Malware Analysis Report

2025-06-15 20:41

Sample ID 240508-1zsq2aaa2w
Target https://mega.nz/file/YL0E1LwZ#ueyXvmDCNzdDwOjyh301hRPRHUpJ6pW8ysTw2wjk9Do
Tags
evasion execution persistence pyinstaller upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://mega.nz/file/YL0E1LwZ#ueyXvmDCNzdDwOjyh301hRPRHUpJ6pW8ysTw2wjk9Do was found to be: Likely malicious.

Malicious Activity Summary

evasion execution persistence pyinstaller upx

Enumerates VirtualBox DLL files

Sets file to hidden

Command and Scripting Interpreter: PowerShell

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

Executes dropped EXE

UPX packed file

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Detects Pyinstaller

Modifies registry class

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Views/modifies file attributes

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-08 22:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-08 22:05

Reported

2024-05-08 22:15

Platform

win10v2004-20240508-en

Max time kernel

599s

Max time network

605s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/YL0E1LwZ#ueyXvmDCNzdDwOjyh301hRPRHUpJ6pW8ysTw2wjk9Do

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\SysWOW64\vboxhook.dll C:\Users\Admin\Desktop\Lexyvirus.exe N/A
File opened (read-only) C:\windows\SysWOW64\vboxmrxnp.dll C:\Users\Admin\Desktop\Lexyvirus.exe N/A
File opened (read-only) C:\windows\SysWOW64\vboxhook.dll C:\Users\Admin\.exe N/A
File opened (read-only) C:\windows\SysWOW64\vboxmrxnp.dll C:\Users\Admin\.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\.exe N/A
N/A N/A C:\Users\Admin\.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\\\.exe" C:\Users\Admin\Desktop\Lexyvirus.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\.exe N/A
N/A N/A C:\Users\Admin\.exe N/A
N/A N/A C:\Users\Admin\.exe N/A
N/A N/A C:\Users\Admin\.exe N/A
N/A N/A C:\Users\Admin\.exe N/A
N/A N/A C:\Users\Admin\.exe N/A
N/A N/A C:\Users\Admin\.exe N/A
N/A N/A C:\Users\Admin\.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Lexyvirus.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3728 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3728 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/YL0E1LwZ#ueyXvmDCNzdDwOjyh301hRPRHUpJ6pW8ysTw2wjk9Do

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa632546f8,0x7ffa63254708,0x7ffa63254718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4848 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x39c 0x308

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Lexyvirus.rar"

C:\Users\Admin\Desktop\Lexyvirus.exe

"C:\Users\Admin\Desktop\Lexyvirus.exe"

C:\Users\Admin\Desktop\Lexyvirus.exe

"C:\Users\Admin\Desktop\Lexyvirus.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\\\""

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\\activate.bat

C:\Windows\SysWOW64\attrib.exe

attrib +s +h .

C:\Users\Admin\.exe

".exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im "Lexyvirus.exe"

C:\Users\Admin\.exe

".exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\\\""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,14314915715257409809,9964173384587891226,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
LU 66.203.125.13:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 13.125.203.66.in-addr.arpa udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 gfs270n348.userstorage.mega.co.nz udp
LU 89.44.168.58:443 gfs270n348.userstorage.mega.co.nz tcp
LU 89.44.168.58:443 gfs270n348.userstorage.mega.co.nz tcp
LU 89.44.168.58:443 gfs270n348.userstorage.mega.co.nz tcp
LU 89.44.168.58:443 gfs270n348.userstorage.mega.co.nz tcp
US 8.8.8.8:53 58.168.44.89.in-addr.arpa udp
LU 89.44.168.58:443 gfs270n348.userstorage.mega.co.nz tcp
LU 89.44.168.58:443 gfs270n348.userstorage.mega.co.nz tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
N/A 127.0.0.1:63145 tcp
N/A 127.0.0.1:63152 tcp
N/A 127.0.0.1:63154 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_3728_CTRMRULPACTWRJMV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d554df900f225759717af682bdc2071
SHA1 b9ea43309f6c44bc7ec64dffc755766bdfd88c67
SHA256 01d796e469cff8de9e92c75b0c6f3ab6f3867b28d75d36c4fe86dd651571909f
SHA512 391167460f8d074a0014de4312039ddb29d5f492d4c29d5db9a42ca5479942ab3ab2d8d3de61cf0473245909b8c76b9663f9b9decbe8dde4ad3a98b5fd7bf2d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 950eca48e414acbe2c3b5d046dcb8521
SHA1 1731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256 c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA512 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 06977a6e9cfabc406ac144d0a748d232
SHA1 89b8aaf3003353d0d7d5fe93d2c4255bfebee7d6
SHA256 14ac0d916268050104d99ba505d81a339b43bb250e87e9176710dfcdbbdac487
SHA512 0802600eead44d2ea12c402558162f02e041f264367c4b02fb2fa9d797a15eb266bdd04dd20f4c717f82ebcf2c6e5b6c413bde163ea87e098b7cbdc890d9effc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 06e0bfeb1423c657e055b815f3b79ae9
SHA1 af7ebd2d46dd9ab97c065a4fbfc7e21f63a9005e
SHA256 14999558a6040c60a909cfad7eac35f06d34be7f4e363a202fa03eec67a9e585
SHA512 861a19687d28e6a0aff3a46a40f1be1f014df42adb61f36a8a50d6043522a2177ee92de3563fa204ecfcbd12204b44af2e439c5b17676eccb8d20c0d32f045c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6db2095601f23f113e46d1299f8303ec
SHA1 e654ddd98a9922613186963221307c9087daf818
SHA256 c2b8540fdcc693d9853d7a2c1266ae4a860e3fd75f2509a29cc0c97e02d9cc09
SHA512 fcdbc44cd32c03286971e3728072806cad8b8d9a4a9eb8264a9019fcd790b859b7efa92e545b0942f367dd76966a5774a935cc612e79436e45f3254a53f34498

