Malware Analysis Report

2025-01-03 09:23

Sample ID 240620-q2dd1svdnk
Target BlueStacks10Installer_10.41.210.1001_native_d72be3f131a47f5cfac7288d1e062210_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
SHA256 52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26
Tags
bootkit discovery persistence ransomware
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26

Threat Level: Shows suspicious behavior

The file BlueStacks10Installer_10.41.210.1001_native_d72be3f131a47f5cfac7288d1e062210_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit discovery persistence ransomware

Downloads MZ/PE file

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

Sets desktop wallpaper using registry

Executes dropped EXE

Checks installed software on the system

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Modifies Control Panel

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies Internet Explorer settings

Enumerates system info in registry

Runs regedit.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 13:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 13:45

Reported

2024-06-20 14:15

Platform

win10-20240611-en

Max time kernel

430s

Max time network

1734s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.210.1001_native_d72be3f131a47f5cfac7288d1e062210_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe"

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ (2).exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ (1).exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ (2).exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\Images\\Desert2.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Windows\\WPCWallpaper.bmp" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\images\\Forest2.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\images\\Rainbow2.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\Images\\Forest2.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\images\\Desert2.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Windows\\WPCWallpaper.bmp" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\images\\Forest1.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\images\\Ocean1.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\images\\Sky1.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Windows\\WPCWallpaper.bmp" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\images\\Ocean2.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\images\\Rainbow1.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\images\\Sky2.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\Images\\Desert2.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\Images\\Forest1.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\Wallpaper = "C:\\Program Files (x86)\\Adolix\\Adolix Wallpaper Changer\\Images\\Forest1.jpg" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-2DHE5.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-IMGFT.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-43HOP.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-N6FIL.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-GAFM1.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-49RTD.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-0M9A1.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-SPDD8.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-LGTVQ.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-IFTJ1.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-F7A4Q.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-50PQU.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-IGMCP.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-LVT5U.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-84KKK.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File opened for modification C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\wallpaper.bmp C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-7U1MA.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File opened for modification C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\wallpaper.bmp C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
File opened for modification C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\settings.ini C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
File opened for modification C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-OA835.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-LMULK.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-QTL8D.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File opened for modification C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\wallpaper.bmp C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-02BRS.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-UQGK1.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-ELJBQ.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-HMUPR.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-IIRMA.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\is-3FNJE.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-PNETP.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File created C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\Images\is-39QU9.tmp C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
File opened for modification C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\settings.ini C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
File opened for modification C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\settings.ini C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\WPCWallpaper.bmp C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\SysWOW64\Taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\WPCWallpaper.bmp C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\WPCWallpaper.bmp C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
File opened for modification C:\Windows\WPCWallpaper.bmp C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\SysWOW64\Taskmgr.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\Downloads\AdolixWallpaperChangerSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (2).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (2).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (2).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (2).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (2).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (2).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (2).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\PrevWallpaper = "C:\\Windows\\WPCWallpaper.bmp" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\TileWallpaper = "0" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\WallpaperStyle = "2" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\WallpaperOriginX = "0" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\ C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\WallpaperOriginX = "0" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\WallpaperStyle = "2" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\WallpaperOriginX = "0" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\ C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\WallpaperOriginY = "0" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\PrevWallpaper = "C:\\Windows\\WPCWallpaper.bmp" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\WallpaperStyle = "2" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\ C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\TileWallpaper = "0" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\WallpaperOriginY = "0" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\PrevWallpaper = "C:\\Windows\\WPCWallpaper.bmp" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\TileWallpaper = "0" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\Desktop\WallpaperOriginY = "0" C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633647929467516" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4816 wrote to memory of 204 N/A C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.210.1001_native_d72be3f131a47f5cfac7288d1e062210_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe
PID 4816 wrote to memory of 204 N/A C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.210.1001_native_d72be3f131a47f5cfac7288d1e062210_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe
PID 204 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\HD-CheckCpu.exe
PID 204 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\HD-CheckCpu.exe
PID 204 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\HD-CheckCpu.exe
PID 4612 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 4988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 2560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 2560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4612 wrote to memory of 3672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.210.1001_native_d72be3f131a47f5cfac7288d1e062210_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.210.1001_native_d72be3f131a47f5cfac7288d1e062210_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff93aa39758,0x7ff93aa39768,0x7ff93aa39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6a64e7688,0x7ff6a64e7698,0x7ff6a64e76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4708 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3100 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4328 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5548 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5580 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=812 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5656 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Users\Admin\Downloads\AdolixWallpaperChangerSetup.exe

"C:\Users\Admin\Downloads\AdolixWallpaperChangerSetup.exe"

C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-INP0Q.tmp\AdolixWallpaperChangerSetup.tmp" /SL5="$701D8,3138367,53248,C:\Users\Admin\Downloads\AdolixWallpaperChangerSetup.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe

"C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe"

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe

"C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe"

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe

"C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5148 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5152 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5316 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3164 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5964 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4804 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4872 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3152 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4632 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3032 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1500 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4484 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5112 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2460 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5772 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ (2).exe

"C:\Users\Admin\Downloads\MEMZ (2).exe"

C:\Users\Admin\Downloads\MEMZ (2).exe

"C:\Users\Admin\Downloads\MEMZ (2).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (2).exe

"C:\Users\Admin\Downloads\MEMZ (2).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (2).exe

"C:\Users\Admin\Downloads\MEMZ (2).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (2).exe

"C:\Users\Admin\Downloads\MEMZ (2).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (2).exe

"C:\Users\Admin\Downloads\MEMZ (2).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (2).exe

"C:\Users\Admin\Downloads\MEMZ (2).exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4384 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4484 --field-trial-handle=1616,i,15294447706742599932,8333163706475432308,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3dc

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\9801009159a7474cadd533c214e6b524 /t 0 /p 11200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\ea18a15e5fe044c289d661b77e32f88f /t 0 /p 12000

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\48f2730a9d2d4c13895eff0f3e2b0c3d /t 8220 /p 9048

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\1b9c1aa1f3d3460b840bc17404337faa /t 0 /p 8600

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\75cecec23cb74039acfc89321c76fa30 /t 9564 /p 9420

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\f85cac408579424888b42164ba494c88 /t 9768 /p 9720

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\6f5bf37318fa420e89eb617fa0459c51 /t 9952 /p 9904

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\c73db8ddca99464b833c17942a286810 /t 10072 /p 10028

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\a44fe22ea48d4da0a3118c81a394bdb9 /t 9496 /p 9288

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\3bda463f950a452d841f3b7aaa1d6296 /t 10436 /p 10016

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\d66b3b0263704004b2fdb5e5944293aa /t 10592 /p 10544

