Malware Analysis Report

2025-03-14 22:37

Sample ID 240406-r3zjbacf2y
Target rustdesk-1.2.3-1-x86_64.exe
SHA256 4996194639c099db0d854d20832a64e6629fefa37ce6a01ffd8710ac6c9e2522
Tags
discovery evasion persistence spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4996194639c099db0d854d20832a64e6629fefa37ce6a01ffd8710ac6c9e2522

Threat Level: Shows suspicious behavior

The file rustdesk-1.2.3-1-x86_64.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence spyware stealer

Modifies file permissions

Reads user/profile data of web browsers

Modifies Windows Firewall

Adds Run key to start application

Enumerates connected drives

Downloads MZ/PE file

Drops file in Program Files directory

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Kills process with taskkill

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Modifies registry key

Checks processor information in registry

NTFS ADS

Suspicious use of WriteProcessMemory

Enumerates processes with tasklist

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 14:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 14:43

Reported

2024-04-06 14:57

Platform

win11-20240221-en

Max time kernel

749s

Max time network

771s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rustdesk-1.2.3-1-x86_64.exe"

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000\Software\Microsoft\Windows\CurrentVersion\Run\Skype for Desktop = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe" C:\Windows\SysWOW64\reg.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\mstsc.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\mstsc.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-time-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-SDGUS.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-E0NVK.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\vk_swiftshader.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-VILE8.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-string-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-environment-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-NMH3T.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-47G96.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-76J6G.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-6RF6V.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-filesystem-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-heap-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-localization-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-heap-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-1DCFG.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-552T9.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-K0SL3.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-5TD8S.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-4QU6J.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-O3F7T.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-F2DVG.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-HAONT.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-2TTS6.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-MHP08.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-SOHFH.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-DDBB1.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-KL8HB.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-QFP53.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-synch-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-MJ65G.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-2I100.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-9FOA3.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-048U2.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-console-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\TxNdi.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-JPGRK.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-util-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-J0466.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-3RG4K.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-CJV49.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-6U668.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-H0RKN.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-utility-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-BI4VD.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-T5OD4.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-F6NR3.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-MIC57.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-MEII5.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-FFOHF.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-BE5KE.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-6QBB0.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\SkypeContext.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\vccorlib140.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-S72R6.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-SKCIO.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-DPHV3.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\is-OL7KK.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-SKCF8.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File created C:\Program Files (x86)\Microsoft\Skype for Desktop\is-UBJEJ.tmp C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa N/A N/A
File opened for modification C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\Processing.NDI.Lib.x86.dll C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp\shared_memory-rs\shmem_DEF4CC06924FDDE1 C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\RustDesk\log\rustdesk_rCURRENT.log C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000\Device Parameters C:\Windows\system32\mstsc.exe N/A
Key security queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Device Parameters C:\Windows\system32\mstsc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Device Parameters\TSRedirFlags C:\Windows\system32\mstsc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Device Parameters C:\Windows\system32\mstsc.exe N/A
Key security queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\mstsc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\TSRedirFlags C:\Windows\system32\mstsc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "180" N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent N/A N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\skype\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tel\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{9FE348C7-BEF3-4229-A1CA-37E63EB6467B} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\icon = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe" C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\SkypeURL C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\DefaultIcon\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\"" C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\SkypeURL\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\tel C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\ C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\SkypeURL\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\tel\ = "URL:tel" C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\callto C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{137DE1A2-82D1-486E-B84D-6AB65B049E53} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" --share-file=\"%V\"" C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\skype C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\skype-meetnow C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\ = "URL:skype-meetnow" C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\skype\ = "URL:skype" C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\callto\ = "URL:callto" C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\MUIVerb = "@C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\SkypeContext.dll,-101" C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\callto\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 954646.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Skype-8.116.0.213.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\batch-virus-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4968 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\rustdesk-1.2.3-1-x86_64.exe C:\Windows\system32\taskkill.exe
PID 4968 wrote to memory of 3096 N/A C:\Users\Admin\AppData\Local\Temp\rustdesk-1.2.3-1-x86_64.exe C:\Windows\system32\taskkill.exe
PID 4968 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\rustdesk-1.2.3-1-x86_64.exe C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
PID 4968 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\rustdesk-1.2.3-1-x86_64.exe C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
PID 3888 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\icacls.exe
PID 3888 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\icacls.exe
PID 3888 wrote to memory of 72 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\icacls.exe
PID 3888 wrote to memory of 72 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\icacls.exe
PID 3888 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
PID 3888 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
PID 3888 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
PID 3888 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
PID 3888 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 3888 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 2120 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2120 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3888 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
PID 3888 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe
PID 3888 wrote to memory of 6412 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 3888 wrote to memory of 6412 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 6412 wrote to memory of 6464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6412 wrote to memory of 6464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6412 wrote to memory of 6472 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 6412 wrote to memory of 6472 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 3888 wrote to memory of 6604 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 3888 wrote to memory of 6604 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 6604 wrote to memory of 6652 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6604 wrote to memory of 6652 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6604 wrote to memory of 6660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 6604 wrote to memory of 6660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 3888 wrote to memory of 6732 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 3888 wrote to memory of 6732 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 6732 wrote to memory of 6780 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6732 wrote to memory of 6780 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6732 wrote to memory of 6788 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 6732 wrote to memory of 6788 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 3888 wrote to memory of 6844 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 3888 wrote to memory of 6844 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 6844 wrote to memory of 6892 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6844 wrote to memory of 6892 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6844 wrote to memory of 6900 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 6844 wrote to memory of 6900 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 3888 wrote to memory of 6976 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 3888 wrote to memory of 6976 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 6976 wrote to memory of 7024 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6976 wrote to memory of 7024 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6976 wrote to memory of 7032 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 6976 wrote to memory of 7032 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 3888 wrote to memory of 7088 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 3888 wrote to memory of 7088 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 7088 wrote to memory of 7136 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 7088 wrote to memory of 7136 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 7088 wrote to memory of 7144 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 7088 wrote to memory of 7144 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 3888 wrote to memory of 6444 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 3888 wrote to memory of 6444 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 6444 wrote to memory of 6648 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6444 wrote to memory of 6648 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6444 wrote to memory of 6608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 6444 wrote to memory of 6608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\findstr.exe
PID 3888 wrote to memory of 6852 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 3888 wrote to memory of 6852 N/A C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe C:\Windows\system32\cmd.exe
PID 6852 wrote to memory of 7036 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 6852 wrote to memory of 7036 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe

Processes

C:\Users\Admin\AppData\Local\Temp\rustdesk-1.2.3-1-x86_64.exe

"C:\Users\Admin\AppData\Local\Temp\rustdesk-1.2.3-1-x86_64.exe"