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 12ec9a2576f26f666fcd5d190203a0d1
SHA1 5c2f7ada82dc355efa7a982f5a3a45694aa5bee5
SHA256 48a76841c98628fb8a0e345b00d5891f6b93a304956b07ca45de9783920f928d
SHA512 2176c20619c26f55a4dd025bc120b0f4fd79796dbf0d43ee1ef249a7d7103439128967514b5189382cfb7fce1ebd74db4b4ffbd5c1531785a6ea59246fd51099

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a7e8.TMP

MD5 b28fd5ff8a4ac7848b25b9c2501f4e7b
SHA1 985e25bfe345931f0a2a9e567ad3665d422abc72
SHA256 e8d77d0185a07f8a4465e0391e6594c6f839a0a179cfda3e9f4f1a74cc1aa1aa
SHA512 40a349b625edbbc6d59f482810706ac6ab307e71a90fea9fd89c251fcd26a41d2b96f27f83e2b994df735e84e8b7e7fd9437cc5be1a5e2527fb5463338042bec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a5b58c457d6570686664d3d5c959965e
SHA1 8b210985986f8eef385fe47f0214f95c9cc9d1f6
SHA256 552369a3b3afa0dd2f4d78487e1a0694943a892b399a039830840dea69471422
SHA512 a8984bb78f80d837d3b65383c3277b7df73f5a525af32df94d3befbbbf26473070f2b9fb97dfb41e1caa829e4d7c359124d477d188347ab61864d0f700a3e09c

C:\Users\Admin\Downloads\Lexyvirus.rar

MD5 55375091215a132b8aadaac0d055dbc5
SHA1 2da65fa622dca25fa6bf889f965ff9e7d59d743c
SHA256 2921a602754491ea38dbf892a5d8a7df1004ea75fdfbc1157b0848f210f2e654
SHA512 6e03bdf9c4e7a3b21869f30b4471a33096d4b7ef6c4a1eb6258f09f59f3ddd3022efb18547dfa6b92f6e77555f634b5bf71d76138406b3386992827601d0041b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93b8b54b6cb0ed92ea50d7af37fd10ca
SHA1 59f6724b3b3410d86b090b43b921c2cc5d9ff488
SHA256 3ee57df0edc85313bca5bf5d74d29891848419df269642d218a5629c5a70c09e
SHA512 346c1149cb908978bdc91a9bde73f697a7ea30e046e6f218d6e63a5b999a9ed8820fae1004dbc08b3ca439c590c7451aca878f512472c861139794805a7fef78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8539dfd7caf4b6fd66c26f25a78eede
SHA1 d69e3855301ea5dfc832de460724684cda4d4ec0
SHA256 855903a586d5d562c921be73a79f8b3a9a88b7a93ff045ef242dfd8ae804d263
SHA512 c74bf00c4381d8fd3bad045a6ad7b9a140b57e9cde630d82c26a29225c71599abd1d3150db80fef07aaa81a441184aa0b4489c1a0ce9d77c5336dcf75da2b569

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 008114e1a1a614b35e8a7515da0f3783
SHA1 3c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA256 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512 a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

C:\Users\Admin\Desktop\Lexyvirus.exe

MD5 4508296fbdbd07746ab61808d278a2af
SHA1 28759e94200509c34a28ca1aa7e60af51b49f7e7
SHA256 f7d9d303b1513be4b027b4205220ff32f9c7d261fc1a6372a71d8fedb0c24696
SHA512 7173bf124be6899a4ff37b0e46685ff648047f3449858aebd5c4ba6456d54b8bf1c25353edf122e639ff403a44cd733aba088b9c109c0a4121a2e12535779f73

C:\Users\Admin\AppData\Local\Temp\_MEI30042\python312.dll

MD5 a0c0336fa0576d1380fbd6f4d29084a2
SHA1 e418d67bd6252ba06937467edfd9257fea1c5028
SHA256 ade3a8a4c8e87ce5dd2775f4456c12edbf865b538f0190fd5ba1b376f5d281d0
SHA512 158e982f49e8c6485db3501800d038fe615c8f1a699ad3531894eb1d73794fa903e8ffe50cace78f084bee828cda6f96af1d36163c056ef2257548c417223a1d

