Malware Analysis Report

2025-06-16 03:39

Sample ID 240526-kdh2psdb98
Target https://github.com/pankoza2-pl/malware
Tags
bootkit persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://github.com/pankoza2-pl/malware was found to be: Likely malicious.

Malicious Activity Summary

bootkit persistence

Downloads MZ/PE file

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-26 08:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 08:28

Reported

2024-05-26 08:35

Platform

win10-20240404-en

Max time kernel

100s

Max time network

238s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malware

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611859017496196" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2752 wrote to memory of 1464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 1464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 800 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malware

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe2289758,0x7fffe2289768,0x7fffe2289778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1908 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Users\Admin\Downloads\Monoxidex64.exe

"C:\Users\Admin\Downloads\Monoxidex64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe

"C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3ac

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\UnlockUnpublish.m3u"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1512 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2156 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\$Recycle.Bin\S-1-5-21-3699363923-1875576828-3287151903-1000\$IPSK9RZ.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\an.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\nn.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe

"C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:82945 /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Program Files\Java\jdk-1.8\bin\rmid.exe

"C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:148482 /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:148484 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:148485 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:214018 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:476161 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:541697 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:82954 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:82945 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:279556 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:82945 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5840 CREDAT:82945 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5948 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3780 CREDAT:82945 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5352 CREDAT:82945 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5752 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6164 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6072 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5184 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:345095 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3172 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3528 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6276 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6320 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6248 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6380 CREDAT:82945 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6440 CREDAT:82945 /prefetch:2

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6564 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6656 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6492 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6772 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6896 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7000 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6192 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:410628 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7068 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7288 CREDAT:82945 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7576 CREDAT:82945 /prefetch:2

C:\Windows\hh.exe

"C:\Windows\hh.exe" C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7976 CREDAT:82945 /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.d.1.a.1.a.6.8.f.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

\??\pipe\crashpad_2752_SQYAWTCBBRGXOMSB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6208f64a8291d921e53d0dac5e5832a6
SHA1 c3fe51a32d1e01350943c28e269a8bd392cbc0a3
SHA256 8fa457a4c7ebcee7dde4bb88d486363bcf7541d1e2ea2aeba55a3e5bba9ea2c2
SHA512 75ed378eda9543b9b088c08053fd78174c3fac0a86d72fea945fd4a0c07e4cf2d05af0e8d72e40d93a313c1d0ae0d1d05addff8ba035b494a79a1ee54ad62573

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5fd561d294ff69d51b2dbe6d00f772f8
SHA1 63bddc8fb589cc1d83c3ca18713b861ead50cae8
SHA256 25864721e1b71bcce1a8d02fc1ee25d7dea636384f8f62ea1bb8f0cb52148edd
SHA512 4bb0fc18ebd05ffe93fd9d7f3d5557e4860dc492033794c1bffd0ee5db37648fb462805b5c0eda3f5f1f5852f8b1fdb578024e7bd900adfe66043f168907f347

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 59e560b32ae4775b69fb0a0335230e55
SHA1 f44d7d93b9e9587d59b194b5270a22636ba60094
SHA256 a29d9c9957647d0c94986124842768d2f92e0ddecadac28af63cca3006518e8e
SHA512 bf2a57ba08dd5fe797ca2896d66ad53393355770b49c869799bf4a2cd26e57103098f9ffd2a98f1c2784c9be89a1b8652493c9057b4d0a7f90eb068c224a157f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c5a246f8f269b1b8688188ca2e90104d
SHA1 061b3d9d162990c39468650550f5b4750854aa88
SHA256 c60670fe54e4de17053a3665e0e0f19a04010b11e2a66f3eec42df10088aa79d
SHA512 c427b8f665c225538127704b8feb0918e0a5a559118a7078a1b785b53b7dc7aac44a8b647100fa6f971f1fab35018f6b86f8cda9f1f6b849e021370fd067fe99

