!#Files-PAsw0rds__9884\monogyny.ppt

MD5 dceb5f3cc51087bc9d71709c5760b0b9
SHA1 d2d4de5ea4811d38c89cbb4bf746d91fb7b57459
SHA256 8356576980467e87eb11711e3ba4d078690ffde5f8525e08400c9d769ae928e2
SHA512 9b83359c49923fba2c2cb368d22e9b584c68bb4da4eb2022e27c7f23598a4e51b5e6d2046d42fbdc17d6c45fd058bf3b5a8cd6f9b4d1661dc63b637acf76d071

memory/2280-3206-0x0000000000250000-0x0000000000261000-memory.dmp

memory/2280-3217-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

memory/2280-3220-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\8f55ebc0

MD5 9ca222fb83fe4e32a6cdfd159babf63c
SHA1 56099d73be09f261acb24755685d6370f27f1768
SHA256 06584d34a387775c3e0f9ad843b316a26928d6cdffcd9611677bcf0c6abfdeb9
SHA512 86a24717d3a8be096522ef6e253859c8d0693f7361f7592c662582061808881ae8b035078d1efd9d5c07b74664abdd91cace4e369d0d107d7f721b2195dcdfa5

memory/1656-3221-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

memory/1656-3227-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

memory/1656-3229-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe

MD5 53aad2e4026c58223f4282f18954b224
SHA1 350ad08ce6d0f7d3e573b7254c18ba2dfbd4e2be
SHA256 be0f607d5dcf558b16910646b943f0e92da29fcb1590b8e5fb69d53f899b2ca5
SHA512 e9a0ba189e9862871235f3d339adb7de77c8c3a6cc574c9e3216b07ab460529befdd543f54fbacc139d071ea9549427402104b1d37cdacec6895af89590f8338

memory/4060-3237-0x0000000000400000-0x000000000040A000-memory.dmp

memory/4060-3238-0x00000000006A0000-0x00000000006E0000-memory.dmp

memory/4820-3249-0x0000000000250000-0x0000000000261000-memory.dmp

memory/4820-3267-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

memory/4820-3270-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

memory/948-3278-0x0000000000250000-0x0000000000261000-memory.dmp

memory/948-3290-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

memory/948-3293-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

memory/1352-3302-0x00000000009B0000-0x00000000009F0000-memory.dmp

memory/1352-3303-0x00000000009B0000-0x00000000009F0000-memory.dmp

memory/1352-3304-0x00000000009B0000-0x00000000009F0000-memory.dmp

memory/1352-3305-0x00000000009B0000-0x00000000009F0000-memory.dmp

memory/1352-3306-0x00000000009B0000-0x00000000009F0000-memory.dmp

memory/4852-3308-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

memory/3092-3312-0x0000000000250000-0x0000000000261000-memory.dmp

memory/3092-3322-0x0000000073CA0000-0x0000000073E1B000-memory.dmp

memory/3092-3327-0x0000000073CA0000-0x0000000073E1B000-memory.dmp