C:\Users\Admin\AppData\Local\Temp\_MEI30042\VCRUNTIME140.dll

MD5 17f01742d17d9ffa7d8b3500978fc842
SHA1 2da2ff031da84ac8c2d063a964450642e849144d
SHA256 70dd90f6ee01854cecf18b1b6d1dfbf30d33c5170ba07ad8b64721f0bdcc235e
SHA512 c4e617cd808e48cc803343616853adf32b7f2e694b5827392219c69145a43969384d2fc67fa6fa0f5af1ca449eb4932004fbcdd394a5ba092212412b347586f0

memory/4520-1426-0x0000000074BF0000-0x00000000751C8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI30042\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI30042\python3.dll

MD5 97386f12a1c19e14451f5e4697e5fdc8
SHA1 6bee5f0a7b8863779a02491c93cb46cd8b6916ef
SHA256 130632508b1a7f6293bb67e13441e0e21164a5df8e5dabaec9ebe73a35544bad
SHA512 66dbf574585bd72f2487f341026a811533740241bea1a33395f8967c4b9283aa35c7d765a03337cdec4f56ea5940ef02491d9fdee497a2deb5fc4296d19261e2

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_ctypes.pyd

MD5 31667c8aa65af33d23cf7f7d03e99d1c
SHA1 9b6504fce81e64f6927bb32718663e5dcba4d002
SHA256 81d6d1c5d3d321e6521d8662233b78f117871e62392b057557fc61d0fdb34b28
SHA512 f271fd29de9af2ee629b5e421f0ced4744e99f6f8ab2af4268f81e7fbb4aff22b3f5383893dd7cc13575ce895a4182f10c357c659ac4a1f32ad85e86560f8806

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libffi-8.dll

MD5 cafe0a27f8f2cc6f5e4a4c6233bb954f
SHA1 6f8b66056d058a02b05e61b9090762ed7acced6f
SHA256 97ccb8542e8bbaf8c949683e8aba21b85e496a237c5543f8b2f6d90d9855b389
SHA512 dc2221584fc54f6c9e423f212294614a447f6a8274a61138910f2364ca7eae041c15c8d224c6b7f3f79581626a3151a27bfcedee95e65784d6e16e94ccfe6330

memory/4520-1436-0x0000000074B90000-0x0000000074B9D000-memory.dmp

memory/4520-1440-0x0000000074B70000-0x0000000074B88000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_lzma.pyd

MD5 1e514dd2dde7f3a9a305e950dd74275a
SHA1 13a2990b67216b701fc7889085e462843c4f58df
SHA256 7d5258f32d310e9c90917c754d842f4e4b5579347e69ae3cb4a7481aa77518fc
SHA512 bd9ceabdcb6c3e5949fea268c8780c9c87faabb960122f55aa6f8075a629fa64f1f7579b23d0f17c8947e626495e7035ff03e50d385a2aff88f685a1bda23d58

memory/4520-1442-0x0000000074B40000-0x0000000074B67000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libmodplug-1.dll

MD5 f3cb4e12f761415ca474f2b8c4c88d94
SHA1 5111a67c03742c0a8d40b98500634a0ec43ac3b2
SHA256 f6f3d0f77619426ac01d6a5a5634bf0911138b879e528e27f71b21858b029404
SHA512 af04a800b15a5824d9d282bc8116d9e468bb3a890fccbe03a428fdcdd996c8e0731288707e017c21a0e958739bc6ed1439062a382d9856a262e3384c5fc20773

C:\Users\Admin\AppData\Local\Temp\_MEI30042\tk86t.dll

MD5 ed93e3d1e1bcee84602643fd1eae4b16
SHA1 2290123ee4fb95db2e6b3c5695394816b440fc16
SHA256 122b7617a3903c19bbc3a0326d4922f1f5bf52b75960080bf7510c64ed3199d4
SHA512 9678aaba8e3f5b303d11390d27e30552df37c5dcd4033728ec935305a92d740e6710f0c4a997f1cafc665a8408705426176bdce2e89a1a7f3beb4e5c3369f075

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libssl-3.dll

MD5 fed9f1da2f51f7c09db583d5cb92886c
SHA1 1dca294432eace681a0277907bb802025fd89044
SHA256 4b427f6543001965cc3cf8cf08e1ca73a27c9951c66703b42f179db93957853b
SHA512 124d0644b2197929082e32eb0dc3e20206d5183667903f8e8bc90c5dd64790cc03e3b64719a1ef131e6087f8f6b1912746dab2543173b05c26358984b84f3e44

memory/4520-1474-0x0000000074B30000-0x0000000074B40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libpng16-16.dll

MD5 4081f400e7e4e0a271c8793fb69da433
SHA1 fdc167a0dd384601c83608bc0b244cbef092bd70
SHA256 77f7ca1f67bbf01cb89676ff7e1ed0e136f40b2e7dd295f835792f6818d96a56
SHA512 62f4901222e08965676b7e1494ba1e24b7b228b5d8bc8e02fb95a1bf06f42a377e71652f9b11714762ea0b6167aa7c4196914a7fbf1729b2384e4ce64c1c39e0

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libopusfile-0.dll

MD5 c79b4e5d4e7c313d58c2c64b7b89dad7
SHA1 e8816f7173fe4e90782ef00d6bd4c17921d1592b
SHA256 0542e21d671c8c711a9940d8265351010a4125a2ecaba988d0134d30c53efb7d
SHA512 e3bdcd4f61121f0156e6633bb4816375fde62535f4deb61f616e80133a74ba96016bddcb5a5e9d5b52a7e79769caf500ea2bfa92c25a0efb0da4896a9b5e0655