C:\Windows\system32\taskkill.exe

"taskkill" /F /IM RuntimeBroker_rustdesk.exe

C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe

"C:\Users\Admin\AppData\Local\rustdesk\.\rustdesk.exe"

C:\Windows\system32\icacls.exe

"icacls" C:\ProgramData\RustDesk /grant *S-1-1-0:(OI)(CI)F /T

C:\Windows\system32\icacls.exe

"icacls" C:\ProgramData\RustDesk\shared_memory_portable_service /grant *S-1-1-0:(OI)(CI)F /T

C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe

"C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe" --portable-service

C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe

"C:\Users\Admin\AppData\Local\rustdesk\.\rustdesk.exe" --check-hwcodec-config

C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe

"C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe" --run-as-system

C:\Windows\system32\cmd.exe

"cmd" /c "taskkill /F /IM RuntimeBroker_rustdesk.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM RuntimeBroker_rustdesk.exe

C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe

"C:\Users\Admin\AppData\Local\rustdesk\.\rustdesk.exe" --cm

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x0000000000000494

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff5ecb3cb8,0x7fff5ecb3cc8,0x7fff5ecb3cd8

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5944 /prefetch:8

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6976 /prefetch:8

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Users\Admin\Downloads\Skype-8.116.0.213.exe

"C:\Users\Admin\Downloads\Skype-8.116.0.213.exe"

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp

"C:\Users\Admin\AppData\Local\Temp\is-B1SJO.tmp\Skype-8.116.0.213.tmp" /SL5="$90314,90120352,404480,C:\Users\Admin\Downloads\Skype-8.116.0.213.exe"

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /f /im Skype.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,17208074650692400843,12400395398110887683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7100 /prefetch:2

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad" --url=appcenter://generic?aid=a7417433-29d9-4bc0-8826-af367733939d&iid=e8f4da8d-9ed9-49ec-8ed3-a106bf71ff86&uid=e8f4da8d-9ed9-49ec-8ed3-a106bf71ff86 --annotation=IsOfficialBuild=1 --annotation=_companyName=Skype --annotation=_productName=skype-preview --annotation=_version=8.116.0.213 "--annotation=exe=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=19.1.8 --initial-client-data=0x598,0x59c,0x5a0,0x594,0x5a4,0x7e1d2d8,0x7e1d2e8,0x7e1d2f4

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 --field-trial-handle=2156,i,16929068636127048223,12419556138564409096,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=2428 --field-trial-handle=2156,i,16929068636127048223,12419556138564409096,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" /f

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2904 --field-trial-handle=2156,i,16929068636127048223,12419556138564409096,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__ /prefetch:1

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdate

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype For Desktop"

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\tel\UserChoice /v ProgId

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice /v ProgId

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\tel\UserChoice /v ProgId

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY HKCR\\Application /v ApplicationName

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY HKCR\\Application /v ApplicationName

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features --disable-blink-features --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3920 --field-trial-handle=2156,i,16929068636127048223,12419556138564409096,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\microsoft-edge\UserChoice /v ProgId

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\msedge.exe" /ve

C:\Windows\SysWOW64\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\msedge.exe" /ve

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1856,i,8596061088418705308,2244525116118652628,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7fff5ecb3cb8,0x7fff5ecb3cc8,0x7fff5ecb3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,17787020494565350048,5978465482033567475,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,17787020494565350048,5978465482033567475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,17787020494565350048,5978465482033567475,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17787020494565350048,5978465482033567475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17787020494565350048,5978465482033567475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3928 --field-trial-handle=2156,i,16929068636127048223,12419556138564409096,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17787020494565350048,5978465482033567475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17787020494565350048,5978465482033567475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,17787020494565350048,5978465482033567475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,17787020494565350048,5978465482033567475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\mstsc.exe

"C:\Windows\system32\mstsc.exe"

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff5ecb3cb8,0x7fff5ecb3cc8,0x7fff5ecb3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\findstr.exe

findstr consent.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,18099354559893394530,6468747941631036604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:8

C:\Windows\system32\cmd.exe

"cmd" /C "tasklist | findstr consent.exe"