Network

Country Destination Domain Proto
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 181.86.160.34.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
IL 172.217.22.67:443 id.google.com tcp
US 8.8.8.8:53 67.22.217.172.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 img.youtube.com udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 172.217.169.46:443 www.youtube.com udp
US 8.8.8.8:53 www.adolix.com udp
US 44.212.230.219:443 www.adolix.com tcp
US 44.212.230.219:443 www.adolix.com tcp
US 8.8.8.8:53 cdn.adolix.com udp
DE 18.66.192.17:443 cdn.adolix.com tcp
DE 18.66.192.17:443 cdn.adolix.com tcp
US 8.8.8.8:53 219.230.212.44.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 17.192.66.18.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 44.212.230.219:443 www.adolix.com tcp
US 44.212.230.219:443 www.adolix.com tcp
US 44.212.230.219:443 www.adolix.com tcp
US 44.212.230.219:443 www.adolix.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 89.192.66.18.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 44.212.230.219:443 www.adolix.com tcp
US 44.212.230.219:443 www.adolix.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.adolix.com udp
US 44.212.230.219:80 www.adolix.com tcp
US 44.212.230.219:80 www.adolix.com tcp
US 44.212.230.219:443 www.adolix.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 cdn.adolix.com udp
US 44.212.230.219:443 www.adolix.com tcp
US 44.212.230.219:443 www.adolix.com tcp
US 44.212.230.219:443 www.adolix.com tcp
US 44.212.230.219:443 www.adolix.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
DE 18.66.192.17:443 cdn.adolix.com tcp
DE 18.66.192.17:443 cdn.adolix.com tcp
DE 18.66.192.17:443 cdn.adolix.com tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 177.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 154.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 228.185.173.18.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
DE 18.66.183.220:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 220.183.66.18.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
DE 18.66.192.17:443 cdn.adolix.com tcp
DE 18.66.192.17:443 cdn.adolix.com tcp
IE 68.219.88.97:443 c.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 204.79.197.237:443 c.bing.com tcp
DE 18.66.183.220:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 172.217.169.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.67:80 o.pki.goog tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
GB 142.250.187.196:443 www.google.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
IL 172.217.22.67:443 id.google.com udp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 172.217.169.67:80 o.pki.goog tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 motherboard.vice.com udp
GB 142.250.187.196:443 www.google.com tcp
US 151.101.194.133:80 motherboard.vice.com tcp
US 151.101.194.133:80 motherboard.vice.com tcp
US 151.101.194.133:443 motherboard.vice.com tcp
US 8.8.8.8:53 133.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.vice.com udp
US 151.101.66.133:443 www.vice.com tcp
US 151.101.66.133:443 www.vice.com tcp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 htlbid.com udp
FR 52.84.174.81:443 htlbid.com tcp
FR 52.84.174.81:443 htlbid.com tcp
US 8.8.8.8:53 81.174.84.52.in-addr.arpa udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 vice-web-statics-cdn.vice.com udp
US 151.101.2.133:443 vice-web-statics-cdn.vice.com tcp
US 151.101.2.133:443 vice-web-statics-cdn.vice.com tcp
US 8.8.8.8:53 oembed.vice.com udp
US 151.101.130.133:443 oembed.vice.com tcp
US 151.101.130.133:443 oembed.vice.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.npttech.com udp
US 172.67.155.215:443 www.npttech.com tcp
US 172.67.155.215:443 www.npttech.com tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 video-images.vice.com udp
US 151.101.130.133:443 video-images.vice.com tcp
US 151.101.130.133:443 video-images.vice.com tcp
US 8.8.8.8:53 215.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 images.vice.com udp
US 151.101.66.133:443 images.vice.com tcp
US 151.101.66.133:443 images.vice.com tcp
US 8.8.8.8:53 vice-sundry-assets-cdn.vice.com udp
US 151.101.194.133:443 vice-sundry-assets-cdn.vice.com tcp
US 151.101.194.133:443 vice-sundry-assets-cdn.vice.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 151.101.2.133:443 vice-sundry-assets-cdn.vice.com tcp
US 151.101.2.133:443 vice-sundry-assets-cdn.vice.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
US 18.245.199.47:443 cdn.privacy-mgmt.com tcp
US 18.245.199.47:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 47.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 246.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 firebaseremoteconfig.googleapis.com udp
GB 172.217.169.74:443 firebaseremoteconfig.googleapis.com tcp
GB 172.217.169.74:443 firebaseremoteconfig.googleapis.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 softonic.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 softonic.com udp
US 199.232.213.91:80 softonic.com tcp
US 199.232.213.91:80 softonic.com tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 91.213.232.199.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 151.101.1.91:443 www.softonic.com tcp
US 151.101.1.91:443 www.softonic.com tcp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.193.91:443 en.softonic.com tcp
US 151.101.193.91:443 en.softonic.com tcp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 assets.sftcdn.net udp
US 151.101.193.91:443 assets.sftcdn.net tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 images.sftcdn.net udp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 8.8.8.8:53 135.230.219.23.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 articles-img.sftcdn.net udp
NL 23.62.61.112:443 articles-img.sftcdn.net tcp
NL 23.62.61.112:443 articles-img.sftcdn.net tcp
US 8.8.8.8:53 112.61.62.23.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
US 151.101.193.91:443 assets.sftcdn.net tcp
US 8.8.8.8:53 assets.sftcdn.net udp
US 151.101.129.91:443 assets.sftcdn.net tcp
US 151.101.129.91:443 assets.sftcdn.net tcp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 softonic.com udp
US 199.232.209.91:80 softonic.com tcp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.228:80 google.co.ck tcp
US 199.232.209.91:443 softonic.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 151.101.65.91:443 www.softonic.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 151.101.65.91:443 en.softonic.com tcp
US 8.8.8.8:53 articles-img.sftcdn.net udp
NL 23.62.61.112:443 articles-img.sftcdn.net tcp
US 8.8.8.8:53 images.sftcdn.net udp
US 23.219.230.135:443 images.sftcdn.net tcp
US 8.8.8.8:53 assets.sftcdn.net udp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 157.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 143.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe

MD5 c8ec5e0af9329936df1fb6382f092687
SHA1 fc8a59149198e5acef2ca6a51f01d1e3ff0f50fe
SHA256 7b3fcbf635508cde1dd74e41b3914f5b85bdb8de1bcece745ac6a05ddfde63da
SHA512 1bd43948428d964b94befe7e2b9cd74e0cb5d6af76f5adb166323510b2f775ae479e781df104222197ac5e04e83e885cf6a5ec65c7bb3c5aebd45dead24439cf

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\BlueStacksInstaller.exe.config

MD5 1b456d88546e29f4f007cd0bf1025703
SHA1 e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256 d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512 c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

memory/204-113-0x00007FF93A5B3000-0x00007FF93A5B4000-memory.dmp

memory/204-114-0x0000000000550000-0x00000000005EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\JSON.dll

MD5 f5fd966e29f5c359f78cb61a571d1be4
SHA1 a55e7ed593b4bc7a77586da0f1223cfd9d51a233
SHA256 d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156
SHA512 d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

memory/204-116-0x000000001B2E0000-0x000000001B348000-memory.dmp

memory/204-117-0x00007FF93A5B0000-0x00007FF93AF9C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\Locales\i18n.en-US.txt

MD5 206562eed57e938afe21fc6942fa8e59
SHA1 779e90fec866c0fd2f47da020651db71c89ec3dd
SHA256 27d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45
SHA512 275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\HD-CheckCpu.exe

MD5 81234fd9895897b8d1f5e6772a1b38d0
SHA1 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA256 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA512 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

memory/204-121-0x00007FF93A5B0000-0x00007FF93AF9C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\Assets\loader.png

MD5 03903fd42ed2ee3cb014f0f3b410bcb4
SHA1 762a95240607fe8a304867a46bc2d677f494f5c2
SHA256 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA512 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\ThemeFile

MD5 c3e6bab4f92ee40b9453821136878993
SHA1 94493a6b3dfb3135e5775b7d3be227659856fbc4
SHA256 de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6
SHA512 a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

memory/204-128-0x00007FF93A5B0000-0x00007FF93AF9C000-memory.dmp

memory/204-127-0x000000001C8D0000-0x000000001CDF6000-memory.dmp

memory/204-129-0x000000001C800000-0x000000001C838000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\Assets\minimize_progress.png

MD5 1504b80f2a6f2d3fefc305da54a2a6c2
SHA1 432a9d89ebc2f693836d3c2f0743ea5d2077848d
SHA256 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6
SHA512 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\Assets\exit_close.png

MD5 26eb04b9e0105a7b121ea9c6601bbf2a
SHA1 efc08370d90c8173df8d8c4b122d2bb64c07ccd8
SHA256 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157
SHA512 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\Assets\error_icon_72.png

MD5 4aaf83d2b3fd56ad806708e60474df39
SHA1 144777a265879b69fadea3eb3ac6939458918578
SHA256 84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f
SHA512 3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\Assets\link.png

MD5 ae2c73ee43d722c327c7fb6fdbee905c
SHA1 96f238bf53ac80f5b7a9ad6ef2531e8e3f274628
SHA256 28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf
SHA512 5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

C:\Users\Admin\AppData\Local\Temp\7zS0D278FE7\Assets\exit_close_hover.png

MD5 92c2bf222d6ab81fe7a0c072bf31c107
SHA1 8853eb08a2aa3e99fae6dabb9cff6461704f2a2e
SHA256 bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709
SHA512 6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

memory/204-139-0x00007FF93A5B0000-0x00007FF93AF9C000-memory.dmp

C:\Users\Admin\Desktop\ConvertFromAdd.ram

MD5 51e42c9448758f5e3476db86b7673158
SHA1 0c77b50d76ffbaca26160b789c49842b15396b0a
SHA256 84e6e5e4235976d0aa6c2d76d66a0157e9273abd529a387648698fd2ddb1173f
SHA512 6151fa58097c8a8405752bb9524e4627c6bd0197217ea903a29cfd45aa20486572fab7d777de947a33222c447e3982b462a0062a90effe9edca930215670098a

C:\Users\Admin\Desktop\ConvertFromClose.DVR

MD5 7cb7f27dc3d08d8c62eda0f68906b097
SHA1 2719bd897a25884d86570366c22f2d8e5882166c
SHA256 530b5cb26eb31caffa1f445ef9a39cd91fa1ed80c40f8c12e666fad71a3b4f57
SHA512 c357fc96bc0f23a81bdd039724b15cbefb1500ea02b3ec8287b6a6dd6cd2c3b6f21c1e067647637cb7a62d0ff09e676d1a3b65b5aac5ca986bccdc9703b1d290