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libopus-0.dll

MD5 4d8f9129c930088db9b520fac13b0cf4
SHA1 91a5bb1a153367d4fd1e1e04922010cdf5ef006d
SHA256 68a60d3eaba31deb093986a74891cd052428b5e88337162f66aa5ec90595d096
SHA512 efe8df82c87f8b436a76c5e07f24a7130767a1bbd0c3ed1f4d91c53b311c97e95f0f2927db971e22cb75fa631a8cf2e5a3012df3e661b0579c7b9ebe9747e42a

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_queue.pyd

MD5 27ff281f951e4c090c9decc3901cefdb
SHA1 a3aff5bf06e1df2759b5af4824a9614e98ca6b30
SHA256 6bf99367532509590aef75d3473040b4f19cd510664b68d29a5cceff0a46cdbe
SHA512 481a854811c0a70e2ddf4913458d995798d09dc946fff4e30b66220827985b5bd29f136216a7a771beb327263c8bd4e0324fd6f23c1a06bb90b2173912e7c13d

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_overlapped.pyd

MD5 ca2be59ba6558991a37fd992ffea7a3b
SHA1 aa0375ad758210efa5154aac975d84b4a245f92f
SHA256 b8b126f196414d1e0dbf99ac8b0f84737ca8070b509bd698bed9dc086fb13bc9
SHA512 87179e5a7795fea15ec6d1819a3bee0ccd2884a9bd464a73235fadbee1fc3a8e3290af654f0921dee554392bc83185d03f30e218535c203aa51e6bf294f58ce9

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_multiprocessing.pyd

MD5 83eb5a7e98f3611fbbcd744cf9167088
SHA1 4b2fa4a482c61dbe190681001918f38c2e57f6e1
SHA256 639363cdd17e6823a21cba447354e7f1f004fde143cbaa165ad7091eb0d68804
SHA512 d618c50a38097607d52d9d030e123a59d5da9a6f879f4e9b225f272f83a3b011d247e708306cc7e1ddc1a48bd31efe5dc444bf60eea54b67bc7822eb86822640

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_hashlib.pyd

MD5 a6d9cc3460caa34325eb3f4f62fd6d08
SHA1 e9c9b5e80a16f9fc966a9da0b1ee6f1acd3f822c
SHA256 1070152cd927c80ee8bc67029cf0fa9ae1a7ff61060f4d0efe98c84d3c736aca
SHA512 468846b6d9dbf09b36ae052a782047d7fc7c0281b0fd85a42f7b82cf2a9bb036bde9fc858fab0251ab0cf8d417a80811edd145f75b63da0fe30f6b18ba050d09

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_elementtree.pyd

MD5 a9fb45f9b6819170c352406be1bbfb59
SHA1 4e21c0ab0100ce3605d06364a08367baabd77eca
SHA256 1f64517751e23803a815f495cdb21db7a4716b995f548ad20a9ce0edff53e5f7
SHA512 7ae0f67a3b2129d0b5e22973f93eaf52d0b66554fa9f2d6620e517afd1af25de2f0061345be28653ab79b5cb3c84d3f8d6f64ca6357caee8560afd2227135e62

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_decimal.pyd

MD5 d9541261192762e1676135d3d91ab611
SHA1 2426a94cc179d996a36d408e4e065f0ad3bec581
SHA256 ba83677dc75343e46ef913875d03c637fc0855d04bf2dee0784c4bdf5d1b60fa
SHA512 e55f41a70441440f8503f450b2c2ae28bedd9a8bffaa425447d8945daa0e858727d55fb888dc8deaa710eee6d24ab8048749400691ef2d5f2e2b085c3188cb4b

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_cffi_backend.cp312-win32.pyd

MD5 61130345d096d18dcfaedce1e6dff622
SHA1 3b7cb7adbfdb9e9bd0f0a0991715baa5ca8242c1
SHA256 5a1df0dd23c9e280083419827aa5a91eb4ba268616af94a1b9ab358b1634fc30
SHA512 a270b1fc1c2de9493a957055de6e441c6503639c4801cc9815637da8c8c878f894aa5e3c9d63eff3812ed3075c24aa2d403a15c92d52618d3beb5f09b4b44628

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_asyncio.pyd

MD5 11386a63d589b3aa5a5106495034deee
SHA1 0883fea178180a39cf0da52752ff9ab868efad46
SHA256 1e5b063c5fa58dac409b26a2a9518ab73fdee265663856ddf1adc863e6cb7c77
SHA512 dc1f183d571d27ada2943cdac7c7b921f7741772ce685dea614f1185dec5cb8518c10f0a83b9e072c25d2adab6b8287bb326d739c418a8c8fe85be23924f75a1

C:\Users\Admin\AppData\Local\Temp\_MEI30042\zlib1.dll

MD5 9c0713c65faa4ed19cfc327cc281527b
SHA1 7431fa2599916af847cefce85247e6ab6d0eda97
SHA256 549de67df69f6cefa2e1f596d157711eabf46b72aad09b50b9460532316c719c
SHA512 572af4c67428d721bea6078fd428913f381fc3dc7d99d8d3031dbdf5fa4f240e29a31193571de6c9faf9a2b6abba331b89afb99dd341fe888b0516c707ec4986