C:\Windows\system32\tasklist.exe

tasklist

Network

Country Destination Domain Proto
GB 2.16.34.120:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 104.208.16.90:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com udp
DE 108.61.171.103:21115 rs-ny.rustdesk.com tcp
DE 140.82.121.3:443 github.com tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
GB 104.28.246.212:18020 tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
GB 104.28.246.212:18048 tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
GB 104.28.246.212:18057 tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
GB 104.28.246.212:18057 tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
GB 104.28.246.212:18166 tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
GB 104.28.246.212:18270 tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
GB 104.28.246.212:17978 tcp
DE 108.61.171.103:21116 rs-ny.rustdesk.com tcp
DE 128.140.88.208:21117 tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
GB 2.16.34.120:443 tcp
GB 2.16.34.120:443 tcp
US 52.113.197.254:443 teams-ring-fallback.msedge.net tcp
US 172.202.64.254:443 arc-ring.msedge.net tcp
US 8.8.8.8:53 254.64.202.172.in-addr.arpa udp
NL 23.62.61.168:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
GB 2.16.34.120:443 tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 104.212.67.120:443 roxy.azurefd.net tcp
TW 51.53.80.32:443 16633a18c6a7db2ef6ddf3596650beaf.azr.footprintdns.com tcp
US 13.107.42.10:443 878b96cf5bdf4727cdb8b7bb342c2556.clo.footprintdns.com tcp
US 52.234.227.128:443 7596cd15d3fcd0382bef387a76132fa0.azr.footprintdns.com tcp
US 152.199.19.161:443 fp-vp-nocache.azureedge.net tcp
US 8.8.8.8:53 120.67.212.104.in-addr.arpa udp
US 8.8.8.8:53 254.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 32.80.53.51.in-addr.arpa udp
US 8.8.8.8:53 128.227.234.52.in-addr.arpa udp
US 13.107.253.254:443 t-ring-fallback.msedge.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
NL 23.62.61.185:443 th.bing.com tcp
NL 23.62.61.185:443 th.bing.com tcp
NL 23.62.61.185:443 th.bing.com tcp
NL 23.62.61.185:443 th.bing.com tcp
NL 23.62.61.185:443 th.bing.com tcp
NL 23.62.61.185:443 th.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
GB 20.108.172.194:443 20d245c072b0d846a3acc3d2cc428f31.azr.footprintdns.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.58:443 th.bing.com tcp
NL 23.62.61.58:443 th.bing.com tcp
NL 23.62.61.139:443 r.bing.com tcp
NL 23.62.61.139:443 r.bing.com tcp
NL 23.62.61.58:443 th.bing.com tcp
US 52.113.194.133:443 go.skype.com tcp
US 52.113.194.133:443 go.skype.com tcp
BE 104.68.73.139:443 secure.skypeassets.com tcp
BE 104.68.73.139:443 secure.skypeassets.com tcp
US 52.113.194.133:443 go.skype.com tcp
BE 104.68.73.139:443 secure.skypeassets.com tcp
BE 104.68.73.139:443 secure.skypeassets.com tcp
BE 104.68.73.139:443 secure.skypeassets.com tcp
BE 104.68.73.139:443 secure.skypeassets.com tcp
US 13.107.3.128:443 edge.skype.com tcp
US 13.107.3.128:443 edge.skype.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 104.103.243.81:443 uhf.microsoft.com tcp
US 20.42.73.31:443 browser.pipe.aria.microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
BE 104.68.73.139:443 secure.skypeassets.com tcp
US 20.189.173.13:443 browser.events.data.microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 20.42.73.31:443 browser.pipe.aria.microsoft.com tcp
NL 40.126.32.133:443 login.microsoftonline.com tcp
US 20.189.173.13:443 browser.events.data.microsoft.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.113.194.133:80 go.skype.com tcp
US 52.113.194.133:80 go.skype.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 52.113.194.133:443 go.skype.com tcp
US 52.113.194.133:443 go.skype.com tcp
US 52.113.194.133:443 go.skype.com tcp
US 23.53.112.170:443 download.skype.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
GB 104.103.243.81:443 uhf.microsoft.com tcp
GB 2.16.34.120:443 tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.113.194.133:443 go.skype.com tcp
NL 52.178.17.3:443 pipe.skype.com tcp
US 52.113.194.133:443 go.skype.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 192.229.221.185:443 tcp
US 192.229.221.185:443 tcp
US 20.42.73.27:443 tcp
US 52.224.31.34:443 h.clarity.ms tcp
NL 52.178.17.235:443 tcp
US 13.107.42.22:443 tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 52.167.30.171:443 tcp
GB 2.16.34.120:443 tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 20.140.48.70:443 fp-afd.azurefd.us tcp
JP 104.215.5.225:443 21c985ac12f5177f175644f6dfc4d8ef.azr.footprintdns.com tcp
NL 23.62.61.155:443 th.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
GB 2.16.34.120:443 tcp
US 52.108.8.254:443 wac-ring.msedge.net tcp
US 104.208.16.90:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.57:443 www.bing.com tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
DE 20.113.200.164:443 0f6e6e0102d128c17c801e3731824c2b.azr.footprintdns.com tcp
NL 23.62.61.163:443 th.bing.com tcp
NL 23.62.61.168:443 th.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
NL 23.62.61.168:443 th.bing.com tcp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.9:443 codeload.github.com tcp
DE 140.82.121.9:443 codeload.github.com tcp

Files

C:\Users\Admin\AppData\Local\rustdesk\rustdesk.exe

MD5 e91aac29b515e6577bda36c430d74577
SHA1 0f5f4ab3572e194340d887b02068357149b86ac2
SHA256 243892629b06008c79f627b3e63d269eef877a1a0c6ea7fd37949e85bf614b46
SHA512 778fbed766f3a4d65ee249f4788afd4003d847cdaba8c48100aa4d88676472e09a947d6270b74634844a7ea57faa5c22f3ae98d65474a053950ecffd40d9d748

C:\Users\Admin\AppData\Local\rustdesk\texture_rgba_renderer_plugin.dll

MD5 145cc3e5a55bae49f380e1163554bb71
SHA1 93a328b26b1503e376f02b2bd69f4c8d0bf7738e
SHA256 65710f10d67f5becc80d148ea4fd7e4300074d7062115b3eb5ce611cfc73164d
SHA512 7e151acbb1c3cfc59c1f2db2d9dc78f15c017babbe8d51d870408590208300054fd26620930783f2f7c43f0ffcc06427ab47b6b31a17507c1cd6f9851193c21c

C:\Users\Admin\AppData\Local\rustdesk\window_size_plugin.dll

MD5 fc4d607cfec778c56237a9c59cd28308
SHA1 4c0eed30f08f08aa294123879733402765141707
SHA256 b8f5eff0f266908d962435c9a0bec66393ab4a97791a0a69dce0cd4ab9c7462d
SHA512 037865fbcebc5530f59e731200ead2fb4a5c56936b341a41c7c123448b56d6658cf16f6ef26097b0b9d184aa7f210e9aa8a5a6ee292a90faa2d57a57bfc0d5e4

C:\Users\Admin\AppData\Local\rustdesk\window_manager_plugin.dll

MD5 12089e31587d8ad45887eaeace85ea75
SHA1 7737583b420dcf6b1de32929df126a8e5c5053bb
SHA256 059a4e767ac9cc948c977fe6b0ad2c72e5f0d29e7843f4b2cbf4f4b2f02905a5
SHA512 c442cf080b75723b8d2133afb66f3be2444a1ce47f308888b3cfb8c65bbb90d5b73048a3980a4975f13d27016673d3a3ac3567a6d0720cf289f459f25677f2c1

C:\Users\Admin\AppData\Local\rustdesk\librustdesk.dll

MD5 639ae82338a685d5e863a0a203f2508c
SHA1 126461d1c0da2ec5eff66b65b64a604743f9d4ad
SHA256 ae274bfa74b9507fd5cfa84dd888f0b0424817377681be07cec416c2f638e535
SHA512 191b15c55a36df9f732892fbedd3ac87bee2a3143528697f7d1125591cd7ae8e8c0200e1be095011a9fe394bc41f68a63b95561be5dffc325a60e4b91a1d3545

C:\Users\Admin\AppData\Local\rustdesk\flutter_windows.dll

MD5 a8f8be856b62218f834495c45828f608
SHA1 f1512c764a3f8de72287debf99b7703d33778ee8
SHA256 b3e4cc825eb6453646a4048f9760f3b3179e272888e375e6d5cbafa2db11c04b
SHA512 3ab0cc14e75d365d8a7d6d610d8e6ab7c86fb4589c611da8ecd7fd912e9b39ce1ae1c3b34adb06d0bc67ba7f86236d84f2435c2eaad85e330f9fdabb23609a0d

C:\Users\Admin\AppData\Local\rustdesk\uni_links_desktop_plugin.dll

MD5 cd8bb243e494e7c7aeef0c353cebfc8f
SHA1 d70d15873e618313cc8642fdd369fb62bd624472
SHA256 d7df7409a8da5778203f0b59b7082a10cf040fa805dce8e95f505da4d37c8bf2
SHA512 f597af7cbb73bd05bf1c97afea7ea14d40c970a66e8e783b9639917b7fcec1c9e52607de78731d2b3ce7d9312e3b7b2f41544d3ef86398eba201218fb23ef174