C:\Users\Admin\Desktop\DenyPing.easmx

MD5 c2aa20b6eee3a6e44545b62f49c2d691
SHA1 eb91ba5a84b9ee1f1eb9aad157cb633083873e3e
SHA256 b51b4e20593912a2aedbc3282adeeaf53678d654e37bc7b189a5547b1d7fa9d5
SHA512 c1980d3f7739d4236d3c97bc4f7464bbb1ec05b6dfcb70dbf6d684a58d4268ea5b7f4946962c44f93a02f557259049efb1e39062043bf359b33316fd127591e4

C:\Users\Admin\Desktop\AssertSend.midi

MD5 1b396170deee8a3cbab4e0cb6bde9055
SHA1 64cfae56ef0a8bb8e753b2a6b5ee86020c09b803
SHA256 ee4d353aad5badc2678309520fa8aeb1d6ef311c60a03f3df91cb8e82920307a
SHA512 ef9f84d84253ddeecc4a64b743c4d210812b51ae9f516fca988c241da97d047dfc8acbda53fd86234b9613bd604e664a56376532162bca8f21967d7ca95dfaf3

C:\Users\Admin\Desktop\ApproveResolve.pub

MD5 9cc808f19f53efcb195a386f0aa7378f
SHA1 3212106d8791371088821c1734eb728127354617
SHA256 8fee7993b60dd478d9e9e7c0621da9518fbb9c1dbad0026fd58ce8ea3e46a442
SHA512 6a1fea22f4f23fbd8c2dad4ef2098d2d6cbe17705c209c1b34ff7f9146bb00f8a2e8fa89745cf3b4af48e3f17c531d3b0a4371908efb6f92c2676144caaa1b8f

C:\Users\Admin\Desktop\StepCopy.search-ms

MD5 f2bdfdf99d6a701c1319fe79f8c09435
SHA1 1f47201baa26d2073453c0012407ceb660b95205
SHA256 850700312fb10451a4704963eb20d6ca36343855d38030ef0c386274dbf01142
SHA512 ae3685b5264eaaf676b53a09404d3cb07f084a0d59edd98009460b2da26e29f1bbba2fbad4003713006db7f4d42273ef0f724cf56f5a88e296caa6029426c43f

C:\Users\Admin\Desktop\TestInvoke.MTS

MD5 a240d022627b223a890c4b301983c759
SHA1 a2f8223ae01db996bb147d795156e82330e49eb8
SHA256 93674d39f515343dbe910182bd66e68c43c12c1956dc068768cf19b77df2740f
SHA512 177de342a3cd4cc27fbfa36ecea1eeef865063f2ebf361c2d1e9e2b1737ab2e9e6a94974345b60ab433089c9d60ae92a63df893fb1399f334bc0e849e75b548e

C:\Users\Admin\Desktop\SubmitUnpublish.TS

MD5 6eeab9f54f8e60a17d13786ded7f2c68
SHA1 9f23e0e1c68554fbe0b67506b01aa886cd951f48
SHA256 eb967468d7ac36ca717ba13d4db92eee67c79e663953089ada1039a6624b57c3
SHA512 a4304886ffd8d898fdc1f8002c839f836027c91f12ca68a773228b1f6d608f285db4b7cb00561fc96081e7cb04846f86a616c3da4a271ecd497a75a2c42aabde

C:\Users\Admin\Desktop\OpenPublish.docx

MD5 6b6581d7f21e59ca6e000768a9eab3eb
SHA1 ce06fa66a1375973a605f03410bec3cdd9c0833c
SHA256 07c6cccdc3134864d9ad6c6522238d7ffe15e7d526890b9b16e4d9c15d6e998d
SHA512 ad2990960e2bbaffbd23424a18a09a12fb86acb1d5c641c89a616aa081f657dd7f76b3182e63031f1ceb65b73bffcb6fdf331773b96f8d3c461698bc86fc7aa4

C:\Users\Admin\Desktop\AssertDebug.wvx

MD5 062f6440427dd884597534b0974cede2
SHA1 21defa8bee841b4b992a29e17ee36af995ef5eac
SHA256 9d241634801201a83f1bd880f5226088086f235f70f5cb8ccb5b67f7893b03e4
SHA512 3f905595317082ae398f3254f7b3d186c2c098f071438850ee98045c15d61f99b4f42b2cb6eba55c718af55d71b9679bec740fc1c38495085c0833196089a6f0

C:\Users\Admin\Desktop\GrantBlock.ps1

MD5 e68e44f807653f06d96cc71795adf611
SHA1 dd327e7bcf2165641e3ff7d786c202c18f08310c
SHA256 861125bcf232514ef67ebc8156fad59f5517e45c6edd6c700356fcf136c15e6b
SHA512 e07eba0ef99c39dd90e24c7eb370aeb5909e9598cab99c1764453bb932727bf4356ba82838c072d260f029333384fb6c2d3234675c244e32a98a09960e78f882

C:\Users\Admin\Desktop\MeasureCheckpoint.M2TS

MD5 f0c9d18b2aed52907d1826872e31dc6d
SHA1 c1c4627e112fad7703a75554edb334459bcdf08f
SHA256 ca85db9bd61cc1c1a3b2750b0e8360597d38f9a433017fdce4ab5b38c961f4f4
SHA512 cab5783f39e60dc325b872e991020ad33717bce7e12e5564e83e3d2aa0c539672eb9cadba1d88a79f43fdaaa57e6da99b9588c22f482f6ee3129d78ffa8d97c4

C:\Users\Admin\Desktop\MeasureTrace.jpe

MD5 d95e2e8024385f171be305a51fd157ce
SHA1 36a8e26ea8f121ae7f7ccf086b85ef3cc4998ec5
SHA256 c0503c27dbda424bc76063bf55920db1eebc5525170b628eea8f7fac89d75661
SHA512 42c8ca574ecc975d92e5289018cd97ba1a98abfea726ccdb3586de650bf6508ee0d67785b872255b6859ca61ac0c0b75284199ec187b4f4f4830b0ccd331d4db

C:\Users\Admin\Desktop\RestartSwitch.mht

MD5 df38f8b0edbec5f9fc08c3aba52a8483
SHA1 069e724e0f12a493b5c162e063c786652a58cb7e
SHA256 c037bd2fbdf67ac2a84dbc694ecbe5a07af1b82308861ef88e8cc14801ecbda3
SHA512 3e213066a869df5dd1e04d8293d9b49864ef6b79186325e54065a9b70b5a63982267246daa2b064fba2de354a9ac5f1b2a1e6d3dc6d338177a88e043be076f1d

C:\Users\Admin\Desktop\RedoUnprotect.wmv

MD5 50162dd03fb05917abc3f1d66ff0637a
SHA1 89df5e3a8db5d4a945f6c23fc62a4416eedba0bd
SHA256 d439df0c1cda2a4b4a72cdb703efc0c12a67d8497c358e2ec6140e32adedae1a
SHA512 eee7da3262f886b460dc2673adf0c0383e81eba376e6ba394780e592294430d9e77094e83ad037fcd4d7f01cee8b19dfd8ee4552d7717597d291202c465000e7

C:\Users\Admin\Desktop\PushComplete.wmf

MD5 153711f612dd29096207ee2f970db568
SHA1 adde83e9d053a0cd8cb0162637aef693b5bf3b6d
SHA256 6ba4cd24025e9a0e3ea2a2d9c0adb5a23785600367c7ce170e15ce465caa6e0a
SHA512 0d051ee966275f5ca2b911d6d2f35ae6badb196e50c4d7af98b0247cdb180c1b14a511e38ce90d5f64207b5313a049d23be8a0696e6b1e7c9baff8496ddfb47b

C:\Users\Admin\Desktop\RestoreSwitch.cfg

MD5 45c7fde89edb81d61b0713b2c5beadde
SHA1 c35f6b71f42799352d6b2b905566c9c06389c37e
SHA256 2c7afa5c0da98fbb250719eb9e3c4078c75c453ba604516f329fe9596213657e
SHA512 48f80e6c238fe3f50be32a68fd1eedcd48abaa8d840842487688bcc405f16be56e4ddae9f1158c7f26ed3d6e479a3bbace29fdd2481fb3755ee5ed2bb587b622

C:\Users\Admin\Desktop\SetExport.mpeg

MD5 dd05ff82bc5ec765be93f870a61289f1
SHA1 b35a809ac85186a6c74b7e8950430af7e438b184
SHA256 88fa1c354a76dc4a80009c52b1d87f38813406d8a5c856832dbe3cbc2db3f78d
SHA512 2fafe519b6108ad9f567d059db5fe8bb951844b47c1fc578aeafb55459c889502a2259349d2d1e35b3f62bdf88bc367917bc8fe12916b8e42165a6a576d70fb2