C:\Users\Admin\AppData\Local\Temp\_MEI30042\unicodedata.pyd

MD5 2944322ed47ba7d9aa3aef3447615ca4
SHA1 2249c595efe82209d93effda26a1c6f6dfeb28a3
SHA256 a25921209bc1e1b52f22ae5c9128b628b64e95017ebfa8f74fc5166b5e384868
SHA512 3331d5b27cd4fe99fbe7a457d6517cd2c403a5da256ee4f083880ecc0f32eb2945aac3de2e10ea27cc1e9c52a1084b05dc56671db586416104f3234170ee00d2

C:\Users\Admin\AppData\Local\Temp\_MEI30042\tcl86t.dll

MD5 ce075df8e1e783ad2140a1e9ed133c8f
SHA1 6fdc0000be4b70e0bb7f072d72c29f0835f58c7f
SHA256 cd08b5b888fa01d51b53ba2534649396a537967df58950679236374931f93899
SHA512 5d2e40217c4b8d8fba456f2e23321e5386958017e400aa11061916057c0be6a6e68580ca89eea97315922e1d5f4e07cdad873bd1c6eed98b549781873a5f999f

C:\Users\Admin\AppData\Local\Temp\_MEI30042\sqlite3.dll

MD5 b3d14e0a675aab996297ddfc8ea3aee6
SHA1 fc867e4cbc538d9310a178b8cabae9094a16d914
SHA256 34f1d706c4a2d289a4270dbd2894aaf780d440ef33b1df2e89819aa1dbdcfcbc
SHA512 7be0e31be5be6366e95e09f5cb49e207780ae24a4e57abc0e5a7381274edb2d2de96f42f6d9cf82abf856a647c450ebf5dc387ce9d7f66d3b766954b647d22f6

C:\Users\Admin\AppData\Local\Temp\_MEI30042\select.pyd

MD5 138fd2710e2b397efbb3f14c19b0d02d
SHA1 24c637e8d55b2a8b2fe56ffe7ac539d08de99b10
SHA256 dde8f67de7a4e6544aec75e3785c08a8e30559537063f76c27e50513f8edd371
SHA512 07c7219c294f61bd5cd48ca33d543ef9b825cc2ab11947fd6774e74b3ed7fc6716d4db7efeddb7d5cbf07d7f2d7f87bc979de1fed22bb9715b5066e698f84865

C:\Users\Admin\AppData\Local\Temp\_MEI30042\SDL2_ttf.dll

MD5 a842d2cd49e48c6ca9dcd7a0b80a6ba3
SHA1 ba11d9468fc9f0f2950ed5a42fb3f7e356402a0a
SHA256 539d876de6f27cbf565eef64c69bf721a5ea81536880a52c800f167cc2dda421
SHA512 65fcb2d9289c04934922842b61e29867f409f27f34412c3bfc1decd7e0d5e1240ab4a5e5afa97c88a9d418d1480e438ea714ebc0188651917bbff798c93b2e93

memory/4520-1475-0x0000000074790000-0x0000000074B23000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI30042\SDL2_mixer.dll

MD5 5974c6c01d15c6d1cb0f910c2583ef1c
SHA1 ebc95211c09d8fa3536c011c032675d93d4dc519
SHA256 6db866aaf38686e77f1c63270044e6ea7de4e42984adc409df0a430ff535802d
SHA512 714246faca8395a950aa45d591c0ad0731cab66f6f7e85e0a2f31c3c6fc367d95bd83b8ba410ed47a07e53ff21e7a8f646d6cad1003aedfae0bc75e8c01cf567

C:\Users\Admin\AppData\Local\Temp\_MEI30042\SDL2_image.dll

MD5 068d2313bfc24a317d345c14015b9082
SHA1 e18eb26214ba3a23558b41a3a7678875baf6eaa5
SHA256 d0dcfcce991144283a588665524bc0367e1629c9959f4d0dc46665d8246950f9
SHA512 71e8aed870ea4e09336335eb79a8ca1410ecb521776115a8b9e96f56390671fd44f088becdffb1488e94ba49311625e71d75cce18f1e87c1bd0df058e5967afc

memory/4520-1476-0x0000000074770000-0x0000000074785000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI30042\SDL2.dll

MD5 01efe5b9351fc7297febda89b7955750
SHA1 fc0543b48adcfa30fe9e59ac7eb1ad53a8567dba
SHA256 40bed47e058633a2f36ef56558c00f4442b88d7f972db93c34cd079753c015c2
SHA512 921aff8e7894594654d18d4677939dc455f2cd86933fcde6b76efb13d87bd17abaa3d47f6307947bd0a2a89493d43ca8413bca81c811c2f171522cd592512d99