C:\Users\Admin\Downloads\Monoxidex64.exe

MD5 692361071bbbb3e9243d09dc190fedea
SHA1 04894c41500859ea3617b0780f1cc2ba82a40daf
SHA256 ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe
SHA512 cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a1ae39b51e7ac6fdc292af06ce755a8
SHA1 e30fec912eeedc03e92612eb3672adad207b8138
SHA256 b1df75fca4bb553274fc5d0533985472842a8509a382557f5db64466ac8e4cdc
SHA512 786cbcb0332e5799fe6fa2940729e0ac73ab3cf70610fc410bdef9b5769f2cdc8efc6f7de632e6d29e9342386d33420956a7baaee3f6cee566533da35372559a

C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.txt

MD5 de9cc24f9cdb9b50e5713a854e7d2fe3
SHA1 da895eb00e8999da35f4bd3906b5c08cface6bff
SHA256 c0622c7e26ebaa79fb4950d39b656e29a2392b5fb3de15bb22ce031d8c6ceffa
SHA512 75d1ce72321502b35082c0191a7c8b4b171990c1a5f4f62be69153ee5e73f5c6b0bcd6014dbca7fdfa68021896af982873137722074290f6f5ba1fc22ea1fb09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6f9b5fef0553d964cc28a0e921984cbd
SHA1 6b709790b252a5d6a7b2d8581dd73cc7a2ba2ce9
SHA256 c1e97eb09aec910eac5527031d274a111c959252ca18f0dc408041190f7a287d
SHA512 ac31c4289818d4a630ff77bac95d2137db9e3a1d01bdc369d69636ab0a4a6b31c45fee5b6e1cfe1d6c6210d0f9b23c7b176f6076875a273b3a1df3422a40fa8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e937.TMP

MD5 829df5d6f7498d13fd5b6f78ad62f519
SHA1 0d87d043b63cab45d8a92e50918def32d87737c7
SHA256 c43ab888a5b5963c1f5f5764589517c78478edc2d7c289b93055d19aa411c556
SHA512 1c715904f63f9942be0e1d27f360317aeaa00cea256cada5aa94f076397ebe84bbb118a2a5ba821eb98d1d259f0bd5cc60a85d30004e1eed243e16daa1fb2c7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d89e98965df40f07c58c9263453711d7
SHA1 5b0e5f50f2bcd58ea3d0e04f9a8526d481cded1d
SHA256 54e77278b30a01c22cc8185dc0c605d26c60e5c43c7d9804bcf7123eb66cbf78
SHA512 cb08ededc289104eeff62e5f875a44bcde57ff54223b3f9c074ef9c8b989318124f621701942ac915a501f33d088942e669495d1ec090c8ee88a3615eae29ea2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 804326f8bd51789f9771a37e66280b09
SHA1 041ead22b9dfaeb694d81b9aeebb74d1c3a6782b
SHA256 cd2403a24316b780cd903e7aa54ab551bd51b51d7eabd6fe9f3f225e0ce39f49
SHA512 0db74f36f5e2ba700f2f59d228285b2e68adec4d8dbe216c57588b94ec017cf20d69b3db31555d139fc1ab99b73658628df1a2f750baed85dee29482c04abc1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6ceaa130d066628509f6b4f704bc9049
SHA1 5cb7a05aa335c18fde3c0edc788109c6446f62ce
SHA256 0bc50455eca600aa676d0abad4683023c115df27b43b9cea80ff451347d0e8ca
SHA512 75b3903000afb81d56b67f2b729408a5d5b5a106cf8443c11456c4e29ec5ff71f1d4cfb75ba3746e833618b88059a9cb42a0f4a7657fbbb3ec7161648e8cba69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc5407f9d3d900eee42af322a9e144f1
SHA1 3b34c4cfc7c8d075696e836373476d1c0399a64e
SHA256 b9256b6544eba08447066a164b72ba5f462f5566b0a3df8cbd0ae4f26ca1245b
SHA512 7be19e6316af3e4bc6ccabf538f51ab3fb682b4df53620e9aa8275672415eafaa1c6fb6d8bcdde34ae50822ec01fcb56615882dc0cd21573eda4c430b0436b56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 293c463e155cce408162528d1ec95e11
SHA1 fe53f6ff976fa4d2dde01654b3281a4d72711053
SHA256 d40787564b4f1f6edb81e29ce9fa98c4463f81aaed39c54d9965b867790903c9
SHA512 ada281e7145cab1156ed691b338052ba8b80a6f5febf68e7351c1ad13b48672c821cf432d5a93b04984de7786ea0c227add7214587398ef9774affcd4fd6f5f6