C:\Users\Admin\Desktop\CompleteExit.png

MD5 6e84211925fb83de98185fb5f07c38bd
SHA1 094c0f9957b943d32f4fd1f6def3cb55e4b62d39
SHA256 e5a35bda181eebed5c806b8be461da90ece48203459a2d0dfac09753efc691d9
SHA512 61b921630be0d65e6d8ebe230441b4a62d93f79b0469e691024c4ff4c31970d06267432ada38dc7b7c1327a3416d1daeb15c3e75c04f1336ea95fd51ca76052b

C:\Users\Admin\Desktop\BlockSearch.m1v

MD5 ae368286ba63e6ea8359f4ff69861252
SHA1 b29b65498611b7ab7fcd8988301ccf4edea1bcf2
SHA256 f67fdd13f593ffafff261ab45b45d5ed6c50e092c5ad97a2352ac49a7732e986
SHA512 b62a8615baeda4286c66948c156a9662d4bd646210f4da788101934761d009b22d6987fa4d6450ab713a79e0fc5a88a6bc42e47f3dad513ed11ba2c340c9fe3e

C:\Users\Admin\Desktop\CompressLimit.bmp

MD5 645a17f13e264478ea1564eaa8e125ba
SHA1 73231a165341947fae2b46d12782f071d81d2405
SHA256 5aa25ab785d952901bb6f216a2786faab02714058ee14574e6a0adf20c7f3758
SHA512 0be0d6eb0dbe20496cb85ba3ff663fcf53f85024c2c582abc8b704d296294042a1a91d1562b9b9ec8525994398ee4f1cb51971500866b1e1045ea0a04cd653ec

C:\Users\Admin\Desktop\DisableLock.potx

MD5 f9b53d60bb1e429d86e75de967b08b8d
SHA1 46d6a9d3186ba71d553d2ffb32ce9b222f1edc15
SHA256 1133cae947d84d4f5a7631c551f094d2324b30ac79940cc7aebb58f56e6828cc
SHA512 ee6ef0b479fa6c995cb88cf4dbc87ec1faf29091aade970683db3b1398b3b1668857d722226af5794ce525413f095f7614471d0a91ec12b27d5ebbfd853da208

C:\Users\Admin\Desktop\GetUnpublish.3gpp

MD5 3edb4f005d5f519e059696b9b13d1562
SHA1 98177b94243ad65dee5c95129d7d0b26c5699463
SHA256 64c7d45810ce896b091701dd0dff27722eb021d4f65c6a4540d64208d38425d0
SHA512 c02f272a3e2569aa92a453abb7b2156f4a9912b201538ab0dc6a1b03dd823a9aa0076c046957ce4aaa8f6df942be75fe3863352448e252e63494a1ee9716550e

C:\Users\Admin\Desktop\GrantRestart.001

MD5 29fb8c227829c23d85355545a43a5fe2
SHA1 0b230fa12e88d0cb2bfb0f5b3e46a4b31c8d03a0
SHA256 af77c0cf5708cc35b3ef1a5154bad2ba847a1ce5313e7dcde68c43151aa5b6d7
SHA512 0ee89baa71f10e78b1d0d1dfbd44130729ef92c10b5e70c53960bafa4a964d958783f1fd3248568017c0b23b2085a01776d7d9239025f322b104df664499c509

C:\Users\Admin\Desktop\ApproveGroup.mpa

MD5 33ae5429c7ef00b138023e7432c513c5
SHA1 0481724efaf8fd6bf4d477a8adb918a8a1858db0
SHA256 7b1ca258e0e86867d25244a1666faef14beb5f3ea69eb661c9d4d887c41a206a
SHA512 8f87cadf0bb017830496eeb2f4c498c098e6ddaf4c37139cee2d7bd24617d650b1c8b767e88a077958a8d4dfdc124b294526ad584bc11d0b83e8d926d89d6ac7

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 b5c6f9f25ffc78d031287735623c39c3
SHA1 c724b5a92d7647be47f3ee4ccf21c51b84b45a43
SHA256 acf73b2d3fb34beeef3ae0e0d5b88e0f159a77e188a6584eb60c1596f43a0d99
SHA512 f52484b858b5841a86e662005257b1452935068390153925ef8f719b1b5322afa56d5b6ecf066012ff3a35ad00fe04db89e544fa1256deed60cef489d6bdd0ed

C:\Users\Public\Desktop\VLC media player.lnk

MD5 0667a27d5d22cc3abd646432c6ea3024
SHA1 e4f34319ecd1f296e622f477a33fe6f1873af56e
SHA256 555b2726e4721495a486a39dc9968b2ec03b26ebc713421bbdbb39b7a918df9a
SHA512 55e5c5c27c0013a043b7d7265633efd036097a2b3adb2e798068cedbb141377f6034643c3df5b9a2459e8b7790cdaf64f59a11bff7d30113c7f0f4771ed1bf40

C:\Users\Public\Desktop\Firefox.lnk

MD5 3d0a7fb24085093ae0b8650fd0e9daa4
SHA1 361c9ab865d131cf73b15df9532de3ff59f1d2cc
SHA256 67d1a7891f7a191669103ce6a699bcf2f3af24a5697933764afdca2c1755554b
SHA512 20a299cf876a9784d157d18df70bf0b4ecea529e8c74e6bb1621e2589e99582b09920869f7d2b1fde0ba15800cb4a2dff13a9bed64886404866cc9bebbe77286

\??\pipe\crashpad_4612_QNDVZXCJNZBNRQWP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 948d88fe552e83087553432a40d28dac
SHA1 e3100536d565d0fb4f2c0c04cdbc217fc9cd6541
SHA256 11df9d7050ad3c14b25bb4be0f6b44e05204353f734818303a42e6f760b122f8
SHA512 a0b173e7d7399377557bb0d6cf1ab207cc86412408159e22b87e9fed8b199ee9a60b1594a12fbde43c0c12463f3d2756d2ddbb89a9ca2da22769a6031160cf7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c16ea7937f96a49b793012dfbe00b53f
SHA1 8d4aedf4bba4bc6f1ce3339da78704c6854345a0
SHA256 7295d1193d00ede7f9343407b9e3f1dd376e975387ec6cddd8e275a05bb48a15
SHA512 3e1781f4d778da209ca53261aab68f44adf968414624417bb2c1b9a724b8414503cab1f69b2f31a83c9385e4d7ce872347989fae33ba2aacae3958ad8e501984

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3d1ba9de83c5ded551e01d5e459fb83
SHA1 96478047d2ef244d16aa32b241bb38549bf96880
SHA256 3ecaa85b96af432d470723f840a0ccef0d63409b495017d1e156c1b0b7763593
SHA512 0278f14145017445ff41b928534e47258c912a28f35af6375b6ea40ab82d53a6a02a42d91830b5fdc0abfb009fc00a0301e372316ef0d01cbd9c165f8247b4d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7d5f736181abaa3adb20e03aacdce93
SHA1 246f9ea0c495993b76f01418e972f97b7d7aa9c0
SHA256 47ec50f58339bebaccb5857da059c6e0eef0e687276811291e8f9f606db0f49c
SHA512 ebedd2b77b2628074339c3d18ba5f3fc368e786e6c12840f16bae937902cf98901726ae6bef5bb97520c15236456ba1ede2d0f30cc5e41a33b3bace18365f533

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 336e666000a2344982225df2caa221bb
SHA1 f5bc15f5f1893ef36d859407ac448e6a8732efde
SHA256 a5e222d73796f9b81c619c0894a658d3780382dc3861fdc0fe8a19a43111828c
SHA512 e2011f68432a2071ba4b84ea2f0bced6b699a11acd9ed4d8cfca88eecf47a3eb996ae98122ede94db57fdfe96fa590ebf454c72de1177b6059bda1ef68925eb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f986547f7a0a8f9e24e7376b74d0ba9d
SHA1 3f01486f4c1c10b5ef7115d6f8ac73d53b066c72
SHA256 154438fe1a7d1a6cfda6fd24221d5e887d01603bf118c9d4da581b8068135d09
SHA512 d894b032972fe49816a2a814500a82f7c933d1e91a75d0e3fe3ae7cbec9ddadbf1b0a4c3b77a6f102c572b5acde358ea75c660f9174904f963f5d4051c25dbae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe597f29.TMP

MD5 ea59c6d23273bcbcf4e3c116a014f3a6
SHA1 5b16db1678efd4e7d4b27be0c4e038947e7fa6ba
SHA256 960882b59ab57ae26295475028292fe9b42f6d86745f6b86583d8e0338157ad4
SHA512 c0fb1b464fccbbb094a7adc3572e4746b1fff9161d4cdddd6fdf9e04ce7644bf14680066137d23fc8f8f9749da71dbf6faa61aca859ed79b87963a4c047d9e1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e3b2ffd69292589ad916d42077babcc7
SHA1 e32cfc0b9351a2a366df94472d40608ebe77ff57
SHA256 a6e61aed3d86f582c0bcbc5af28552150c919ebe06f4254151df276c4ba76aad
SHA512 9634c26a36c9180f124bbfd8c7f7d3ff4660cd1a24e9495e82b991d6d9b91d2cbbe2107321a309a2a53b5310a875b3b09529e412ede457f0ef8a014c5911e418