C:\Users\Admin\AppData\Local\Temp\_MEI30042\pyexpat.pyd

MD5 595642ffeec3f6244efd1051cf367b45
SHA1 5113e91a78af88fcfc62287ba59b3889cb06b292
SHA256 00e5021e222db01963a2fe6f3652e18939fd270cd70c27318452d0a6c3b25629
SHA512 b7c30d872552d47d4c3887c7fa17cb7f22a73b7931f456401de3cda7768392cd8650fda48ef90d2000770acdb94853155c74c517ce0ff2c8766f25a88b056bbf

memory/4520-1477-0x0000000074720000-0x000000007472C000-memory.dmp

memory/4520-1479-0x0000000074640000-0x00000000746E9000-memory.dmp

memory/4520-1478-0x00000000746F0000-0x000000007471E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI30042\portmidi.dll

MD5 d95e5514046562c8dd36cad4e7c2a545
SHA1 6aba08ec8c7547a79ba8b35fe6414e27db668eef
SHA256 c1f187f5ef27490922490d5932277f62d039011041b9f3ec28e673fe3b066a7f
SHA512 5d8c3a57b25e42f9d89e71f03122a68369d1362a1c3057b35afaa1f9b8e96322d9449b96d00ebecd023933919b51c66ed7d5ff95b48a56f8c1b8bf9e1ddbe2be

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libwebp-7.dll

MD5 9e58f1809a8a01f2f3d3153b310ee59d
SHA1 3c7d44336296cb83091e18116d653cc1d683dff6
SHA256 ca2d560c75d38ba3060b39d3759f12ed4c3e513983bbd87f0b7f5fcd15f2197d
SHA512 0d7954df16666ef5f3e003a25ea2d4fef687896ab55e3c685cfef43684bba8f2faea6102e9f93689a414e55b38f135a3c4fa19ad06a8a6f83c464bdd3217f5a4

memory/4520-1480-0x00000000745D0000-0x00000000745DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libtiff-5.dll

MD5 e80feff04b7e942a596d3c180f10163b
SHA1 7b9bbb30ebaea80b501089989d96a8c01bd920de
SHA256 2c946a716c700b8cb9c1bac2085d83b4d015afdf1fd823b294193d2c882477dd
SHA512 cf58e0cec22661e00d68c654a808295fb9b4294233f185af65a3e6a15bdd3752f098253180e281a2d5f7feb75f0169e8ea72f07f16f6bf21b24b7aa80c43e1a2

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libogg-0.dll

MD5 d14468143cc34dfe95509a8aa83bdecc
SHA1 644fde846df9ff25a959104fa0b69121cd4bf8a3
SHA256 78748c5933af2322953394795572704b3fbee99cab7fff04a4ec609714478757
SHA512 a3064b2b858d4d932404f25d805524106a3cacf14638e297d982e0ff6137eb5f59210554916c9be8ba3a5a05d761b5c4d858dd5f6a23ceff1faed09c1753ba62

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libjpeg-9.dll

MD5 574e2c562c1c858798b318df21c7ca50
SHA1 6cc7d5d54b47298715925aa3591941f664feea6a
SHA256 d8dbd584dd9997da553d735f07820992698fef59ad28dc1141e50a6ed95fd58d
SHA512 cf1213b0a8d82b72019265d6d87cde3f9d767c935c1429fe954a7ae53e77b5917ae4933472494af7a335c7c3693c692d03c41c5ee52e306b32d1c38914723096

C:\Users\Admin\AppData\Local\Temp\_MEI30042\libcrypto-3.dll

MD5 14bf47bef4ede406d422265bd7ccb9db
SHA1 ef373c3e06b7c0c3f095cfcae99f2e82c1f37563
SHA256 fe82dc30e3662af42f33464e4098eaed14e3fdb708aa3a6141c2cc69b19d8789
SHA512 dedc4e78f1917ce988559725f6aa6fc34c088930eab304165adb8c01e853073493a7057a6873e666f2e88a6bae469f6cf8c66d3fc9849b3af3c42bff802a104b

memory/4520-1483-0x0000000074470000-0x0000000074588000-memory.dmp

memory/4520-1482-0x0000000074590000-0x00000000745B3000-memory.dmp

memory/4520-1484-0x0000000074460000-0x000000007446D000-memory.dmp

memory/4520-1481-0x0000000074BF0000-0x00000000751C8000-memory.dmp

memory/4520-1490-0x0000000074300000-0x000000007430D000-memory.dmp

memory/4520-1489-0x0000000074310000-0x000000007431C000-memory.dmp

memory/4520-1488-0x0000000074320000-0x000000007432A000-memory.dmp

memory/4520-1487-0x0000000074B30000-0x0000000074B40000-memory.dmp

memory/4520-1494-0x0000000074770000-0x0000000074785000-memory.dmp

memory/4520-1493-0x00000000742A0000-0x00000000742AA000-memory.dmp

memory/4520-1492-0x00000000742C0000-0x00000000742CA000-memory.dmp

memory/4520-1498-0x0000000074250000-0x0000000074260000-memory.dmp

memory/4520-1497-0x0000000074260000-0x0000000074273000-memory.dmp

memory/4520-1495-0x0000000074290000-0x00000000742A0000-memory.dmp

memory/4520-1496-0x0000000074280000-0x000000007428A000-memory.dmp

memory/4520-1499-0x00000000746F0000-0x000000007471E000-memory.dmp

memory/4520-1491-0x0000000074790000-0x0000000074B23000-memory.dmp

memory/4520-1502-0x0000000074220000-0x000000007423F000-memory.dmp

memory/4520-1501-0x0000000074240000-0x0000000074250000-memory.dmp

memory/4520-1500-0x0000000074640000-0x00000000746E9000-memory.dmp

memory/4520-1486-0x0000000074340000-0x000000007434A000-memory.dmp

memory/4520-1485-0x0000000074B40000-0x0000000074B67000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI30042\freetype.dll