C:\Users\Admin\AppData\Local\rustdesk\url_launcher_windows_plugin.dll

MD5 637cfa03bc9eb08534097a69eaad5752
SHA1 0ca11d1517809008f647d7fbfc77586acfb4fd98
SHA256 3065fc9f9ef6ecb28010cbf1f48eb3cec339e89f054e66d2355d0cb06b9fcd44
SHA512 e63aa02a0dadc8ecab726fe42fd90a5c942491b9e581635e32b7b3b5ed64d5ece1de5b89517c5ec2ca48e1b44204933b18aaa4573ca0c657948347cc0eee2cc8

C:\Users\Admin\AppData\Local\rustdesk\screen_retriever_plugin.dll

MD5 6f26af07c96083ab82b0d21dbb68375d
SHA1 fe69d65141063a96e22a633410e3a9daa87ee1c1
SHA256 308b23122c237dfd6a3376fb6294888322ab90c41db8189c2934e20990d77fa9
SHA512 e1008f5a00a1ef5d0660c5ee65397b71e79e80e22ab063c28ef2e78fd2a3579a5d3df521e7576b8c069f9ea507a54a8b57a250be16c22a215dc99741f6ffcb49

C:\Users\Admin\AppData\Local\rustdesk\flutter_custom_cursor_plugin.dll

MD5 acae09dd94244caa1e077a502e8bfc52
SHA1 a045c2e3f685cad7935bd09e3ddf5b2fa2890d8b
SHA256 6d612b7f7f0187f247bcdd66037eddbca0c9a84458d53a1351848f0c75ee30ce
SHA512 fb03abbea2179ba99cadec8703a852790eafbf4e7ac143e7e6f0a790d14b598f6ca33e72657ac8a956748f179ae8e27f6a1c4ac3414234577e73ac34571d5966

C:\Users\Admin\AppData\Local\rustdesk\desktop_multi_window_plugin.dll

MD5 fec08be31c1962491fde4f1d30243a26
SHA1 bc4a84ec3eccb7c484193499bc2fd9f4b9893260
SHA256 3c53abfabaa721021887bf8e98a53d799743f7133c23c990160da7846a475c6c
SHA512 88008a581e0e099baa4e206f6a2092a41f614816ecb525723da9d3304b6a97eb30b62c8839bc794b64e1d7f7d2cf6c346d0045d7e3c888d82cb9e9f524dcb07a

C:\Users\Admin\AppData\Local\rustdesk\desktop_drop_plugin.dll

MD5 300b8258faa366b5f92130394a094282
SHA1 8d787229e20aca29cbbbc0ff19d149fac16fd17b
SHA256 1b44840edb9199d131d81e385954e29110845724e745d3c0c7bd72434b8e1106
SHA512 becabbd28f96612aaaa5eb9c31b2e03ec3df8c3b2364484bf140c6c3096ac7d27b573ea78f6e4b91edb2ad6bac1f430eecf75a75d4f9603005e4123728d3cb75

C:\ProgramData\RustDesk\shared_memory_portable_service

MD5 c2b13b7df49404462c3b249ff9cf54cc
SHA1 fc83d6e53e64083efa3634b9baba9ad451708b76
SHA256 ece9cbf58da05e4f5581d64da6824c6dc10122a359b93d9650dcd0d3273877b4
SHA512 e40e1b5b05f36d16a06f3f1460965d4c35e64f7ce15350a70dc3eb69b0ed42aaf82173198e36734abcd1a32f9f9540ccbf57c9b8a70302581ec771935a22d9e7

memory/3888-137-0x0000020057D40000-0x0000020057D41000-memory.dmp

memory/3888-140-0x0000020057EB0000-0x0000020058B41000-memory.dmp

memory/3888-174-0x0000020057EB0000-0x0000020058B41000-memory.dmp

memory/3888-185-0x0000020057EB0000-0x0000020058B41000-memory.dmp

memory/3888-186-0x0000020058B80000-0x0000020058B81000-memory.dmp

C:\Users\Admin\AppData\Local\rustdesk\data\app.so

MD5 c36746f370e9327ba21630295005f223
SHA1 524e3c1c667021ae29e131bef8fe9adff4890240
SHA256 380cadde1b37c8bd28978486d3bb77035449a20c25c25198bdc7bbfa79715bbb
SHA512 e8881448224e138519c527c0d1645f2a4519c78f0fd8f4612affc68bdcc89d11eca3a5ed2786dda4a8286771337112c194ae6acf91d527105823cd725c4b0968

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce319bd3ed3c89069337a6292042bbe0
SHA1 7e058bce90e1940293044abffe993adf67d8d888
SHA256 34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3
SHA512 d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 12b71c4e45a845b5f29a54abb695e302
SHA1 8699ca2c717839c385f13fb26d111e57a9e61d6f
SHA256 c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0
SHA512 09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8593151391eba657d383f538fd166d92
SHA1 5c985c8285c2e4844ff8d730db2315f19e291c16
SHA256 1c5ff3768755eaeb4dfd87e394c593b9e5b3292f03d53c85e9e9c78bf22126a7
SHA512 b7d31bfe0c15991289e8978a8406da2d825db43a43432bdf5f9578ea3b12ca727e4753dd9fdad20d75cbf24debcb95c1d4b157ccf64a1fb385f3979ab39e4a70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4d5044c515157a4dde723f188339601d
SHA1 f8d16ed1bd0f84e6e4d513f3ddd934f9f2895260
SHA256 0ca8855683f66263f27080c53d345e0266046cc15021f9050627d50c311d4fa3
SHA512 0b507161293307759cc1f012fc87e753d3f46fdacac6138dab506acc35f23145cd8f5d9354af351b45f63b39d571befeb361a06fff32d842689e7b7ac2279eb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 766238d1e4147bdfd00c6706ce5cb580
SHA1 3b4ec7335a1ee87f09bbf6c018f8eaa38bb65716
SHA256 ebdd98422f407c3bcb27c56ae3154b1f4642677bf79b7f84101092ee2520f6d1
SHA512 378b3fed572f5056c6efbd2f2ede1fbf577c0326ccf40fa6b8232f1c2c922ea12f523c44c85f2a93ecf4b6ee416d7a2d367454f03a672f44b5976c2ce50585a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1dccb4a6f6c44b37f49c0e0bcce325a4
SHA1 795552204ce1ac01b75589fd7e80ff78bc506343
SHA256 198b500943726c6bbbee71ac8feef199ec8e486da7d8e1082e439ffdc545ec79
SHA512 3029cd55019a5788cfba5a724fd36abaaaa1f4c870825c9fe5168103e1e0faa84773730fb583e5a87a202a4fb66c41192e8133407313e8cf6e6a28acae4e6c85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dbd5bd5dcec7360d832f627127feeda3
SHA1 2733c5b40393b4484db9e28a86070327928f2c95
SHA256 b9ced446c8998759f9868d27efbfbf7d0b63699bff5ebecd34ea2a542262cf49
SHA512 4743a26bbc804725602eeda4cfd112bc9738509fc23a472f55a8acb499df99d3f024669c8aecd356c0db20a573255c8586f5cec6e16f7d810a3a6d2e3d705eba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b5df4339b9c758953065bf35c5e3f65a
SHA1 9951b42562eb6d10c17fd3b8ac19ff98c4ceb4d7
SHA256 6f15fa1f6999722558e3c540ff1ce53a5b4c6affb5d518bd2691d509573e3ff7
SHA512 651fed8a0021fffe12c3b658ac42953ca468cfdae4459b97eea26715a6f06d4c6b120c1a21d950567137b5ce6832d8e730d20c4bc0aec6a3925d675984c50d13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a51abe16b0dbd6d5bef59e81539fd40
SHA1 1b1fa99c5c7bbb0855757f259ab6d4a312b3025d
SHA256 fb784ff512e83f796424cafe2659d412aa291417211250925d72a25d0c954f72
SHA512 e3a12b6f6f0daf38c6930b93b83da0b0481efe684f866a538eb4e6cd3775c1c41989803c7aa02d8cfdef3a6e9093854fa09ade4c60bab4f02cd3dbad0a3d2f88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 96f9e0dd850419e778cdbe02384bbf80
SHA1 5d1f2c3614ad03710ec418a534a40e25348f9e81
SHA256 29a8221af98b8c711bb25f57501b6305c2f7aacc2ff306c5a403bb2ee7f6c32a
SHA512 c55f95885dd38f7d977dfa3f7aa988438adfc32c70f81dce9df20839ff005b09b208d3777a44c82acb2ce2f5cbcb976b44d77707b347b6769124bc5404d4aa2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d545c.TMP

MD5 b2b4d70ecf67dc71e751401e89d4436d
SHA1 0995a3f2e26688907eca505060540dea7b188bf6
SHA256 0e3363c01817a05592a36f075a20034b6cc0b30b7d8966ef96cdb508f03d0bd5
SHA512 311210895aa8276f4c58b28c48dff8d77d7565b92810a69c94deafb011826508a0721f69dfb0fd23039351944bbe3f033a60c9021086e22df49dbd4a6a6a8802

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed03dc8cbe0d1d3c4aab7de90eb2695c
SHA1 8cc6e97200b7cce62b94f7225c1fad928f449f3b
SHA256 8488ba5bd4cd8e8096a470a3b5ceacf546fe838c08e20168f850fc6684b54bd8
SHA512 b7af75c34ac5786a7fdf261812ba1b0a300cf23b7d5d644ef710281b09091cb485dbfc3264314f4fc084f4ce8d047c4466f5d8d5df69972dcec97d743b3570bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7d7d39d039f96caee142c15269fc5a2f
SHA1 301da759873520466692bcab2d8fe6f7cf0cc5a3
SHA256 afac283be7949ccc8c16224ba359d777d7d36a08c96be10c8064fe7efb94fa20
SHA512 ab4ce2c722307ae268da9dbff36dbb095f5e7b50858230f295ce4a608515f253b340491f1df431b9ec189a2f922fb692cf6d1e36c03ef26f4cd8c6f2f398253e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 944b3125775f85e29dfa4442fd0c4cca
SHA1 dd38b260c547e725beae743c1eaf25f652b72f13
SHA256 02be123fbf4a0461cc41c729ce350b0482f05e242b5c8b6491e450895b7f5611
SHA512 9d627df82a89263392edeeb5f51a3a6ae4abbeb22956eefb750fc2a6f1694bdcaad3f09d2ef9f0102d8a624e065f58055861d24442f461a357b828589c357b06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b56d3397ab2684a5d50bc1e0cae15feb
SHA1 a7e82d976ecabb914f2e17b3af65aadb5ad911c2
SHA256 a6a35530a9f57f7f21a216d1ba3cd3e481f6e87dacec54275768fc8e0632d803
SHA512 b9f3cacc5ad655b9acf392624c45aa51a10bc11ec85ffb79f0abb3a20f0440c48e659cf0ad8df3a8450a39f6e9c444f969b0134cb5818d608ac1958fbdc7f667

C:\Users\Admin\Downloads\Skype-8.116.0.213.exe

MD5 a766b975a16b82dca20c3a11bbbbc90f
SHA1 0da04b2e9f7d0e119762743b658e916ebb81a8a7
SHA256 615315c59b88a74de54a9b484794ab0b6fb6004c40df249f9f822093796fb9c5
SHA512 af0e385b37009edadc12c96372e0aaac739ebea0d618f6e1c44d6ba9eac82a2ff23e92ddcf8f1045c07f53e13e01d409c26912c63b883ea3293642b904551c3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 310c2eda28423ca1a66c64d11b7275fc
SHA1 c5e6751833d400fd11a0f431167be70514e02f47
SHA256 7dc1b154ad9c8f94e86d4ebcc222b18146cd9377b10295daf93a5c8963e1c4ca
SHA512 ba7e601bdf61dc1fcacbff4084e6e34e8a83853f6d5d473d10a3fc30c8f1a46888107b2f8eecb8f8d95e0133b4077aac75099897833a9430f992669ef3655bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 24e2d8eb6d1484cf3a56296a264cc1cc
SHA1 60a40cdb228ab0fb8940c21701e9fde9e089f75a
SHA256 7e170d582d37fc6bd52eda33365f79a8e2aadbb3f5c2bdaa35ec6f1b18085f84
SHA512 0965f096b1c2015f1aae60a0f2b0223b7356420c82f44bb946cace6fb59cd71245dc498f4ac8a83f05902492bd494ec1a95f25d79d4d40a9420cf2aea36cc94c

memory/11864-2273-0x0000000000400000-0x000000000046D000-memory.dmp

memory/11836-2277-0x0000000002580000-0x0000000002581000-memory.dmp

memory/11864-2457-0x0000000000400000-0x000000000046D000-memory.dmp

memory/11836-2458-0x0000000000400000-0x0000000000573000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 870f65eff983b0be38d85de6290ab13f
SHA1 949247465227d6ba33299d85220f757b985469d6
SHA256 37eb5b517becc567bab8a723786662161d580632ce2b36fa5e73e5a1af9be1a0
SHA512 33591a5a482cb4ca1b2c538cf7c2d295f737e5ba1b0bf322dcf580ca36125d032a489e651c2bbf9c1574d332832fe2b5600d695117021097463a82cbecbc4b8f