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5add16c84f819bdbc6a38b50119ac10
SHA1 cd252d4e11c798218f5a27fcadd8799f6289ea82
SHA256 9653e1bd7e0cbad5f9796ff1699fe91a534d9ac7e959dfe0645ee17f9bb46a89
SHA512 86e3a3dc356303e2f4976495e881cc95260f2761c810bb8911dfbc74fcab02fab63dc6af9059b4edb0b92571a907549c3bd32a270875f32f2b53362f38a46893

C:\Users\Admin\Downloads\Unconfirmed 478337.crdownload

MD5 49f219ca139448487277acba93ca4c32
SHA1 269c721963c25a59f381e1ba26c4147b9bf6391f
SHA256 f03451dd6fc5336376b2e401c2bfe15072d142787843d661ffeb042590c2389c
SHA512 5673e6bb378fcd9d658a1cc780e5d22468757118605e30bf765f381927bd4711546244b8434e14b252149d74b7c7c9e6ca3d5118809cd81aa64886fa68defe2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f37923fdc509986c5662257ba6f6be1e
SHA1 e7b85d9dcb67a9cb0a9d59372d5b9850140104a8
SHA256 6f9799b886f0a6ba2f7297a988a5c9287eff29c3f821609bef0347b40a3439f8
SHA512 6c49925521e74000274219dcb8a3e47e69b18da4905a07b86ea6e70d9d655d32946ada8a51e5bf50caf8799d7a059c253ab59410bdd0f7fc740475f9970099f6

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240620134636.pma

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1b027961e449bdad108b435604faa5d5
SHA1 fd4e043feb0a2ecf463bcbc36254a82dd8446057
SHA256 84352f7fb1df28fa8c41e18c3e9f0a8b6392507f0226c895f100e5525453535b
SHA512 e2f13dd55a83a4c362471ab5b81f58f3560974777d43f4e960ddcc012adc0f8b6f72511d866bd72673fd43605cfab59927bffdc00f86f017416382209f56ca57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 755a8bfe0196686f5f4dbfab8824c42a
SHA1 94df3df9bdeac255e7b4883bb2691025f427b553
SHA256 0c18c75f24300cb5b89affcd0435306daa977d64de4a6e038266e1d4af0ba960
SHA512 43a60c15df6220f869c7918587a28ea2e9376bd4429e19538ecdddebf561e83bd8c35be1c8877aff0396c9fa22e75e6b56b560c69ad2fcd4c58893c4ddacdef4

memory/2296-564-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8c59bb0f795eee20c3bec8324745ec76
SHA1 1ac21475fd81d25b27260de7872edf76478b36aa
SHA256 117437b021eb4da313dcbae670c379c705188110837a0fb8bdb6033bac705b81
SHA512 eb22a8fa8d34270266f495d41baf37c0da3ab9d99675382406048f7d6e087b5b9846745ea03ed556e71563093a3ba3436db6dbae3f24efa00c717f17d4fd432b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b1f02b5dcee5b4392c215d0839b00ff4
SHA1 418a7499adc8b12be472309a7941d7820a13a9a4
SHA256 8cde409385ddc7a79682fcbb04597694ae2d6cacf6510875cda720c13b413856
SHA512 1d9febdca9f9f854d7e201a08ff855980a8faad0406d7ee03eca9f1445f6d09def26f97b7dbc9e59a70be5d9feaad0440deeaa84f8279224beb3f0a0ed017a2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0a55317e194840b93accaa2dcaa64b34
SHA1 717edd66aa6a3f10b13ef4646ccf71b7f3da0f01
SHA256 3d9f5e8efb2dbf86777ce72cc3653681c8044c3c1bcf256f8e12847d81186e8c
SHA512 73161091053373200bd8f3bfe7f2e382aa8e8857f819efd140f16bad6daf9880cf77cf47e34411c727de5330c040a9fdf1c1ad3dae2d6dfc260ea26fd7fd5911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6e374382d66dfda9e6a5147dd76f7c4e
SHA1 6c53d7cb14ca88536c7da4e0af852fb06d676128
SHA256 9f14757d466584404a02784270a8aa151cb05e69fd14666a58521552ee09a5c9
SHA512 0ef69ddb07fc07a4589695ee2c60b7ab809b04d30221b473c7b37f0b4dfc21dd3b03fefbac683bf8171393b186df618d3e609caf97e6ac2bc33b2da23c5659ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59ec89.TMP

MD5 8c44538e3832e33dc729b7faca60358a
SHA1 d6fc66d162cb4a0e4e81e9ca3c53578b8921d8ae
SHA256 6741e5dd526ce8708828ecc685fdbe364c493067f3ae0bdf71adb7624d821263
SHA512 d3c3a307bc3ba47dcf1a34acfbae054549fbfe4513f233d204e6264ce34f5e14261b9a2fd6b2f7076dffc0264f9d790384e6dbc912ccf768bd92c734c6424f8a

memory/2296-603-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a29574115e6bf1c32d4ff89ed41ac31
SHA1 419bb660b2d4164c8d60ee376cea89771c21d295
SHA256 8ee396baa9614d4164011f8e94507b36495b571c17a34d4b0063d3b890284d8f
SHA512 019322b8f1aee1ea82d974371641cc23581df777f2b93452f0cc2602c51b50fbdcadedc46e689c6f3f6619e98032f6dd6ba9cf3ba98db6249ac88df36fba4e70

memory/3004-613-0x0000000000400000-0x00000000004B6000-memory.dmp

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\WEBSITE.URL

MD5 09f2e9fc4c41845a27f7a47ad10832ba
SHA1 48cd783d8548891c7a6f3957c31f73daed9b1bfb
SHA256 3127e09469aeddeb26728be46abc47858ccd77a17dbdfae711ac598e9ab17bae
SHA512 d65c9ccd44d1cadb8536d7707e3ce6bef2ddb468b26e0726e356e84ca2b78b710c32fe2660b4e6da2057f90a15f3e2fd41f49fdc3ec8bceef60380107f38c5d8

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\AWC.exe

MD5 76a32e25d4eff579264cd0be35c7b390
SHA1 9400a2dd4ece453de05ffb6ed82c2702d6f13add
SHA256 600750d0503414f6d3031ce0b6fda939b2e4d64165aa310e9ffa1260c8b634ad
SHA512 1c67b0b315a7492052b9011fac4c802f20a08c038087c3dc120738bdb4b7b0bc9fb6a561466552003f92f81e7bba32fac7dcc0b836fb481cbcd44d442e682621

memory/3080-685-0x000001BAD9120000-0x000001BAD9130000-memory.dmp

memory/3080-701-0x000001BAD9220000-0x000001BAD9230000-memory.dmp

memory/3080-720-0x000001BAD84B0000-0x000001BAD84B2000-memory.dmp

memory/3884-727-0x0000026776D00000-0x0000026776E00000-memory.dmp

memory/4160-749-0x0000018A3F9F0000-0x0000018A3F9F2000-memory.dmp

memory/4160-747-0x0000018A3F9D0000-0x0000018A3F9D2000-memory.dmp

memory/4160-745-0x0000018A3F9B0000-0x0000018A3F9B2000-memory.dmp

memory/4160-781-0x0000018A409B0000-0x0000018A409D0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 508cefd24c1245a2361618545726276a
SHA1 b8258c1f2ce7a758c260ee8e63ad6599d80dc385
SHA256 d31cde54a6f6c00698a03adbbc43eca3d09ad7c1cc24b95c3a68309af92048b2
SHA512 844c00e7acc7c508a0261bd5ec75af82eb860d9bc2551279d9b15d612d250ac260c6fdbee4a0ec49058f55a811262d8a6e2b550a35152449b159da2bd28f832f

memory/4160-878-0x0000018A40220000-0x0000018A40240000-memory.dmp

memory/4160-950-0x0000018A43C60000-0x0000018A43C62000-memory.dmp

memory/4160-948-0x0000018A41FF0000-0x0000018A41FF2000-memory.dmp

memory/4160-946-0x0000018A41FD0000-0x0000018A41FD2000-memory.dmp

memory/3004-1009-0x0000000000400000-0x00000000004B6000-memory.dmp

memory/3080-1103-0x000001BADF960000-0x000001BADF961000-memory.dmp

memory/3080-1102-0x000001BADF950000-0x000001BADF951000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q6NNEG0C\favicon-192[1].png