C:\Users\Admin\AppData\Local\Temp\026d1a02-fa0e-4291-9639-232e7cae9f72.tmp

MD5 2cc86b681f2cd1d9f095584fd3153a61
SHA1 2a0ac7262fb88908a453bc125c5c3fc72b8d490e
SHA256 d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c
SHA512 14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

C:\Users\Admin\AppData\Local\Temp\A9R8mydo0_1apsi2a_2ec.tmp

MD5 d80a3d394ccc6789a8af4bb65f90e397
SHA1 b248a6f97e672a3d06750406e677e446426ef05d
SHA256 a9544cd3f648861cc1fa2f2526059f580ba07147c8bee8f5846b49a96f497969
SHA512 1820148a0ae668a3161f163a4219c01efea255df8fee2a64898dcf2dbf85b868bcd8bbd76cc1afc5711b0c56c616a8c22b967d53af651bc3a3d043c915846221

C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log

MD5 cf3c4f3c2e2c36322aa0eee7ea506395
SHA1 172a2d0a505afcceebd0589355fc97bb8547f92e
SHA256 10150e99b4c26718d4093844091137d02ca4be0f04c34f509842023bc385326d
SHA512 b1d51929cbca97b09f690f2705fc41fd98a0a8d2af57f74ce1b5264ee39c0f5304c3637a4fa4bf0f04a4cccbf7f0bcbde2f3d96436b4682bfa114a497606bb90

C:\Users\Admin\AppData\Local\Temp\aria-debug-1192.log

MD5 dc5b81d23eee4e226b024c3c3a9d3f8b
SHA1 3a53565be021cdba4c76d363e480b96b02a55bc7
SHA256 9f0971f6cf2bcc1d7a454be58dff8a946185bf838bd5e92b6ac01ab22d85534a
SHA512 8b3bd9f4988aafe656a8dcc232f872c335bedc081c60d3479d05fa99b8a5f723c660393958f2eb6d6c6c2febad270ffaaaecb2be50ee11328ef14824685d8641

C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

MD5 4e3fdb936cb4c5fb309d1976bf607791
SHA1 fe0e203c33d20c9301bf21d552bab702fdd271e4
SHA256 6f0c6ea43541db05552a5f66ab9f7af5a14b4e415efb8053b129037a316d7e25
SHA512 4a44dfd21520bb1ca3a3ab32d6e4683c1c26b332eeb3506b893cb88b8d28f5149f4f94f7a5e495429882332eae812ff0b10a8b728102d1260b507d8483e7a548

C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

MD5 63140c90345fc2d661b8201714b9c333
SHA1 8763d91ea0ee88513ec77c716e124f78756bfc1a
SHA256 efbc58862e2a2d1cfd8c000c1a6912d9f9d07f3d7aed65a46fce81ad241ed19d
SHA512 7acc0500b57511d7e06d267bdeeba9829ef1b0e6ea616a8668cdd7ceb16218a8308930abcbcf1a922abfd4af61f33dc8f7186979a4c595d124dd8b532fb73702

C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt

MD5 d059f0703ff63786d9bac9d086e8a621
SHA1 1f3abe3f7fd1a3fa59b903ad47b73f8d8b8b1ef2
SHA256 c32eb22aae0e60cfed974a936506ad76307614a62f3237b1095c5eca7e51c063
SHA512 c8872b53d1fd9f916e846f4818fbe5af2646d01a746cf6d077257a48d25a196b9ec112c59a55960d48a5bce22d0ad09ce712c20e76a38aa07c6d10084066eeb2