MD5 5f205b8fc4d2a836072b5bb2e0fa06dc
SHA1 d2b79733993cfefaa493587f40696d8291ec6d65
SHA256 a66cf338573ebcea5c91f5a8c203a88751c93649571867c8c5491551ef867983
SHA512 bc42808b5823b52d529fe3f2e792ca7111ac6844a328211c8456a74eba65f4721c5155268ac357af1d84c52af52dfd997e4e785dae402ac61272d08354087f00

C:\Users\Admin\AppData\Local\Temp\_MEI30042\_bz2.pyd

MD5 8ca03012fe499bb52c55a0f52aaf5d11
SHA1 133813cd3d6181e6731126eecef9c41c77c0f0f4
SHA256 cd38b8d6dda3549d2f5ed34c5ab0437fd1b441d86b0c924b7fd3bccafc6cca53
SHA512 7d7a6b40201a565a91436f52fbe2959f6c0570af8f4bf33154b8c04f20a0cb6bb9d0a5d820e9a96c363dcf01004ab6d0a453e7fe2169bc7d1e87b52c48e17d9c

memory/4520-1435-0x0000000074BA0000-0x0000000074BC0000-memory.dmp

memory/4520-1504-0x0000000074150000-0x0000000074167000-memory.dmp

memory/4520-1507-0x00000000740F0000-0x00000000740FE000-memory.dmp

memory/4520-1508-0x00000000740C0000-0x00000000740DB000-memory.dmp

memory/4520-1506-0x0000000074460000-0x000000007446D000-memory.dmp

memory/4520-1505-0x0000000074100000-0x0000000074146000-memory.dmp

memory/4520-1503-0x0000000074170000-0x0000000074184000-memory.dmp

memory/4520-1510-0x0000000073FC0000-0x0000000073FF1000-memory.dmp

memory/4520-1509-0x0000000074060000-0x00000000740B5000-memory.dmp

memory/4520-1512-0x0000000073F90000-0x0000000073FB7000-memory.dmp

memory/4520-1514-0x0000000073E30000-0x0000000073F6E000-memory.dmp

memory/4520-1513-0x0000000073F70000-0x0000000073F8C000-memory.dmp

memory/4520-1515-0x0000000073E10000-0x0000000073E26000-memory.dmp

memory/4520-1517-0x0000000073D10000-0x0000000073D1A000-memory.dmp

memory/4520-1516-0x0000000074220000-0x000000007423F000-memory.dmp

memory/4520-1522-0x0000000073C90000-0x0000000073C9A000-memory.dmp

memory/4520-1526-0x0000000073C50000-0x0000000073C5A000-memory.dmp

memory/4520-1525-0x0000000073C60000-0x0000000073C70000-memory.dmp

memory/4520-1524-0x0000000073C70000-0x0000000073C7A000-memory.dmp

memory/4520-1523-0x0000000074100000-0x0000000074146000-memory.dmp

memory/4520-1521-0x0000000073CD0000-0x0000000073CDD000-memory.dmp

memory/4520-1520-0x0000000073CE0000-0x0000000073CEC000-memory.dmp

memory/4520-1519-0x0000000073CF0000-0x0000000073CFA000-memory.dmp

memory/4520-1527-0x0000000073C10000-0x0000000073C41000-memory.dmp

memory/4520-1528-0x0000000073A10000-0x0000000073C04000-memory.dmp

memory/4520-1518-0x0000000074170000-0x0000000074184000-memory.dmp

memory/4520-1511-0x0000000074020000-0x0000000074045000-memory.dmp

memory/4520-1529-0x0000000074060000-0x00000000740B5000-memory.dmp

memory/4520-1530-0x0000000073510000-0x0000000073A0C000-memory.dmp

memory/4520-1533-0x00000000734B0000-0x00000000734E3000-memory.dmp

memory/4520-1532-0x00000000734F0000-0x0000000073502000-memory.dmp

memory/4520-1534-0x0000000073480000-0x0000000073492000-memory.dmp

memory/4520-1531-0x0000000073FC0000-0x0000000073FF1000-memory.dmp

memory/4520-1539-0x0000000063080000-0x00000000630A5000-memory.dmp

memory/4520-1538-0x0000000073180000-0x00000000732D5000-memory.dmp

memory/4520-1537-0x0000000073310000-0x000000007347E000-memory.dmp

memory/4520-1536-0x0000000073E30000-0x0000000073F6E000-memory.dmp

memory/4520-1535-0x0000000073F70000-0x0000000073F8C000-memory.dmp

memory/4520-1540-0x0000000072E70000-0x00000000730E2000-memory.dmp

memory/4520-1541-0x0000000072E50000-0x0000000072E65000-memory.dmp

memory/4520-1542-0x0000000072C50000-0x0000000072E45000-memory.dmp

memory/4520-1544-0x0000000072B90000-0x0000000072C24000-memory.dmp

memory/4520-1543-0x0000000072C30000-0x0000000072C48000-memory.dmp

memory/4520-1545-0x0000000073A10000-0x0000000073C04000-memory.dmp

memory/4520-1548-0x0000000072AF0000-0x0000000072B30000-memory.dmp