MD5 6063cd35f5200b226b29b86748464d8e
SHA1 a6cfbdc753b7e137aa74c569088726ddf4817b1a
SHA256 50b32f669246670ddf0ce5385c778892f9d2e746c7c6b4fe59a4f2f46d19d1f6
SHA512 8a734328c4199c4ff483517c6c2d16d69f5ea21aaea7b4b26f44c69c234d7fc50d8de427f78edabf1d8b1604300807973210d1907b0abee5eb4a233ea5919a9a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X2CFSU2S\KFOkCnqEu92Fr1Mu51xIIzI[1].woff2

MD5 abe083d96b58eb02ada8b7c30d7b09f2
SHA1 61447d66d13a8c8f4335696777a85c438c46f749
SHA256 db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
SHA512 d17e095a6f0871fa0c9cddde08f87a63589574eb23f3dca7430ea23fd6ff5c3523e9807dc0ed0cf9c874e1a37046461e79ee47e1e9aa64513fff25bdd48c3696

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GVR39UQM\forkawesome-webfont[1].woff2

MD5 3a9e014c2469ffa65a0ea64a24e48b44
SHA1 53fced558eee8058c40d2be2f5f886f5768ccce6
SHA256 84422de97eb1cf27bcb9bca4f3fbb18f3ebc711647b09c68292f5f43c89d5064
SHA512 54422a528f322fd28087c216a7bd9426cafee2194d939c134ca339e759862bd0ccf5a617a2215b97a87faa932054323085046a0bc98e71101f3b2d53e41a6fa8

memory/3080-1351-0x000001BADD8C0000-0x000001BADD8C2000-memory.dmp

memory/3080-1354-0x000001BAD84E0000-0x000001BAD84E1000-memory.dmp

memory/3080-1358-0x000001BAD83F0000-0x000001BAD83F1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF0F04B7308610CE00.TMP

MD5 298fd5f70c86dbaeac56e11dfb2960b7
SHA1 e2d1bd7765a3218a1bd5e7071831f4461b9885c1
SHA256 3af4c5a636079325de22d92cb408a98a4b1ab734b05937e56bea8e841bd5c65d
SHA512 3b52f0a41b6c48044092a8072d607020ca31dadba68c4a8816d5fa2fec663491fc3ef4749749e685ca89c5879b70d0f416c8201020eb21008f2d10baf5c49d5e

memory/3004-1371-0x0000000000400000-0x00000000004B6000-memory.dmp

memory/2296-1372-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\SETTINGS.INI

MD5 f4e75387407aad0740821477df75f07a
SHA1 fb391f5a6a644e9f9a4bf1bd3c9fd9cb306517e7
SHA256 cb4bd54969175beb5b05e2bef1b26cf013701ebbb74cb8dc59b2aa8e2bf41490
SHA512 114b6891f895079fe6a8686aec54de0d1f54d3579d5e5f4b77b294a2dbf94a9e5257e75231105e4647fcd2a3cb5d05c4c6ce1b36c9220b989d738c0453b2278e

memory/5760-1445-0x0000000000400000-0x00000000005E2000-memory.dmp

memory/5856-1446-0x0000000000400000-0x00000000005E2000-memory.dmp

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\SETTINGS.INI

MD5 e3e79849db84305fdc13f23fff9b85d8
SHA1 b7b9bd6cc6ba5f95d3bf4ba1757ffd9ad33f412f
SHA256 bac97fd6a33f89a35e3ea686d4297309fa86a7ee4bba686af4306427fe5a90ea
SHA512 a201ef3a413444ac7fd97b0c72274a7e88abfc33ffda0abbc69503b52b35d4421676beb978c0e65b7ba992659e97fa047300e47e00dc554ef94aed08b46eca1a

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\SETTINGS.INI

MD5 e95e7d395611f46ae96f628e5a799a14
SHA1 1306f4c7281568c7e6c710f4010a57c945efeb87
SHA256 3d7f26322d2e46242accc2703444f35dc5c3258f90527a70db86d629c6cd7683
SHA512 87998d2f0d14b0f6e00bf62100f7247b421b9e58f554269fc8b065ab908bc400087e7a047888294d24328066f7354bc45a29af37f2a7db75573d110a4221a557

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\SETTINGS.INI

MD5 e04d1895a34514e1e272047d7e6ec83d
SHA1 245147cde796628b61af174383d24b32e8f581dc
SHA256 22bc9796513e08a77e6abdf1cd777c6ad575d4d645cf56a7076dfa15be0aed34
SHA512 876dc5502f4ee2f968046644b838d28f6fced3303cdcdc682ce0b9124e6ba36aee836d498805aa97eeb4441bcafb2d866f042eaac7b18dc1e08fd43d3590b8fe

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\SETTINGS.INI

MD5 8a465b2253f9707eca65685ba379f48d
SHA1 d05b06a5614e68b82d2370e1eb104b96e66bddad
SHA256 24de0f11f1fedccee0ec745f8ac94f2e5c0fc88f77a7c6c26cbfcc1bd1c600c0
SHA512 a7df092e96b47664c2b9f129488b8e3733bc9ff7eed9fe49d1a9c3504ec781d1697e76515f252bf63f8bc765d15c3bd870f625fe69372dbbf6eda5493b2ec0b3

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\SETTINGS.INI

MD5 c20378b0f8e676fea16349431e5a4e65
SHA1 bf2dbc62a5e0b00738f8b78f002902d3cbbc49e1
SHA256 9ca864e26ff754db7b072b4175780f991f481bdf867b1c426f6e2fe13336bf82
SHA512 4273b28b4ac7c72da967a5658ea8fdfaaa4007ab9ef01afe3ed77f712d7f0d85de078e7df3b5aad33bf99d74f2bcf285b26aaf248adbb867ca7f4e0886d2b161

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\SETTINGS.INI

MD5 f26db50c7ab70ec8dcd9281a09b94471
SHA1 6755e7c13812a6cbd27bf1f86d49b523fe0e872b
SHA256 8b4d71d37bd076a8ca5e245da68e97cd48f1cf98bb3f50c9f36bf490ec4303ce
SHA512 e8d90e45fb306da3541fe2083d593cbc6d4420e2e5fab12c6063a5e81383a7ae2e4821b50d690ace1cd3b9146169c2b4e1bad893f2a2d2333d700fb1bef665c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d5aa5c0a89d129c5e46f97fb432fe0dd
SHA1 3be8716ec00d96e0e45eebe09542661b498d1f5f
SHA256 f611f3554ccad8ed996c7298a8d30371f7143dbf7f3e084279c86fdc546c9411
SHA512 321abe4e995710bf0368dddb2a780ab4d431e73db57f9bbb90ead6eb09a50ee58ad170f577251ed375bec3e7cc13bba7ca6f34a5f832056dd31677717c06733e

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\SETTINGS.INI

MD5 49b43b8f2518301433b1996fe7367c42
SHA1 6aa870fd5ff909b9ec13f2ce719ede9a87711969
SHA256 6222907f6cb0e4913b37efe16eec194851147e0fef00d93adf8a7a700ba041b0
SHA512 637b8aafa4c94bf402f7a90eded3147af54e38cafb82a032bd365d30d99237446edf35232f5fc6d55d9aabc3dd3e368e14cb343652882b9ef2c9068fb9ba4022

C:\Program Files (x86)\Adolix\Adolix Wallpaper Changer\SETTINGS.INI

MD5 97baed8b83c37c4e574bb1945234fafb
SHA1 5fd64970571ec92b8082886394befe7b3cd22fdb
SHA256 50e5ad115f48bc1693426a8617b1fe237ad866ecd6b5f3482f315e5e8d877598
SHA512 a6cc87090810b1e866407a57bdac3cb30ebd1034f590757542fb4eaaf3896f4427c97d4fc9609b19f032bb0eac74edaf1a1b127a3b706a3f9a406717ae61dd67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 921df38cecd4019512bbc90523bd5df5
SHA1 5bf380ffb3a385b734b70486afcfc493462eceec
SHA256 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA512 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 40e01c775b4f150dec2ff43bdf0f1816
SHA1 29cc0f7eb904aced209cec12ebbf8e6ab192da53
SHA256 4d21e64e043f3f03c39754589e8131f993de6565a9da3bf86a21c205e37b3ca0
SHA512 c868ed04136d1c38c2d4f22f7c16337532fa1b62a3da413df9815ddeb2fbd5a5175d7987beb796193a4e812a679c117928c97a4e87042ce4383433ba479b923f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 03ab609b4fb58ae57116216e9d27c082
SHA1 e8c5647682ecde570264120a7f50999ed38f8a6c
SHA256 563aad447d5f1998df1960700aab036a4bb793bfc6b483ba1d925bac5b166b8d
SHA512 30611ca7da840a788e6a16cb3fe898ad3c5a888f1b39188456a1d7c5d379afb7c4f49cba285a96af33080704948aaee32a889ffa1d567fc1a18e2f7afb46f0ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 e7a6fb8978b40ede02f572f7f6cdc541
SHA1 7487dcf685fffc6ed67e6b40d778e4ac3ad7d8e4
SHA256 bb0c344d05018874bafcfa2c1271f7ebe7ca3a449f03937680b41fab020b6af6
SHA512 8d71f31dc337d872682b2074522dcfbc57618a53ea5cd117e83beeda8773ba9157f61c02c1d59b91e8d38b116c37c50c19924d9ec02e0b28618244b0f3167fbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 9ac95c912675ccc02dcd31a9542f8478
SHA1 80d472edf49e3ad60b009a98af045cc76d17e6c5
SHA256 6cf6897d73ae9ab457f4364b8771f56e502413d4d255b1511622090a32bf95e5
SHA512 b11625f35d295b9c3fb903517fc37bea045b59009014da674445fbadda079426967879c7e83ce47a466e06c140e612269d1973adef061ccc0144473d46776baf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 6d53dd4517b48262aab18bdc2ef3a830
SHA1 9c163a2d1fec496db66789ff4ad73b35baf576bb
SHA256 81320c19b14c74cc0f4440df9b3e1872ba364c823fb5fb25c80a8af7ef7f54f1
SHA512 c3f71f748902ca950b9eece75a4114e7ae0227028cab4440b3155f2fd3dc2bc88a50531f720383f269d05575777ff0971b2b2c362eb459e4787eeee9b3a12bdc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 05ec95f8d095c5e0fc4528ed19e1557c
SHA1 aac41e059a5b9e62bd430f2251557178eea4e2e9
SHA256 14db683b3cd716525574de515c94c8b7cbecf8c09b868900d40a0829e39dadaf
SHA512 77458d6eef3c6c476d06e8b29cff71f8f054e3894fe5951147ece31fdd683e6f27b86370ac4239f198ad2314db38557785c6d879eeee0296f78ea476068ada49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 27022b57017c30efe5f03cde5a43a77b
SHA1 a0bb645ad58b33179bca861eb035327044c3cffc
SHA256 82b0ae282cf070a11a3364093bdf40e8a588d20fe32fb30c39a0f8edba60ac5e
SHA512 8623bdc89818dd20215f2c5215e6ab5b5b2d4ce69849600b87aac38a53b2f3a3ff67b57c180e85ae780cae3ffab21c58855e55f7f1b7a73ecb134398d61eaf17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e5ef7ac8b2e2527835ad8b2bfd43bdfa
SHA1 979bdb121e29b916f2b55a0d0c8bd3cdbc278a48
SHA256 3d7042b199b7b598aa36feba2b76d924ccb039104fcbfc925f1a6cdb9143ea16
SHA512 5991f79a6255594f2142bc0e2177467cf9f1d9d584dbdc4dc0484c115ed94b0fadc2f3f5251a0f848820d78ed0d0dd401905531807ffcf9750adbbf710c960ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 919dbb031ad7d50fbee5f6857a0ed3e3
SHA1 6020d3fde98f85540628383e71f378a2eceda306
SHA256 392bfcf8b2f839e154e023a937adf91b4df1b228630acbf2ded18001fb23f146
SHA512 b91cf61568f1a4409c224aa2709ee8626ad301beeac5ffb27c2fd8cab5f0d92b8636d481a22f81ff0849f3d52f450153052f8e025de83477b8d12c22173acc97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6cf5e0c4949b3f623cc71c7805fc423c
SHA1 9face29b964244ee9c1e764d4a47ec3610b4841a
SHA256 0326f4937123b1d19668bfe9bd1e39367c57cf95fbbf3844ba5ccbfad0774776
SHA512 44582915eae1ba85631a84ff6132e355730020fe7feb3592ae9e16efbd24061426253eed6ddbad34ac6401da614189e70eb217da1dc93078a4af1988d1c53d04

C:\Users\Admin\Downloads\MEMZ.exe

MD5 1d5ad9c8d3fee874d0feb8bfac220a11
SHA1 ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512 c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a083c8061d25bd1894ce2f999a7f83bb
SHA1 ea8a461dc8f19756e7941205f32e5d0897795e6f
SHA256 cd3de52e8aa2beb9a3081dd31445bec50ffad39491d64c6b568ede3105130cfd
SHA512 18f5c7924f56cba47d71d31fd2a55149c29ea27c47af589423ed9e6ff5d43aa3ebf9d5b8ee6b6480434e590cf431a0b83a1efb49172d6e26d155d488d6d98edf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f57e400668f07a04659355440dac59f
SHA1 777e3dbffdebaad80ae48d1bbc31dd57fab2d92b
SHA256 45bf57cb390374ffeed3560a680fe08c1b41a70eb0308c2145a532b4e03eb3e8
SHA512 5fab5c7bfd5213dcfe8b3a2d676329fad7ab69927f63bee4cc121b06e7e5d86af9639a2077cf66c66815b2c04b46961d2c8836bc46e064777d518b360ed9f193

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 380da4d6670a4a0f5cfcfdc6587da7ce
SHA1 ff3d1234a2838916379b069658bbfb53a626b83c
SHA256 55f916ff6dbf9c3085c74f6e4d706f5895fce33a9202fefc15d9edb32323188b
SHA512 8689daead83c1980f7f81b0a808c2368773e5b736511dc20e49a08e999908b619b79aefd638eb2bf91bcc77e6991fde1ebb174a4331123fc76e344da39d50751

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7ea9ed92ef20f8ecf10ed9c7941adf10
SHA1 91999b46239c7e0b31d4a939bd8553cae5e4d473
SHA256 df256b0e19e3198a10dd04ecef33a98bd5db3cc22d810138402cfd4a86e79187
SHA512 d1998a5f89690d3b492afc7d3d2f94ba3c0cbe7795a4383ab79061b3d86632054401d2b21540f5047fad4e92fe5bf3913ab0a9f5d2b08ad484d0bf1330065b5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d1948e722dcc16150b7ce9636b1cb28f
SHA1 757291d617e5cd2ef1acb697c44b1d924b3739c2
SHA256 094e40ee47363d6b358c55b7c4bc3243d650523e0f5b72c27ebe5f0c2eeb0666
SHA512 f98ff98822913d6b63e90a659316e819ddf2b63f61dd30d866a150a81cf83ca327538fe76d3716bf4e502ce20b0f646ae83ca4b916468da9f1351b8e1bfe93dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a2db5dc0765d2ba832f017f735b1826
SHA1 d50b9f3d260963396350e53612e3c2cf4d7f68aa
SHA256 e2ad2cf471613f9f60f52b1d44c44d657b9bc17feddec0dce483ba858d3e9331
SHA512 c99bdcb85e6df40f64a53a0a8b545ede545652790636f4099df4f6649bb54309fde6fd2a23438a43663a84e67ff68814bdb0c105ac1a940c9c39c8adb620c394

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d989274f857a4c89214a048a11cd19f9
SHA1 0c32d493b276696cad0f16032a4754cda31b8b74
SHA256 1c9f73075bd8dedd733b954868e020e0d9772e97518119e372c1d97bdc7c41be
SHA512 4ef9b826220220a760ec1c6b88607d9e877c76b91e16757b7e5c5ea23e10c43c184b86c3c0f9f5170ea1f9cd8e0a7501334031546cf60cff6c37d36745e3c526

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7313202f70fe97bd2519a7f5d735b636
SHA1 0ecbe08f96c9469b535de0a285c78ea6b0ac7db5
SHA256 d24e72997aa7264a99b72929ccb5303330fbdaadc473ebafbef177c37d3959df
SHA512 44c3d561f55dd49293ca567bfe6957ddf0f5bca667c3e7c5b4f15a5e9af49ac105c7191ee38ee4a8bf9b4b300c8cc436b675001bf6ae2861f4138ba2ad0f5c58

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QMY23W13\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\pg3sp6z\imagestore.dat

MD5 d4745cdfc2df34fd3d853c015497a5f0
SHA1 036f75164232caa18f1ee855a2918dd79cff1f0e
SHA256 b399d50e8698a682b947781810a1284991abff5d873e328bd19b234224c54599
SHA512 422beb42e6d3fe5c9d6f4e8ceb2c59947043d9f150c091d796d333ec3e52c2705e053e3b94812969cd50fde4732d0e194f852dd8321361c177c339cf37928b60