C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI7F48.txt

MD5 2850241829f8abde45231d91bcb41c07
SHA1 05af867152afec6b707d005fbb9b2cfe375c8603
SHA256 d3c870f1f1730e4ebbc812e7b6fddde9d724093dbcea1e3d36975a599408af6d
SHA512 9c549869ec3a52061ca91a4eeb98571b14e9c4cbd0ce2e07f38f5d1aec7b458315f1747ef3bfb34409aa01dcadc33e355c465728b5699ad3ba68993609443c9b

C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI7F62.txt

MD5 05c4e7db5c1ab65d12ac28922a16d970
SHA1 c7af528221045903075f19efef33d5e536e0bef3
SHA256 7a9e6ad7b13fb2cda6fb60fa89d0d4c0e6a708160c5dcde30207a13c9ef292ee
SHA512 77862b93d32fde1bf9ed7d60fbe044c8f5eb6e85d1d7e514c13fb5af9c377ab50fdb0d967047c5cd047e3676b525d83b73874cdcd4a0e85fb4a800339ed6d974

C:\Users\Admin\AppData\Local\Temp\NDTNZVHN-20240404-1224.log

MD5 10df6f1fb06ec03044260a7cd074392c
SHA1 d8f976e3f3c5801bbadc627895e2283a40852027
SHA256 026b45a95b166c64eb8fa007d9d8110d7403f7ff63c08296bf5d9048f2505bfb
SHA512 8b216dd5c03ad4da2c97284220497437ca29a7e315ee3055aea5af5d8025c400487c54c73d932ab73abc8673d2f2f5c3375d21cb54b5afcbefd1e1cb87a8defb

C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240404_121956800.html

MD5 0740a5de530880b0f2c5cbe8bb95a71d
SHA1 344368186c325c615f2d9e426091e2b08d9aa400
SHA256 69a884fb2f5f622b4a0b88fe15764a21065991a69a7c7272fda13136224595f2
SHA512 b5817b75583bbf0bec3967fbfd60387d6c1b6106e9bfb4600b712b91a48abcc13778757339dde5f3c9547595455bd3e6e4decf0358e7f2424e0c4957bff7da03

C:\Users\Admin\AppData\Local\Temp\NDTNZVHN-20240404-1224a.log

MD5 d661c56349936db3313def21f44bb7b6
SHA1 00cec397371f5a0d1efb39b0867e96d026efde3b
SHA256 ce1e9b82a9957659379c348f0777bc9111745c3cfc3a139ab915ecdda84deeef
SHA512 2d1f9d74c8ae253a1ef974f1670c0ca36ae09cb4e933384511919abad39977dc1f209a7367e79b0885acb85be4f90fc23e76a0ede5b96d814a8b8a7f87743806

C:\Users\Admin\AppData\Local\Temp\wctEA1C.tmp

MD5 e516a60bc980095e8d156b1a99ab5eee
SHA1 238e243ffc12d4e012fd020c9822703109b987f6
SHA256 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA512 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

C:\Users\Admin\AppData\Local\Temp\tmpFBDF.tmp

MD5 ab4df4168f941f5679eb7119ad5173d9
SHA1 318ef17a1e36e7d6ebec03bb05598991a2fb0cd3
SHA256 416a897d88bae305d497c15f33b500882e744e8c8aba47d7613071ff38e5d90f
SHA512 71bcd157a57f8b68cb0d51e1beeeb270be43043516d7de1f0f9914202cbf5011aa65b79c9d7f1eb20e2da052be005000fb3759d79430c8f60fc8333b107c3a27

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 d63f3150ecdcbdb09cd01d62ba4bbc7e
SHA1 2d886ef03392409f8108d1c12777ef83516edc49
SHA256 cfa56075e13d8c466759e1d8776be9e3c6771f6fda2644886834c559b9eae008
SHA512 f9c8b4654e975d7c9ff1db2c0e0dd07ec183c5a58dc4253c8cd9b553a2cd9c1adc4d08dd50363f1ae9c1396831e9d71ac3c07191d1bb58aafa92b19512c9f475

