Analysis Overview
Threat Level: Likely benign
The file http://google.com was found to be: Likely benign.
Malicious Activity Summary
Drops file in Windows directory
Suspicious behavior: MapViewOfSection
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-03 21:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-03 21:09
Reported
2024-08-03 21:14
Platform
win10-20240404-en
Max time kernel
241s
Max time network
190s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\system32\notepad.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\system32\notepad.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\notepad.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomain = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Windows\system32\notepad.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "21" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Windows\system32\notepad.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 460cc086e9e5da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\system32\notepad.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomain = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://google.com"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Crypto Miner.bat"
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\cmd.exe
cmd.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.102.101:80 | google.com | tcp |
| NL | 142.250.102.101:80 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.27.106:80 | www.google.com | tcp |
| NL | 142.250.27.106:80 | www.google.com | tcp |
| NL | 142.250.27.106:443 | www.google.com | tcp |
| NL | 142.250.27.106:80 | www.google.com | tcp |
| NL | 142.250.27.106:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 142.250.27.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 101.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| NL | 142.250.27.94:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 94.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
Files
memory/1252-0-0x00000175BFF20000-0x00000175BFF30000-memory.dmp
memory/1252-16-0x00000175C0020000-0x00000175C0030000-memory.dmp
memory/1252-35-0x00000175BD480000-0x00000175BD482000-memory.dmp
memory/3724-43-0x000001EFE7600000-0x000001EFE7700000-memory.dmp
memory/3724-44-0x000001EFE7600000-0x000001EFE7700000-memory.dmp
memory/1684-53-0x0000019B09FD0000-0x0000019B09FD2000-memory.dmp
memory/1684-63-0x0000019B1A970000-0x0000019B1A972000-memory.dmp
memory/1684-61-0x0000019B1A950000-0x0000019B1A952000-memory.dmp
memory/1684-59-0x0000019B1A890000-0x0000019B1A892000-memory.dmp
memory/1684-57-0x0000019B1A870000-0x0000019B1A872000-memory.dmp
memory/1684-55-0x0000019B09FF0000-0x0000019B09FF2000-memory.dmp
memory/1684-50-0x0000019B0A240000-0x0000019B0A340000-memory.dmp
memory/1252-66-0x00000175C6D00000-0x00000175C6D01000-memory.dmp
memory/1252-65-0x00000175C6BF0000-0x00000175C6BF1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6KWJ2WN4\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
memory/1684-96-0x0000019B1B4E0000-0x0000019B1B5E0000-memory.dmp
memory/1684-104-0x0000019B1B4E0000-0x0000019B1B5E0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VVFPT1H9\recaptcha__en[1].js
| MD5 | 1d96c92a257d170cba9e96057042088e |
| SHA1 | 70c323e5d1fc37d0839b3643c0b3825b1fc554f1 |
| SHA256 | e96a5e1e04ee3d7ffd8118f853ec2c0bcbf73b571cfa1c710238557baf5dd896 |
| SHA512 | a0fe722f29a7794398b315d9b6bec9e19fc478d54f53a2c14dd0d02e6071d6024d55e62bc7cf8543f2267fb96c352917ef4a2fdc5286f7997c8a5dc97519ee99 |
memory/1684-127-0x0000019B1BE80000-0x0000019B1BE82000-memory.dmp
memory/1684-179-0x0000019B1BEC0000-0x0000019B1BEC2000-memory.dmp
memory/1684-334-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-335-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-336-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-337-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-340-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-342-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-341-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-339-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-338-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-344-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
memory/1684-343-0x0000019B09BA0000-0x0000019B09BB0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\APUQRZOS\styles__ltr[1].css
| MD5 | 4adccf70587477c74e2fcd636e4ec895 |
| SHA1 | af63034901c98e2d93faa7737f9c8f52e302d88b |
| SHA256 | 0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d |
| SHA512 | d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF913668C4B086B82C.TMP
| MD5 | e0dc910bda3ee50595a896d4fcb676e2 |
| SHA1 | 53841292fb8a99b09f8cc8bf88282c780b05d394 |
| SHA256 | b63e8ec99d97575ee48f8d1deb0ffc87448e15eb8be8e76929999fa8486d542d |
| SHA512 | 724d6130382c0157bcc298d2b123ba1bef6394d58f762c53bf9e065d299885b2594b6a44465b61295f84ab4ef4369808bc81c4795154770996e970c971ed3108 |
C:\Users\Admin\Desktop\Crypto Miner.bat
| MD5 | 7982799450401ddf38ea4c90fdc6f5e4 |
| SHA1 | 9f7b9cab75e0471a679e99b00cdff37d4ebcef26 |
| SHA256 | 93de0d8f2ecabf83fa6854428dbce2335c619f2e01c3467cf31aadbef3b06b08 |
| SHA512 | 1326935e1e2896b15388966c9935fa30a948736f2c567135fca24c61b93cbc170456e3e8049d29a49381ea863019cabd4d31f1186f09630ece948956851b219d |