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

MD5 082b4bbfbfbccf3fc4c76c95263a38a6
SHA1 0cf7d8845b659bf13d94fd428c1aa393c95dd40c
SHA256 d3721e0963c607931455f44895ec549893db5b77e168c118be1b3ecd7e905fda
SHA512 7b27f591d0a5406832a471145fa3e7a1172febb6cbb004c87299ebaea0fa6047b4fbff931f7fcc9fb09c9a58bce982e6c99975960a6100ad173e720ac36d8da8

memory/11836-2776-0x0000000000400000-0x0000000000573000-memory.dmp

memory/11836-2788-0x0000000000400000-0x0000000000573000-memory.dmp

memory/11864-2790-0x0000000000400000-0x000000000046D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\CS_skylib\CS_shared.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\97a4e8b8-110f-4f29-aacf-51169423087e\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\97a4e8b8-110f-4f29-aacf-51169423087e\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bf8c55d7043f156e24ffa3de36722411
SHA1 5b2145509ab51b2d739468632ae1d6228edd09c6
SHA256 7cf4f01c4ac6720f3927198e94c1de6becdd8b3d10d012f321955c26a24803f3
SHA512 ee9853220ed76914ca20c7b3223592fed4a4ba2ce3286beb8fd544aee77fcd2f00f0353d513d4155db0680896626e8b27460856732a82cf5837c4ccf063fba4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 67cb62c2aa34638a4940473b7853bb8e
SHA1 621dd12f6ba9d6666c56e6544e766cabd4d2a360
SHA256 719551fbe2d4fd4bc5ab5985053504a9ce6b4f7cca970446a321eb43b9c5a723
SHA512 93dce94ad36e441cd622641e8ece0dd616521372defd141749d4baea067274588fed95703cf307931dfe994daff5c91094d4143dd497f2166fe206c053f07b44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a551040286352bce64b2d5de66be08cb
SHA1 d3c59815191e755968509b23746864884fe23d74
SHA256 37c7c8a0e6981306de374bf7112afae521ebf5f9dffca6937a444334abb00c2b
SHA512 5823c0610475020cb93e8cb84349cbfbe4615599efcb593ee0611f4d951a900fae1adfb25bdf5852d91cf7259eb49be15ee029bb5269b77125ca4e27087adb59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c0990f514ea1d0a6cec70b697955a1e0
SHA1 b5581af1a3d42a08cd07354670b9c3721434bc8b
SHA256 ccd3c11cf255cc38c528978005f2deb0b4ae9085981dec4fa38d5577449add67
SHA512 e8e025a19e533b74d5968210cec3cd9b988e569ec95b6878750a094cb7ca5c351ec2bcc08446175d3f7afe62d02cdd9e7850a1f3e87681c74774e05c09f2b3e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ac519193be51670203e5882a5ce51a9
SHA1 8150b6e49b94916b9b7998c2da4449296554c395
SHA256 d6a47d13e65394d282757454b784e001872a2cb4470c8c91ebf24ffe22b74cf8
SHA512 32d11539c6029aaf5ecdfe558dcad79f38529ca2b8ea6cedca87b0deda8e09a1582e09bfd3f328dc8fb47cedd8d084a4ebee7fdfd6b52117ec380ccf4cdad19a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 09ebae8df3bf1cb0bca1c6dbb3496e75
SHA1 32323ec5a815268de9def471c3c715057d0484b7
SHA256 c7d51a5a339f046d8b8114e8cd8c2ac8c5c5886981cecb24fbe367bce76396be
SHA512 d9c1476ca0737852efc2cc2c5e560374f254d7468e6f6c4952c9b1a602495d1b192cac85e43f22874c3376e5a77f6c1cda046b40677fea67cf767a5df8964525

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\97a4e8b8-110f-4f29-aacf-51169423087e\Code Cache\js\index-dir\the-real-index

MD5 1af1dafe8e1f386faf40e1c1a6073d18
SHA1 7e7d5c3733bc218b3033277fd9a47c4be7159fc4
SHA256 e0d4460fb48b75739bfb6968662d221574828764f02436573dda91409f7ee1bd
SHA512 125a561949e9077b081ecc4ceeabdc1789ea57f0ed1ffd895192c22d2470e438c9d367715860dd0695099acf8aa35ff87af883e42c99f2b4d359ba067a9334bd

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\97a4e8b8-110f-4f29-aacf-51169423087e\Code Cache\js\index-dir\the-real-index

MD5 d36c65a5ee91904a57951ebd342ccb7a
SHA1 9e617391b42faeef376b64f595bb92ede8947572
SHA256 bb11a61dad1f390418d8c4dcab922762fcc48d3bf88f7589a7f1a6603aef5e5b
SHA512 13ced86f3c2911133227d74cd94f9c846523618cb0f1264780215c341027d21b84a162b177f6b5b86186507fd076380613cb154ff610a68603766608cc835aaa

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\TransportSecurity

MD5 a5ab0f75b3a6d75cc024cb9495c329ce
SHA1 de63828b0df2bb1b13255cf1c6011d70fe233e7c
SHA256 c5c269fb4f45820a5475d8b1968b37b19c0903542b81b3cb5560cf9bbc12c82b
SHA512 fc75586bb8a2b203aa712efa62f88f64472e9ceec066a09e11b6a53d417ba7ec314bda8b02c949ef23994676ce75d9667dc180c9be69207c21280b6c393e3e95

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\TransportSecurity~RFe5ec7b3.TMP

MD5 d9e8acf4393017b769d3030a486b9b36
SHA1 d61d0dc29bb6d5727d7f919b3c61e6f41cb79c28
SHA256 4ada2e9f8f029625fa6fe3ec6e3a5304218e9b865de338a201f580d379fd0144
SHA512 cb58d64171c5cfd1a214a71e7764a848753c0f05145bd4bd55934e6d6eb702a4243e9181497adb4bcab572ad08500ac29e6d2ccfbd8d762ff2e0e37a26616f4e

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\97a4e8b8-110f-4f29-aacf-51169423087e\Network\TransportSecurity~RFe5edaae.TMP

MD5 9596f8fb02734cee0c44273d8fa59627
SHA1 8b3149698caa99c2b3c940ac4cc4340df4d11ea3
SHA256 034e315f35a4b76d8a15fff976088adb52b1746cecdbbd995cc32213e7f96050
SHA512 5b674e018e0e34244d5099f979004437b8abb2c86ac09dda255bb762fa14bd43795e1a9759d683faf2aac96fafeafe26157093d6fc5b8fd389759f096e4c1e6b

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\97a4e8b8-110f-4f29-aacf-51169423087e\Network\TransportSecurity

MD5 5b157dc6a454abe26b53da17999d0f97
SHA1 d023015b4b095fa424b946138d6d56f532670333
SHA256 bfb0b7bd4e3229cd2bbe2fe09f6b7beb264a43bb331319363591da5cbbcf3860
SHA512 e1ce97e50315523379fdc43cb56b992e39c9845cd1b94c2d4714d3a669b46e4b874b986636fee4ef7c79e59ff790b18a08d1df8a15bb51ae5d3d87fda8156c7c

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\97a4e8b8-110f-4f29-aacf-51169423087e\Code Cache\js\index-dir\the-real-index

MD5 4308d1ab1dea753c9e8417c7a9be00b3
SHA1 e793c219f604cbcd6f609f88f4433320df1534c7
SHA256 e6f72f18cfb41dfd962aa172beec0c2866fc60d2edba6f8be09ed9d320f235e4
SHA512 be6dfa5b9894ed45d94ed726d1cd8dad5f0025fe3e6847d02c6e04a16f7f50c25f2600ee2bfce8745d2aaaed6d20b12740f02a3b900d2c7a4f8ca441e0b4e8d2

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\TransportSecurity

MD5 ec4859e6b9b3ce85998a509bc91f0f04
SHA1 8fa33cad49acee44b5f6199d71273c0f72e1b7af
SHA256 d6c4bac6c113eeb92b35f6e31a1d7c281e7089a80bb91bb91650f0d8a60041d2
SHA512 c29f3046b17787d69166decb497887af52535a18265cd91e1af19ffad409877c0ea9208329d8c0ab33848987eb4278ce8e9aaac9c11ef90c20f3c86b2962ad14

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\Network Persistent State

MD5 0ab7e949e41b8d4fe159d83f0196a4f1
SHA1 27dd2dd66c9bcdcbd963c3ec79fbd75c427d8791
SHA256 7bb946102f0ea43818a74377610422592189cbc8f3ef373912ae3e559e7b6522
SHA512 138cbdba860f036ccd4c11bb2994f1aff92de1e87ba0ae816ee561504cb173dafe5a8ebda300ad911ad7b93fe3d90c11f857a70afcccbde336ac1cd5ccdfd127

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\97a4e8b8-110f-4f29-aacf-51169423087e\Network\Network Persistent State

MD5 3c2d1e1d2f9e32af66eee8314ead8f16
SHA1 8ae4c41b7f378d1a1cb373e91912e6c11e1e6c0b
SHA256 587c69569b0e2f10117713ada22bd0bee4791776628d98ac69df97b8ffb6f467
SHA512 7fc94df433c6c3122175e5310ea1f53d784d494c53be61724a447040e1a9e088f2c1d6e3ef31e264e7422559d919ffaa52d5f50a551b4191097acb6fd12ed889

C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\TransportSecurity

MD5 ad66da9494943b8030f22c1f1700d32f
SHA1 c76997fc6da8ba05aff126f1a72100c1a3310968
SHA256 3d9acbb1193ebc145074b6d7afa3ea244c0a0946f916f150e52b9b3cf93ed971
SHA512 589c43a86dbcbcce279979a76fdd1f9eb9ca39b9664236d8bf7ce6a0892ec6cad886ab951fd607b611d939776f721db71c7149b4c19d869b1acea0b7124418cf

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 77375d17a8241aa06af550428e413cee
SHA1 ec13b23081e0a9cd92ae4d944deea5f5e0f036e6
SHA256 45d3a9dec1354dbdaa71102c669564b4ed52f1981fd657550f6c1babc20982eb
SHA512 64ba1637e51aa95f61c25c46fe20e597bbcae509cb0f1cd71bf26aa1841b2bb4e06e2941a25cf94addeff2f097d84feeb7fbfbb05729f3cc921dd076e95da56c

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 7559e6648e4aafc0e861b78cbe330394
SHA1 9503b9fa9c99a1af87bd7842112a7fca646b1029
SHA256 66a83a216b12b12d970ef2be5230abe29fefd0bf44efcddaa52928fc8a24c785
SHA512 c51871feab28e4711a83b0d34bde40172245766565be629060676fccba15efc248869e884cf0cc99ec2cabeea71adc903c30c20aeded276ecfac6adba927969b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 29c4285cc0392de53e35d4245ab1e3e9
SHA1 161d77c56a8976f2cf3b3bc782abdf65e91ec13c
SHA256 91da74fb57746b0bacc8d962e826524cdfe1db01b72ea2cf058509c7f7f07a4d
SHA512 821ddddb8c2efa01547687840f4890cb621931caefadbb7c16e0ad96e48160e20e89b27d1a63a7fdd5b3a6d1e8c00face8827a2eceb96b9891b21faf8e8c2585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 246385837994f4beb47f04a80194fd52
SHA1 f40b2523a564649ee8d8ea1b805ae603e07dc43c
SHA256 deb168bac2db49a7ce56e6ea1507b80df1b6a6c7e4ac6cdfbb34f8c948cde695
SHA512 466ee63e1760ab8d9adf90ca714c3eb4090a0c00af72cec2d2ef377b6320e7b881aecb27c03b662b7dabc6f631160b520208ad61e0a2659161d099328fb727a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 55829f0f27b5b990ff046e916665c748
SHA1 406ed65de8eb7732c578917d8e1766cf1bc6b265
SHA256 95bc8b4efe9bad89e07c74042b8e100040a1bcde0c9856fda58fe1963c585806
SHA512 f20f4bd38fcfaaae928d42cf881804335d6bf97b0b67693123bf3451bff3f0017f4396bd2cafbccf38cebd4cef51c0ff0ada7b103e5b740bd0132c72d673dfa0

memory/9568-3711-0x000000000DE00000-0x000000000DE01000-memory.dmp

memory/9568-3712-0x000000000DE00000-0x000000000DE01000-memory.dmp

memory/9568-3713-0x000000000DE00000-0x000000000DE01000-memory.dmp

memory/9568-3717-0x000000000DE00000-0x000000000DE01000-memory.dmp

memory/9568-3718-0x000000000DE00000-0x000000000DE01000-memory.dmp

memory/9568-3719-0x000000000DE00000-0x000000000DE01000-memory.dmp

memory/9568-3720-0x000000000DE00000-0x000000000DE01000-memory.dmp

memory/9568-3721-0x000000000DE00000-0x000000000DE01000-memory.dmp

memory/9568-3722-0x000000000DE00000-0x000000000DE01000-memory.dmp

memory/9568-3723-0x000000000DE00000-0x000000000DE01000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9168c8a308b3c1102472c74f33c3bf56
SHA1 ff57258f120f3c3b75a472dbb60ce1ef8b8e451d
SHA256 4fae282ee12f940e7dfce021bd864c534bfb5fc57d32dbbdaf48d3b9cf5094ef
SHA512 97e5945eb1b005cddc9920a11cc36cfd4877f8f0b883607a0a87dde891e0d38a2681db9492532a83177f499ce60465da8f0d742164b27e727137337f09da8950

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f037372547c5400b707921e28785fd48
SHA1 66aa0cf8b55c61377faa4420db395a92d9de4fcf
SHA256 e6f19f5320dd1a620bfb25e8feacc2c9e182206b6cf294912f0861f5a89ee577
SHA512 2c72032929e3c7ff6082075148808916c1d33ec38fa89293e5276a7224641c309fad568e14bd6066c45c81e7d91d80701ea095290ff632c1d3d5a557873c0580

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 795db17df685e0a22f75cf663220f655
SHA1 58a3a776149860a44e774a85d0cfde1bab3a94bc
SHA256 721660461bb2bbe3dfa57d312ad456bbb056457ad1d8a9b2560f26ec13aa6eac
SHA512 8e887714b8cb7ff89b120ef4631016eb80f68cc681019be4c9506fb307bbe8bd6a269fa76661773b2f0f3b20e117e334edaeb83478e2c21f6c287a32df6e6532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fe4cf269b72ed3f0e708e323242da9fb
SHA1 2bfba27db3a4b6d8f89732c0f9582b5aa355261e
SHA256 9f7c0116085ad8f430c6e88d1a33b4e2427e10d7ceda8d985b3ac0cdf5384ad4
SHA512 312ed8eb495f4e279e14defa2364d43c47809e76261d2c95c8f4c0de8bec49444dea2f447aae7f0474cdaa570cf3b8916412e42a2bb70c0c19f3311d16dc289f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\393b508d-7255-4f9e-964c-f7c700678c02.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1c1aaf5eea7157f816d1960afaf4fb72
SHA1 80d861c24101689097e96b078ab55b97090e2f5b
SHA256 fc3c2f54ac8ebbd30881dbb5c5f33b2cba62afd1814ea0dde3f10b075e45ac59
SHA512 264b92040c534614a16ffb10f496df4e009f34454310dd37191298eacad69a1e29b7509ec80e603aad58cdabc0070cbdf621bc6b60448382eb05b9b7f7a1ab53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9db3ac0f56a68280e500f88533d0c3b3
SHA1 7d6559f517bcac949498005459b96c84599c7680
SHA256 853e7cec46e50d2f01326347816dbcbc762f3d08429e1aa59226da4fb90e169e
SHA512 e59e021faf45e6d6b01f068a24fc1843897c8b6ebdd630c28f31fa242173364d5a059ac1ebf99eae172e13f5218d0c32142e6fbad3e1f1814c4cb2b0d0b29684

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a04a5e1e388c477536da4ab8d0025cd3
SHA1 4c370ba98aa5bc75e28204c5fb39c41492b690cc
SHA256 8c269e985611cd2877c3f019197c64545fd0e2366f42227fbefa04a92fb61a22
SHA512 5f233954ed83e72f2faab44fc6bc0436d3fbaa415e4c7f4d3ed7a39a07aa99b9ff7a949ac5b11325729fa2a1447e2bb0c2baa620a0f21cc9646baeae568b9193

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ca8c5ee4fafc3bb1224465838f3fc1a
SHA1 4a4d4fe6f7398de1f9d9d80efe69c5aa39761663
SHA256 16e799124a7c95fb7a0b3d3552571b84d40e13ea3fdfb557baa44057fd992a9b
SHA512 0393f8222b95b955bf21ac2e1cb95c45ff692e0af05db0a053230e30ceff2de60dd3875b8f54915410eafe40996002abf0eebcb2d35d291d97cafae12bc3ec89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4fca9766067117977dd1b3d5e07ffa66
SHA1 5f31b5f700139a687ea30a9bd0c15859359119bf
SHA256 91302130484acefd603258acbd9d460903df9a84098f555c76d343155cdd482d
SHA512 39b1edea7de22f4dcc62f8f8cb55ddd1e9ca7e960950a875f35186da99375312fd6332b24ea46c6a4e6c26d6c2ec83a1e4190d35bb6de251402dfcff8a7d491a

C:\Users\Admin\Downloads\batch-virus-main.zip

MD5 cbafef9e4869db15b79329bb4f46b66f
SHA1 8b55fcfd3c965d59f06ad878f6d60def26c12ca4
SHA256 77edd09c8ef0321fd7c39036c6220d3e5e152e3bdb2a2954a06f6943b31a3939
SHA512 72f815ba527cc088fe2116f88173cd6aadffd39fd7e115ab26ca2e0ceea3d1aeca389f38850fd50b5198cf19bd665197bf2b674c08dc04f5a28c40b07058fbb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f3ba72979223f891b4cca5f8cdba3e82
SHA1 78721423edcde9fcfd3ecb82c21b44f41798f1be
SHA256 3b6380c18bf659b1383b35950a0ae22bbf96a420599d0cf2c1d793ec86517373
SHA512 85715c7d764cabcc1028355da1bc454419df0e8692d22e4a14164218b96da41fcfd62c7d153bcbe7865c11ec1d2ab52d18f3ba92c8e3b13ed5318b5ba0fdfb7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89962725f514daa8572fc0dd62dfa308
SHA1 4e8ce992f1eb5f4908bf12c23f83ac3091c54e7d
SHA256 47eaf561e53f1137bb26b06e4212156a151f3762e2cd87059e60dbb7d4279714
SHA512 4f5239167987b810c48671bd0324610800d8fce87a19a06eed881ce3592167898a82c96922209c54903a4bcde2eaa915798a15f3c2cd0d054f51e17a67e7f0e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d239dd91fbe9613247989030abc4dde5
SHA1 35e551c8c79e163751df7a8ad8957cd1c0dae2ba
SHA256 6c41644f3a6549f2b262f4c1e3c35394f27b0fd41de6072bf8961650c8cbd783
SHA512 5896199b739f9c75ce84fde85ea9490427f79b002376007a55e5128815df1f078d2daad6d1e466d52cc615724a7e9d6f85cb4524d425c107a864ba056c5371f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fa5d3835eac06c43a5a4a0d7378c3b43
SHA1 dd1c15173fb94637c280f522f3a5bb9dda08cd35
SHA256 084fb0f7561793538452d751a22c1106de19e1838098ea0602025c50d0b748ba
SHA512 77123f5b739e9c54f9dde65b5971266ef6b139ae826a1d395a8105082f4fa1359bfdbacd076bd7b4983ad7455a1683e37a241dbfeb503358357b35b73188af9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7ce61db5997f3a84d6e1d1c2d439cb78
SHA1 6476c282f2d68e9744913721fa2989fbd458cfb9
SHA256 e86024cdd8c4577e662d224cd43cd9957048895f69538c224af640f8c30d4b30
SHA512 d3ba83b811173b50ba6ce986fe1819295af5706a3d89ce356bc0c3796afb13c482d9f8e6c8e60edf5201e69f17adffa59345cdb48581491075b99d24f9a4ee21