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 ea9446862246c7213dd9ccda2d37d0f6
SHA1 40867bbb224aded46a3429b4be187256be639174
SHA256 b0631e73adeda5c45efabf53b4a4a119d5c2634c15e38250f8aaf11144035117
SHA512 c746fa4fef0a115c49858a3ecb503b9fa9dd3a1831eec124850ca4d33b8f8aa69ecec16c9e3305c5264f5225626f216f56256d69786f11fe18e5f244b9fd826a

C:\Users\Admin\AppData\Local\Temp\jawshtml.html

MD5 b2a4bc176e9f29b0c439ef9a53a62a1a
SHA1 1ae520cbbf7e14af867232784194366b3d1c3f34
SHA256 7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73
SHA512 e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

MD5 d68042a9ab5b488cc088f760a97e6220
SHA1 b33e14b4a4182bfb9c832804140eb3ca541de9bd
SHA256 da6c6e148177d640475b272085161158fc2eb7dd2aa1819f52b8d076aa77c528
SHA512 74029a4b7bf8e36eaa44eec72f08cc57eb6fec11cf31663cbb5b4cfda3d3497b9a723338c4ca51b2da29543da79db9ab58421a2bf2ca04d140662b90efa26057

C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI7F62.txt

MD5 2a473eaebf3ad02a2c32a7c15308ab19
SHA1 1c915df7f513e7d434f5d16285f0c504a7c2a53a
SHA256 27b5408821e9896167182e1a276b6b025961cba888d886c8fab78b2c77249f5e
SHA512 82b7290d9bbc31e1bfb303b84dcd6734f36170fcbe026ccbafd4f25edcc321d82ef311647dae2844265c24d41c2bc8eb86ac194201c66d19c8dd6f3a386a66b6

C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI7F48.txt

MD5 50ce1e211c04b27a0640f404f9e95d73
SHA1 c34ca5aac1f5ba244344fe508f387a225c8ad527
SHA256 1f8ff9371f3f6014d55e78e2fa82d15369ac3cd2e625dedc772b91c2a318e7d8
SHA512 0c0b521c8a5a7d6bd1f667681664ed1e23610aaece1a3a160e430bc807fd40f4f1d747a962fe88ce1c672ec364ba7af7ca5ebca7f6a596914565735d0b02e945

memory/3176-391-0x0000022281320000-0x0000022281330000-memory.dmp

memory/3176-375-0x0000022281220000-0x0000022281230000-memory.dmp

memory/3176-410-0x00000222854E0000-0x00000222854E2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d0034464d47345eda1bd5576c2c50cf
SHA1 7a7cf444d2c752ac2df79103a8b951d7ce10ecc6
SHA256 2da88dacf5752efe7ab79ef7600e03c6380b20fbaa18751fe9dcc37c325f56e4
SHA512 e03943fa99b2455c1654094c89700b9f69a30d33b6dc005522e55e12c0931a0ffb09471a619e70be6fcf56215c3a5e452cf934cdd21235631b955f7a0ea8f6ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 94133f497accd38546ef4b72140e5321
SHA1 4f540a01f7ac3c9d8f691e9813471e15cc1e2474
SHA256 d395e14f0323171bf3ce01fb8f5e623a776b788c336e8fe0847ce6e017aa2af0
SHA512 91893ab2dd418a79dec63d488d413d5287e20f763cd263f37c6e246f56d9add5159224ec495d942bd2dade7d7eca43b608ef0db6be2e30c59ae47a918896132c