memory/4520-1547-0x0000000072B30000-0x0000000072B60000-memory.dmp

memory/4520-1546-0x0000000072B60000-0x0000000072B8D000-memory.dmp

memory/4520-1549-0x0000000073510000-0x0000000073A0C000-memory.dmp

memory/4520-1553-0x00000000729C0000-0x0000000072A6D000-memory.dmp

memory/4520-1555-0x00000000734B0000-0x00000000734E3000-memory.dmp

memory/4520-1554-0x0000000072AD0000-0x0000000072AE8000-memory.dmp

memory/4520-1552-0x0000000072A70000-0x0000000072A83000-memory.dmp

memory/4520-1551-0x0000000072A90000-0x0000000072AAB000-memory.dmp

memory/4520-1550-0x0000000072AB0000-0x0000000072AC7000-memory.dmp

memory/4520-1557-0x0000000072980000-0x00000000729B6000-memory.dmp

memory/4520-1562-0x0000000072720000-0x0000000072965000-memory.dmp

memory/4520-1561-0x0000000072970000-0x000000007297F000-memory.dmp

memory/4520-1560-0x0000000072E70000-0x00000000730E2000-memory.dmp

memory/4520-1559-0x0000000073180000-0x00000000732D5000-memory.dmp

memory/4520-1558-0x0000000073310000-0x000000007347E000-memory.dmp

memory/4520-1564-0x0000000072520000-0x0000000072532000-memory.dmp

memory/4520-1563-0x0000000072540000-0x0000000072551000-memory.dmp

memory/4520-1556-0x0000000073480000-0x0000000073492000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_32cdqv2a.lnh.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4520-1651-0x0000000074BA0000-0x0000000074BC0000-memory.dmp

memory/4520-1650-0x0000000074BF0000-0x00000000751C8000-memory.dmp

memory/4520-1677-0x0000000074170000-0x0000000074184000-memory.dmp

memory/4520-1674-0x0000000074250000-0x0000000074260000-memory.dmp

memory/4520-1680-0x00000000740F0000-0x00000000740FE000-memory.dmp

memory/4520-1679-0x0000000074100000-0x0000000074146000-memory.dmp

memory/4520-1678-0x0000000074150000-0x0000000074167000-memory.dmp

memory/4520-1675-0x0000000074240000-0x0000000074250000-memory.dmp

memory/4520-1673-0x0000000074260000-0x0000000074273000-memory.dmp

memory/4520-1672-0x0000000074280000-0x000000007428A000-memory.dmp

memory/4520-1671-0x0000000074290000-0x00000000742A0000-memory.dmp

memory/4520-1669-0x00000000742C0000-0x00000000742CA000-memory.dmp

memory/4520-1668-0x0000000074300000-0x000000007430D000-memory.dmp

memory/4520-1667-0x0000000074310000-0x000000007431C000-memory.dmp

memory/4520-1666-0x0000000074320000-0x000000007432A000-memory.dmp

memory/4520-1665-0x0000000074340000-0x000000007434A000-memory.dmp

memory/4520-1664-0x0000000074460000-0x000000007446D000-memory.dmp

memory/4520-1661-0x00000000745D0000-0x00000000745DC000-memory.dmp

memory/4520-1655-0x0000000074B30000-0x0000000074B40000-memory.dmp

memory/4520-1660-0x0000000074640000-0x00000000746E9000-memory.dmp

memory/4520-1659-0x00000000746F0000-0x000000007471E000-memory.dmp

memory/4520-1658-0x0000000074720000-0x000000007472C000-memory.dmp

memory/4520-1657-0x0000000074770000-0x0000000074785000-memory.dmp

memory/4520-1656-0x0000000074790000-0x0000000074B23000-memory.dmp

memory/4520-1654-0x0000000074B40000-0x0000000074B67000-memory.dmp

memory/4520-1653-0x0000000074B70000-0x0000000074B88000-memory.dmp

memory/4520-1652-0x0000000074B90000-0x0000000074B9D000-memory.dmp

memory/5924-3815-0x0000000074BF0000-0x00000000751C8000-memory.dmp

memory/5924-3844-0x0000000074100000-0x0000000074146000-memory.dmp

memory/5924-3841-0x0000000074220000-0x000000007423F000-memory.dmp

memory/5924-3838-0x0000000074260000-0x0000000074273000-memory.dmp

memory/5924-3826-0x00000000745D0000-0x00000000745DC000-memory.dmp

memory/5924-3825-0x0000000074640000-0x00000000746E9000-memory.dmp

memory/5924-3824-0x00000000746F0000-0x000000007471E000-memory.dmp

memory/5924-3821-0x0000000074790000-0x0000000074B23000-memory.dmp

memory/5924-3816-0x0000000074BA0000-0x0000000074BC0000-memory.dmp