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 f83708e7e79ef8c9f237f5a046ecc1cb
SHA1 23bd168bb77601b42310fb5535e7561ff25c05ad
SHA256 a858363b7955cd96efc75ebcd14b76900341249d3fbca4a7dd4e707982c01eec
SHA512 66ac0675426fa1ec2563c0131a8a6f2462ef26f0c52c01c209c24e052d1f678c259275835511a7f7344cad2b8074d1a01f4a8414514861725bea1b038d086179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 964d8d91c08cd520340a8cc5d7fd2ed5
SHA1 34e74ca3f15752897a20bf9f0879c2a1831c5314
SHA256 35b9d03c727b5e98f535477014fc5828ec5e8261f877d0abdd1f1775244021fb
SHA512 3b9ea66e468279fe710e46b9664dbe20f5f083486d9b0f21b2a6bd6173451e96f808cdb13fc98f9c99a4c200663aee1c316dac0539d92cecb56e82defc4f26cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7d2b784582462b992ea55334a548cd6c
SHA1 87b18858623b0f2c93a905b5b0c97d9ea8280ef5
SHA256 689a0c2162cb71ee02522023fa951e7dff147fc6e4679e76b39a6df141190bef
SHA512 7836248e9754e2988889ca45d6c4a8dde778a6595ac149c2a7fb8387729c4b62e2698bbc388099ede7ffc9708cb14862336f56c3894b6d782cadbd69dafc59f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 afc0e96b3925787ca0a22c6cfaae3e08
SHA1 6d65e1a147d2255a86b11558cad364936f16b1cf
SHA256 7316cbf893b657bf2096718244bb277898e84f517892b4e5b46cc08080f96949
SHA512 4bd02f1117f338f7f3b6ed3da0e2a29d8cabca3ecc849f8455a5dec1243317489d92a0bfd34fe0e7a5ec495f60573c1226f88e3398a5488ede69f7f7c2b97d18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ec2b9b3e9d7aca09b02902af4f2c87c0
SHA1 2ff4a6434f42faf1962814273c389c19e7973e4b
SHA256 1fb9033bfb8b9732a87efff3c8c3aad9eeaffe8adc421fa2ee513a1a439226af
SHA512 dd80020a454a93b7720f673d3b011ad940365944dd8dadaf66ec678acb52288522edcc35de079fc9dd24ee43a3798aaaab415357b91ac22db93055b4987c107c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a2c91604bc7c1f9096654ee4b700d1c8
SHA1 190f34140e84cea60995f1bb39fc148403161d19
SHA256 14c1dd0f83dfce3c4413de9dee040a82af363d00c5201f9e4dc002064595af23
SHA512 17e3f7fd143d59daf0a494573602e7d530b742b0de7066a09e61244bd10c78041c6f28269eceaa32c4fa26fe90d5b01af3f8d048be6e2e275532f27803ab2dca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 445e349e8e5140eda2674a25936e1cbd
SHA1 ea5d5c8df22c8e76cb0bacf9c87669d459a1a6bc
SHA256 2145e660ea619b044210b0dd9f80a1cc614f7a32290bee263d90cf068fa4cf25
SHA512 382f96672d52020ce99dfd9f2d5b7df543bb2ce677fafa6131e1b413cdcf69feed88fdea75b6669a67dde2410efa120da60b651cd366060436c70b53ac2d59ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GVR39UQM\api[2].js

MD5 832e6993cda3469c6a40da72268663ac
SHA1 4650b1e5c601a454d3fd746276fff4cd3dbd54aa
SHA256 0ef1e5d700fb1691e5faa92a14f8a755c8dd4a92ec9b1a2310ad769b225cf46f
SHA512 6aefa1b28c697c81239e47ff57b3b61cc67bdbf820b7eac99f924db2b5093b7d03a029accd7dce42d517bde32cec9f6540082f7557b72bdc3c8da27095d68b80

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GVR39UQM\YiMnlwYAPK-5JOvV4HgQVh4BjdfeuDlm7M1GgLf3u0w[1].js

MD5 5d31f8563fd0092335680029470d6270
SHA1 66f8eeecdfa6f440631eadfaf180260bd5254cac
SHA256 6223279706003cafb924ebd5e07810561e018dd7deb83966eccd4680b7f7bb4c
SHA512 99c33021aba199d6f25d24726d1f4db24b6bd827a27f1637a15a6005fa2266aa04bbbbf269ef18f7761be40239809276f9260d48cce58753d886794a06e5283d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GVR39UQM\webworker[1].js

MD5 62eb30af91dddd7d80f32a890e1e4672
SHA1 37f1141450a98dda7dd8899600e46d8a9f7cc970
SHA256 d601447806420fb7676679daa6dbb113d6617440ecc79998bb013370dc08f4fa
SHA512 16446d271e46b6561b1e26d77394dcc999f49cbcdd9971cc836be2de8048fef46168dc578f02c8b33af492d586d1e636331360a21778eb337ddcd1d9af471da6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AP5HIIJS\anchor[1].htm

MD5 6aa26a497e7884b38d929ae4ed22d77d
SHA1 d15c85d81b064e50718c00a143d98216db78079b
SHA256 5cbbf6c3333791f25271ece91a003116e650d9951114555ab73765fa0727648f
SHA512 bb5f6b08067aba5217b6d996a9f6b648c30772f7f354007303ce3253f891e80fbdb01ac2e6a8cac0acce5a4bb5b06b7bae22698e9c61b1afd8a426c127edd992

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AP5HIIJS\bframe[5].htm

MD5 fc931c1f62756ff102443fd8a9840e8f
SHA1 c7645a76d0568f9bca48dd832f2d0b17d04e585e
SHA256 f8998a6bdc604f76a8c8444d8114d8be681e5618bb55f8ad374b22c4c63a24da
SHA512 2e02516cadf606eae212a58dcba036c90618444db83576c66156deb9e256de789af669e3ec1ad0e724b4c95764a6671d5826af32973beb201a06c2824845d317

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BU0KRETY\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5O19EZTQ\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PES54EPL\www.vice[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q6NNEG0C\coast-228x228[1].png

MD5 b17926bfca4f7d534be63b7b48aa8d44
SHA1 baa8dbac0587dccdd18516fa7ed789f886c42114
SHA256 885cf4c748081f6e569c4c5432249084eded544d55f7c85cf47ec1aebe6bdcd6
SHA512 a99269cc3c0af6a291e5373c4e488eaa3900e66bc3342933da3a18caff5401a4408aa1cb4463fac649c3cc5d88773f789fb120e292ed956188f1f5eda8ca7633

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PES54EPL\www.vice[1].xml

MD5 556e331a90d23da4dac0f9e322f76a81
SHA1 3ca2beb59a8145408074bc359fff3a9d87713b55
SHA256 81ec30802997a7dc2ce3eb467f67817073acb730c4206c484d869e3300becaa1
SHA512 e5ccddf212392c77e1c35e20fbae945e3fa9c36e40b2a040b8c2f36573543325f4e19102c219bf128a34f943ec68bdc175e8a1484c029258ca0385f67f123474

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\FIEUC5Z6\www.youtube[1].xml

MD5 442b179c6e0baccb96c17b56928abc10
SHA1 4e99660579491ac38261dcf480c13e3f02e7db04
SHA256 3d535feaffe03e63653b749ad1aac178506984a72b1aca7918e335dffedf279a
SHA512 bd3d57236c6bad43c908e1f1a1e3f287dc7901555635f3b890f2f842faefabd29f847dc9e8e90ef07f3b8ae9d024b9403d7cc16e4b2f520acfd3bff95dbd8c07

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\FIEUC5Z6\www.youtube[1].xml

MD5 6ebb8e510fd726ec7ca4e950d40d2688
SHA1 2c0bd95eb179863ffb8db54b90a102051a51a062
SHA256 6c6baa8637570f3168fe8d9716448e0203b3e7c3e1f9779e608cb16aa6383cdf
SHA512 bb99402370ccbdf832c858537f290058f3b979fc88f9692ddb38b65ee1938bd2bc555a97063c154157969d9d8e099b1de9bbdbc09089c1bcfc02fcfcec4421f7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\FIEUC5Z6\www.youtube[1].xml

MD5 c8665ce2991fb863f13b6676ac83af50
SHA1 572d7aa7cc88bdb3377cdb71e9d9270a1e340b2c
SHA256 944c4089e517d85315f1cce0f3a8cc022e0a22961f92896c991e2979e65c3775
SHA512 78c397bf14a3d93fb2a69c014c091c8e1fdbe41c0fc38fe97ed8b14f380009652cb0ecf2d5d2595a2750b99fd96602b265e9cf4f0c5ea37ce7e517f4a0a9ad7c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QMY23W13\b80692[1].ico

MD5 ac0cd867e03ed914827807d4715bdfe7
SHA1 4051a8c23756c10d9cc00fcde6f7215c780fdf6f
SHA256 b50546da121186fbffd2aec430249cb21c7c2e2c85e561a393a9df9abfc4477c
SHA512 fa11d1d76c39719c218b4ffa34de8dd44d398bdcbb236a666f0be6eeee96bcbe4da9ac65a89441ad284c0de21788c135dc4fd21f6f82c7039f00c8a7c705c8e2