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 191f18f09168f57cf73bdbd2171f18cc
SHA1 89be102288e850afcabe5dfd8a0fe22d82a95193
SHA256 4fa1bfe5ebfe8e82072a950592de03a5060aaedf9befc9934fa2b607e4c25cc9
SHA512 3555d0d07d043c2b975180df8a860ec93c17f50fd6d9c4d3ced0d6793f9e2155072eee4492f72889568bf795f724ab65362b716489b13dd4ed337ae117812a57

memory/2228-638-0x00007FFFDF930000-0x00007FFFDF964000-memory.dmp

memory/2228-655-0x00007FFFD0380000-0x00007FFFD0391000-memory.dmp

memory/2228-647-0x00007FFFD08B0000-0x00007FFFD0ABB000-memory.dmp

memory/2228-654-0x00007FFFD03A0000-0x00007FFFD03BB000-memory.dmp

memory/2228-653-0x00007FFFD03C0000-0x00007FFFD03D1000-memory.dmp

memory/3176-656-0x0000022286740000-0x000002228718C000-memory.dmp

memory/2228-652-0x00007FFFD03E0000-0x00007FFFD03F1000-memory.dmp

memory/2228-651-0x00007FFFD2800000-0x00007FFFD2811000-memory.dmp

memory/2228-650-0x00007FFFDBCA0000-0x00007FFFDBCB8000-memory.dmp

memory/2228-649-0x00007FFFDE090000-0x00007FFFDE0B1000-memory.dmp

memory/2228-648-0x00007FFFD0400000-0x00007FFFD0441000-memory.dmp

memory/2228-639-0x00007FFFCF460000-0x00007FFFCF716000-memory.dmp

memory/2228-646-0x00007FFFDE500000-0x00007FFFDE511000-memory.dmp

memory/2228-645-0x00007FFFDF6E0000-0x00007FFFDF6FD000-memory.dmp

memory/2228-644-0x00007FFFDF700000-0x00007FFFDF711000-memory.dmp

memory/2228-643-0x00007FFFDF8F0000-0x00007FFFDF907000-memory.dmp

memory/2228-642-0x00007FFFDF910000-0x00007FFFDF921000-memory.dmp

memory/2228-641-0x00007FFFE02C0000-0x00007FFFE02D7000-memory.dmp

memory/2228-640-0x00007FFFE0780000-0x00007FFFE0798000-memory.dmp

memory/2228-637-0x00007FF63C2C0000-0x00007FF63C3B8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1fa438799265bc231ca5ff736aad9dc2
SHA1 95b48e6c8f177441749a7e6ce0e87f00d7a16402
SHA256 6816ae979f8596802bab8823d9bc72a36aeb8cd44043ea63a5af086f1676b18c
SHA512 3a379f0f9dceea24133ac9fdad38ddd01344bebf35a5c5fb7699fd233a0716dccb3e8a85b0299b40cd522dec2a62c5740ceb935f7a5381092c569993a391b638

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

MD5 f00b90b4e87e6d1405ba3fd6ac34eee3
SHA1 47250ae41099635e396ffdb5d1adb7b18aaea432
SHA256 3955ac256a55537fd2882f4f544b93940fdcddc8eafab9b1c532225984aaace2
SHA512 bf2ab2fb70eaf968f19bfe373a89e3c3fdab2440b11fb0e442c147c779980cc000b69522bfd2f8f0903b7a83fd212588bf34122bdda486321234da93ee5c3ebe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e8038eba161e3234c164078101ea6a4
SHA1 d721b355f18956242133e282619ce5db94edf8da
SHA256 20e337d2b957ab089e2758a7f458e023504680a28661b71b800c007d9c852f3e
SHA512 106cc63acfdc220f6e952ab84409267b111e71ff768d03a182e8c52e81fe8f33d82a6519c41964adc1436ee1c00fdc7cef604067dd947fa2de8cc5a67fccbefa

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 bcff086d72cc037eaae049b54b6a6c34
SHA1 99ee3636b2fc6c12365cc1b16cbc84c206e3b9e8
SHA256 b6ffcaeabc5b2e2c6d82504d38e34c029e018d3f1829a1721d31f79e99cdd563
SHA512 17d5d1466236a025cb549396e158eedf46e0dc0dd449551822bf70f6c328321df255e3a9a4ddead116f15486cb8bac15bb9ee6a658434a37a0c18af9d3df9ba6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c64929d71f8769929406b672778db163
SHA1 9dcbf05f8029ec6263ec43b6958a54626adb62d1
SHA256 b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a
SHA512 9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84e87beea9b8c401b5b0a42f7d7c3d8d
SHA1 341c061d184723b1837bbff49f204f4d2838cc78
SHA256 ecd868ac5b95fdac31b63fe29e125b153dac83d0f1fc9188cd32a6bba3422a77
SHA512 ba1a60283e56d8dd5b7f8791a1d776ac1420f6b709a928963a1124cf431c2fc9cfbea4e5278429471d0d31ac85e3bbdd639bc59ec146e3382f59194d00e41c34

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WFQ509M6\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 ea10b726744600b1ee6240ef1d8ed6b6
SHA1 96bcfe8d4f7a058fe7a9ddee2801c924571726d1
SHA256 9ce5bc30c985212de5fc903f646c6d0b8edc81714d528ab96a131ec228d8a602
SHA512 94cf12c6f271346eb8e58f05e5b65f6193f67a972ce2d52e129a567adace22b41fe4a5b75d88740921ccb9292168bb728f3e62e06873495ac45840946f49c88b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 c41ab5352ba79baac9ac093dd7eb2500
SHA1 1ffb0e70f86845daba211aeda43cad539d34ffd3
SHA256 558e13bb7aa293569457e9703d2db37e8365e2ab670b2c3484ada9336ed24895
SHA512 ccebe3f11039e14d39d4102652669fd372d179778bf73fae0659dd01da569bbf850b273cd3a4e13dc77b3fd4fb4d84d01525ac3a0dcb23b297c733da10bc2ff0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 534e5256a495b2e2d7df7bc39f075de0
SHA1 07b7940befc4b0dca22ad6c69afcce196c256f51
SHA256 609d8b31963470dda521842e55d0e15a4dc230610de791df9ced02453530d6c8
SHA512 ef75669b8866b395014db4407c1ca4587001882fafa53c62e8ee1277c405819980b76d3238944594dcc3c3cf5945b5f5df658a46f7dc078d447107342aaa6987

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\xmltreeview[2]

MD5 03710426ab25ad1280e197f61249f9de
SHA1 f5e7a6fd42503ae4758bc36c8dd78d98efb35047
SHA256 21e63f7c77896ed2b5f115957f2448e0a9e2dd738d7d487e471217421f6a93e1
SHA512 213cb55b8573335d1384ae704ff4267f224376056f71548660f9b2fdaa1203d8abddb787900aaf5d1e0ac6e5be261f713bdbefb67643d08e8d3672512a1af588

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B564AA6E-1B3A-11EF-B03F-D654E02D47C9}.dat

MD5 d4a494e68ef01d137cf9849d8de23838
SHA1 c7811fc0e829c5228aa7807bf00e0ea60119ffa9
SHA256 eef4c13ababf11784a202ff9985c740c541f7c354d1c45fb0a48b69c1a9c4f7c
SHA512 bd33988ea7a0fe4715f67ef042eb006242cb56bd483881e2610d7bd885801156df8618f73b1e3b672bf3ea3482fcd1beba31462a7f4ebfd72d1ced35c2eeebd2

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 a839568930bd2751c309d61b4d031efd
SHA1 d4402953a69e83bf25a809f2833af1c2435e8d2a
SHA256 b83d3390f9425789b2282d2a2f0c9758c5d34c1571c9f5d7566cd0fa251b3f5b
SHA512 fc4d83e5da4a7f24e465419929ce82c09f34a245bbc5e1551075128bdd274d1834702f774081b4c6f56e611c28eec205217dd512be25816e3af8d09d966b551b

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 89ec09e0bc444730f68cabaab3ce1c49
SHA1 ce76c7aee71bf17012903223931228cffe846b8f
SHA256 73bad53d60567998551384427e9b84214ad141a9bbcecf8b6e29686dca4855a2
SHA512 9471a8b30c4317a91c74f2116b8330e3bda3f735de29451e8e6c8e21ae463cd5f57cda1c14746fc9acac551a1e1e224f17dc224980dcf7cb9967c6f314d40fe6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DP7TYXVV\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee