Malware Analysis Report

2024-11-16 12:49

Sample ID 240811-y75dpawfql
Target https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html
Tags
credential_access discovery execution exploit persistence pyinstaller stealer upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery execution exploit persistence pyinstaller stealer upx

Credentials from Password Stores: Credentials from Web Browsers

Possible privilege escalation attempt

Boot or Logon Autostart Execution: Active Setup

Executes dropped EXE

Credentials from Password Stores: Windows Credential Manager

Modifies file permissions

UPX packed file

Checks computer location settings

Loads dropped DLL

Enumerates connected drives

Checks for any installed AV software in registry

Checks installed software on the system

Drops file in System32 directory

Program crash

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Detects Pyinstaller

Browser Information Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Checks SCSI registry key(s)

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-11 20:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-11 20:26

Reported

2024-08-11 20:36

Platform

win10v2004-20240802-en

Max time kernel

296s

Max time network

555s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html

Signatures

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: JavaScript

execution

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "964836519" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30fad7392decda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{64C969BB-5820-11EF-8D5B-DEB7298358C0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31124525" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2097e1392decda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "964836519" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000262c84e5c2a8b24db398d3ff1cc73570000000000200000000001066000000010000200000000e05a80bab2ebcd5c770da324fd74887a3ff7f44ab25600612d990d9f5189975000000000e800000000200002000000054044e0c74fee021045fe56abb3652b94ecfed43495899e3df05ecef194c4c1b20000000a7eac3802eb773e5d1c7f6f71cd377fdeb6836e56d11589e53ca6e09e6a0b22540000000c46260a2b45cf9ee60bef75c1176f6a5da4ed1052d07bda0c09fe2868d353b8b9029804abe0f27bc6976a48d64c61c3b6d16d66f83b559db778c91b1a0046746 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000262c84e5c2a8b24db398d3ff1cc735700000000002000000000010660000000100002000000026c1193080ed7ab3799ea11a422ae87a0f308a7c009f325a172edb3977874f11000000000e800000000200002000000003cb0ea15a63daff9f150460c39508b940d8dcf945fccaf196166965c66e344420000000a49a24b01ef1a63caab7b7bcb3098a1791f022478a4abfe4a8983e81733f9f0740000000f825a515ea83bbb09ae2e6b63127b9126817871c05a7f19629587f6e2de78e1836357cfa80355f18aee0912aa42012f92e8b7fe2d1089c04ed20fd528f3663ac C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31124525" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.f4a\ = "FlashPlayer.AudioForFlashPlayer" C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.jpg C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings C:\Windows\system32\mspaint.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\ = "Executable File" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.jpeg C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.mp4 C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.wmv C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{F8B941BC-CAFA-4D7F-918E-5D405C4CEA31} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI14642\\flashplayer.exe\" %1" C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.dll C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.f4a C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.bmp C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ps1 C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000020000000300000000000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.png\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI14642\\flashplayer.exe,-608" C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.doc\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ps1\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.log\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xml\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.avi\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI14642\\flashplayer.exe,-204" C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell\open\command C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.log C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell\open C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xls\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.wav\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.csv\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.json\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.jpg\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.gif C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.gif\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xlsx\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.bat C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI14642\\flashplayer.exe,-202" C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ppt C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.zip C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.mp3 C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.wmv\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.f4p C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tar\ = "exe_override" C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2576 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2576 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe5ba46f8,0x7ffbe5ba4708,0x7ffbe5ba4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x504 0x2c8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\InitializeEnter.jpeg" /ForceBootstrapPaint3D

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\InitializeEnter.jpeg" /ForceBootstrapPaint3D

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\InitializeEnter.jpeg" /ForceBootstrapPaint3D

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7788 /prefetch:2

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\InitializeEnter.jpeg" /ForceBootstrapPaint3D

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\StepBlock.js"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\EnableDisable.gif

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5924 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:8

C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe

"C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe"

C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe

"C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\taskmgr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\taskmgr.exe /grant administrators:F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-656926755-4116854191-210765258-1000"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0x11c,0x120,0xa0,0x124,0x7ffbd764cc40,0x7ffbd764cc4c,0x7ffbd764cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4572 /prefetch:1

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\887a042d983e4cbfbd0b1f487bf0df58 /t 2480 /p 5524

C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe

"C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe"

C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe

"C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\taskmgr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\taskmgr.exe /grant administrators:F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-656926755-4116854191-210765258-1000"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-656926755-4116854191-210765258-1000"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\f6f24dc33e1e4fb2b76cfcf23f8908cc /t 2980 /p 5292

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\667b46fbc60746bd84c168d0e7cd87a8 /t 5316 /p 5012

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.gamespot.com

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.gamespot.com

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.aljazeera.com

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.aljazeera.com

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\NLnOqOjG.docx"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\NLnOqOjG.docx"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.businessinsider.com

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.businessinsider.com

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.ign.com

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.ign.com

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.independent.co.uk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\explorer.exe

explorer.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.behance.net

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe

C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf""

C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe

C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe

C:\Windows\explorer.exe

explorer.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.theintercept.com

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\taskmgr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\taskmgr.exe /grant administrators:F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI38082\tlauncher.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI38082\tlauncher.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI38082\tlauncher.exe"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.codecademy.com

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\f6ea47e8eaaf42dfb24c8def2dbf0504 /t 9172 /p 9168

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.futurelearn.com

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\225f2bebbcb14304b9f822f81171cd85 /t 1644 /p 5828

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""

C:\Windows\explorer.exe

explorer.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf""

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\59ab9d6992c14a5db3ee398686c8e96b /t 7068 /p 7064

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\4bd474e4f6324e3a91ca3eaff4cd2203 /t 7164 /p 7160

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf"

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf""

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5828 -ip 5828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2492

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf"

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\382bfd8470494cce9e2e14b9ad6d37ba /t 7584 /p 7628

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 dosya.co udp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 49.111.201.195.in-addr.arpa udp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
IT 157.240.203.2:443 connect.facebook.net tcp
NL 142.251.36.14:443 apis.google.com tcp
US 8.8.8.8:53 qjmlmaffrqj.com udp
US 8.8.8.8:53 qvjqbtbt.com udp
US 8.8.8.8:53 youradexchange.com udp
US 104.21.9.135:443 qjmlmaffrqj.com tcp
US 104.21.91.188:443 youradexchange.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 pubtrky.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
NL 172.217.168.195:443 www.google.co.uk tcp
US 104.21.8.108:443 pubtrky.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 135.9.21.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 188.91.21.104.in-addr.arpa udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 108.8.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 tracking.pretrackings.com udp
NL 34.90.81.51:443 tracking.pretrackings.com tcp
NL 34.90.81.51:443 tracking.pretrackings.com tcp
US 8.8.8.8:53 crt.sectigo.com udp
US 8.8.8.8:53 51.81.90.34.in-addr.arpa udp
US 172.64.149.23:80 crt.sectigo.com tcp
US 8.8.8.8:53 ver.tubroaffs.net udp
US 104.21.62.26:443 ver.tubroaffs.net tcp
US 8.8.8.8:53 host-relendbrowseprelend.info udp
US 104.21.67.136:443 host-relendbrowseprelend.info tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 26.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 136.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 server1.dosya.co udp
DE 195.201.85.233:443 server1.dosya.co tcp
US 8.8.8.8:53 233.85.201.195.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
GB 95.101.129.194:443 www.bing.com tcp
GB 95.101.129.194:443 www.bing.com tcp
US 8.8.8.8:53 194.129.101.95.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 yotube.com udp
LT 93.115.28.104:80 yotube.com tcp
LT 93.115.28.104:80 yotube.com tcp
LT 93.115.28.104:80 yotube.com tcp
US 8.8.8.8:53 ww1.yotube.com udp
US 208.91.196.145:80 ww1.yotube.com tcp
US 208.91.196.145:80 ww1.yotube.com tcp
US 8.8.8.8:53 104.28.115.93.in-addr.arpa udp
US 8.8.8.8:53 145.196.91.208.in-addr.arpa udp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 29.243.247.162.in-addr.arpa udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 162.247.243.29:443 bam.nr-data.net tcp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.101.129.194:443 r.bing.com tcp
GB 95.101.129.194:443 r.bing.com tcp
GB 95.101.129.194:443 r.bing.com tcp
GB 95.101.129.194:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.136:443 login.microsoftonline.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.40:443 aefd.nelreports.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 40.211.222.173.in-addr.arpa udp
GB 173.222.211.40:443 aefd.nelreports.net udp
NL 142.250.179.206:443 www.youtube.com tcp
NL 142.250.179.206:443 www.youtube.com tcp
NL 142.250.179.206:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr3---sn-5hne6nzy.googlevideo.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
NL 172.217.132.168:443 rr3---sn-5hne6nzy.googlevideo.com tcp
NL 172.217.132.168:443 rr3---sn-5hne6nzy.googlevideo.com tcp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
NL 142.250.179.150:443 i.ytimg.com udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 168.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
NL 172.217.23.202:443 jnn-pa.googleapis.com tcp
NL 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 142.250.179.142:443 youtube.com tcp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 142.250.179.142:443 consent.youtube.com tcp
US 8.8.8.8:53 rr1---sn-5hnekn76.googlevideo.com udp
NL 209.85.226.6:443 rr1---sn-5hnekn76.googlevideo.com udp
US 8.8.8.8:53 6.226.85.209.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.23.194:443 googleads.g.doubleclick.net tcp
NL 172.217.23.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.250.179.134:443 static.doubleclick.net tcp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 i9.ytimg.com udp
NL 142.251.36.46:443 i9.ytimg.com tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
NL 142.250.179.142:443 consent.youtube.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
NL 172.217.168.195:443 www.google.co.uk udp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 13.37.20.104.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 104.20.37.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.1.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.130.208:443 images.unsplash.com tcp
US 8.8.8.8:53 181.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 208.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.193.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.2.208:443 images.unsplash.com tcp
US 8.8.8.8:53 181.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 208.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.65.181:443 api.unsplash.com tcp
US 151.101.2.208:443 images.unsplash.com tcp
US 8.8.8.8:53 181.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.1.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.66.208:443 images.unsplash.com tcp
US 8.8.8.8:53 208.66.101.151.in-addr.arpa udp
US 151.101.1.181:443 api.unsplash.com tcp
US 151.101.66.208:443 images.unsplash.com tcp
US 151.101.1.181:443 api.unsplash.com tcp
US 151.101.66.208:443 images.unsplash.com tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.65.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.194.208:443 images.unsplash.com tcp
US 8.8.8.8:53 208.194.101.151.in-addr.arpa udp
US 151.101.65.181:443 api.unsplash.com tcp
US 151.101.194.208:443 images.unsplash.com tcp
US 151.101.65.181:443 api.unsplash.com tcp
US 151.101.194.208:443 images.unsplash.com tcp
US 151.101.65.181:443 api.unsplash.com tcp
US 151.101.194.208:443 images.unsplash.com tcp
US 151.101.65.181:443 api.unsplash.com tcp
US 151.101.194.208:443 images.unsplash.com tcp
US 151.101.65.181:443 api.unsplash.com tcp
US 151.101.194.208:443 images.unsplash.com tcp
US 151.101.65.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.66.208:443 images.unsplash.com tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.193.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.2.208:443 images.unsplash.com tcp
US 151.101.193.181:443 api.unsplash.com tcp
US 151.101.2.208:443 images.unsplash.com tcp
US 151.101.193.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.194.208:443 images.unsplash.com tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.129.181:443 api.unsplash.com tcp
US 8.8.8.8:53 181.129.101.151.in-addr.arpa udp
US 151.101.194.208:443 images.unsplash.com tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.193.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.66.208:443 images.unsplash.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9ebc024cdb324eb41f33c6ec63d1458d
SHA1 f623e96981ee63c1b6879f682c4364fd5c2265e5
SHA256 23b9bd7316816043f42a80784e7f247f3afebd3dbe370fbc702189a6a0dddb1f
SHA512 6971b6430bc01a36c48bc1e41cf8c4bed65a2890837f7778a896072159940ae739d11834176cc7be6cf6fa0f2ea9e6764c30cd23beadcc88c390e5573bbad097

\??\pipe\LOCAL\crashpad_2576_ELJMVERSHWELGEVK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 709c6f4a32b317f6487b598788b6353d
SHA1 50f44d43be9630018f0bd2acb1528df07cd05b7f
SHA256 353aff71e8cf078c88c836e66d86be266ddbe36496a597b9b5a5a87d21eae83b
SHA512 4f33792eb73a792c88e8e2dc8bef7b00a2af7b1b91f4bab0cd5076dd2cb9abbb752eb7e60a4c6204d15f9bca1562915f2468b94e5f01f79279e1e7469055f0a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4032de65-e9fc-4d8d-bd48-4c93a30ccc6b.tmp

MD5 d5564ceec38956ced47203d28ceba212
SHA1 648cdabc5c88e97f2b3787893cfb6c130c19f667
SHA256 063fb59a8e8b06a8f91935273996043125872629bde08a03df062c913523ed71
SHA512 a3c4d9c9d0c5e4d0cbfad7908e975711884e39b3ac9528a21cc6cfbceaaf38f965db09336068fe20937eaabd4eee2e2080907fe52b6aaa55e43235cdee6308dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6415e5e0bf1143688fec9a65e1e4cf34
SHA1 6e7b84add42aec7158d2d275f8543dffdbed1621
SHA256 77839b2167758e693339da6aec025f08e199353197c9df175a4e263eedec749a
SHA512 56ef94aebc766c2a0854acd9810df97a173416096ce15a0fbce4147ae5ca62fcac94046decdb34c82cc3a1d2ff55d49dbf4aa2ab056f9ab0baa657301439f681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4cb8d1a0754463837c9385f79380b0b
SHA1 946cec4c9ea59e1c693ad6ebc1609c3744dd3638
SHA256 add8fad1943932673e53776fbe41816c5b6f5d5e37816a45d1c7dde29f7c7a47
SHA512 deb1d90f0ca23ad9c4096f9674af60c1a36d7cf34f78566524e8792ec03320e83d5fa3725c80dd7a8912f6f4a2ee07302290309b1082f7443aca361f2ee0d579

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 494a861dfe3fb61b7f6e9a8e1f92d179
SHA1 903db9c91a888cdd2a359e921ea2c1a958228aa9
SHA256 46ffd9cec0b1524402f64218ea9584cb751cd61e56eae54ac0ad61c55273c690
SHA512 f97bfb87546ee38f100ef52f6ee6d102d05feb378a940954a1953f5dc301e6ae7a91de2b2176dcac165a61abf867e06e3e31572a378b1abd9ea2768de76e7175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce1956851ac52eced699f366b7bfb7b1
SHA1 790e2a3b77677547931ea2aa2c25ab8d907cbd61
SHA256 591ba0b877b75eea0802944075f0ac7fb5015851f710eb104ed0e7a34034dd3c
SHA512 3326c87dd31a70c0f5f476545bc6f0ed845c3635a02a45fef67230015d69bab7690bf9429810d44a7c336c242a8727f835ce9999204c38b6e9593783121901a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cf330e0e6c393a122aa2f72090e4c049
SHA1 b04e86735085d770d803566e745126a49e21351d
SHA256 881dd2b53c333b7dbc36b1635b3208e49fb25773d35417231e95e5d30c26fd1f
SHA512 40186d83fd5084b744aab0530793caae4a57352a708070ef487c0acbb71e75592d025df73672071972be5a44762b28d2607dda2a984ee5805b9c35cb407fc2b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d51b0541e3467e854c1bf462262e0ff3
SHA1 e55f478d6f75147eadbba1bc82236ef6936f4ef5
SHA256 8ea431d5bbbfff8e3f88c4d3394e70af5d7d9411d196a71532c7053f3437edbd
SHA512 8aaaf24ce3709ce5a444e0713bb32f4a7b1bd6d9234206317ed4f2b3053013a99d70b703927f22e0beeee0f0bc72dac052d07610531a61e8c7a16b6b9f88514e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c635dff2265628e70c8a74aca0e99bb
SHA1 1d4615becac11c60c9a11fb1dba77123f30811ca
SHA256 7bee34876931125bbe009a41b621b209672ffc86d189cbfa377f00aa4fd0a4c6
SHA512 cb66de8ec882cc421bddc1b9ddc9d2eb7ff977ca83caef85eb9c918e4d257e4b4d7d423a161011e70365be5b65cd93156daafa9214f90e63879dcbd7cb35c611

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 b25d101b10f33584a467b0253c7cf6bb
SHA1 171bcc9b7f0c08a201afb56350beabdf2605d00e
SHA256 8156b66b38faad53e26e3165d0ec9aa5d197e782f6b5130d48dbaf8b5069f26e
SHA512 713b07918cb8bcd73a69d485840442ae9426217e9edd438f5e343b3124ded33b79239ce528ca10f74ae0f09d015e30eaaa7562f25a5bdefc07c76f8bc2ce7815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5fb7c2e4249063467d7a37c6d504d4ff
SHA1 61643806b3275e95a5a06c5b319fd066c0bfb1ab
SHA256 6835240da5b5e66878ebcab1c1cc38106ad232746be0ca496b0376bde57df15d
SHA512 96263f8a4813749a0bbdd751a6500f356e9c24400834df09f2cd579e490301c55929f5cace2ba27e627838fbc52ffd6220ecb9115ac3895031f3d4412d0dea94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589f19.TMP

MD5 56fd7d72af1e7b83ee8d6df88f69d66a
SHA1 37582ceefa2d6a4d3471e12d08a89311d5014ad7
SHA256 9fb22ebf778fe2c02f2951248ada1376d08e8e7aeb875e760117bc6c5ee4ef56
SHA512 25cbb3f741429b6b2b337a9cc821d80f05b9b4411bedd6c47ef7464bc6c86861679464b4b8838b9df4a1b71f163b92650d14d37e98bfd42eb2c9c5953dd48be4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a90899ddb207a523d15fea0f071732ed
SHA1 e93a84fa9c655b2d71d92e69e91ad37466eecfa1
SHA256 3a0444f75860bf91af073c3ceb922b18565ab4e4caa2ec7dc21f2a7098dd00af
SHA512 04fad6e61aed49fc0ab13f4599559bbe7c24a051e709ce93ff025b73acc8d7487b4886d7cef2b4960cc19be5d7488d0770d192b1e84a480444558ebc02c60406

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df7e9d83ad184c0569ff2e3287c833ac
SHA1 083b703c5ce264416b053491481c547fbf199fc5
SHA256 0204a5a03c2d37c37efaa5cba54501c40796d22c0fabdb87792146bdd730b0a8
SHA512 ca953cb6ea6bb737c367d378ad55b57cd73da26ad4ca434f901b14ca14de9ed8c77673214c32107835f82270a63c3ce44a57703871999adebbb241d623706d82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b79b952f3b57788811b88435e82cebdb
SHA1 fca4fe7951d8df770fb0d3bd4e5b65225131ad93
SHA256 e1d65f238f03de90d2b75a55c73351ce3cbeaf180cee39dddfa82b70ec006df4
SHA512 aa8da1227b9e7eec4c6fc3c7f927e3994dc3af468f50566ccbb04d7e82f81e999b1193cefd69132516c975ee98ca9f41602f0dc9f0945d9306fe204389a4bace

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 a7ee007fb008c17e73216d0d69e254e8
SHA1 160d970e6a8271b0907c50268146a28b5918c05e
SHA256 414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346
SHA512 669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 a074f116c725add93a8a828fbdbbd56c
SHA1 88ca00a085140baeae0fd3072635afe3f841d88f
SHA256 4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6
SHA512 43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 9f8f80ca4d9435d66dd761fbb0753642
SHA1 5f187d02303fd9044b9e7c74e0c02fe8e6a646b7
SHA256 ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359
SHA512 9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0c63180143ffa24a4441ce079410f2de
SHA1 4bf80c4c6da84d6a130534d8eec3f5e5e7f25afa
SHA256 245cf62b02f5cdf96b4118d8616ecde703ebae437406b0c1e60313f0721c1c37
SHA512 dd3a64142971d20040033f681e7467a119c9cc6eff0650d48bf1a84d6bc322e7695d21349a99229ab1b0208a4b088ea49b965b009a92fc21ac48670f273634be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a2e94f91a8d01ec7efe1793e0f87e466
SHA1 6065c1510c481d72bc145fc65cdcd666fd6876ed
SHA256 3e848ea1d1322051eee0a92e3cc600abba6c96d8655bace42387572b5e9ab7f3
SHA512 5992f501e9f303ba33a27faa225fe337d17a760d290d4a491a9498347db8e57c76c93cc12b29883b8d2a3eed56aa0deab8d628d88881c43f7b0365a162ee32ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3fe035baf562b09a29e4d29bbb22cacc
SHA1 d36dee7734c76ad1b825fa1c140552fe770c362d
SHA256 c5168f1762925b4b244cec98f2595e5a16b5be60b4b61d244f93187edc7e6678
SHA512 44a5c4530f47bf3c60f2d5a4068c29780e2a94d768f1bbaba96b02d03f3daf92ccbe939652cfb187d34718bbc9d97a2ce5854b4d3448925c2b3413d856766b92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2f3cc48145e1c910267f0240f6fa0d6e
SHA1 03ca00436cd0a15590c3befec94d8355975ab9d9
SHA256 62bef1ffc30f4cef46527d374a8bdbdbd41a73c2c2e620c884fc405c51004040
SHA512 98a9e20a8f57c572aeb1baca8c64849907bdd7fe3aafa29db2f55d0ff7b19a2c82920a848677f21d4c5cda2accff3bc6a49f5d8241088b3a9204d27c90467e2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58ed97.TMP

MD5 8667e8bb00a84aa4271d6ddcbdadc641
SHA1 d7e745af76152853c8809206da34d0012ff97254
SHA256 32c7b42460b8203708ac24c8ab3eeb4058bb3eace748f94d46da8d3cdffc8799
SHA512 5d5df171b2e281361bd7d558ed0d6a7695b93e624bfc9833a1b6c718056f6630b9a81299a6ce9524396713427a4f1bd5563bf7cb5b89aacbbbe772449e24c96e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b68692978c75dd8271cfb67ee6cd46b
SHA1 6b7690a03fc21c6c851c5a1efeb43615500cf5f5
SHA256 7041298e37c13b98f1a08d404a34fa8c4d28480ea11c4de9e16ed8d44abe1e5f
SHA512 60e90ecb671ca6fc040d8f35822c65244813ec41919c85bbe6f846b0a2478a94e9c8cbb3541d04612484a824679436722eeeaa4b93304fa7f5d17e3e4263a26f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a931ed52-24ef-475c-baa0-9cf32d464d59\index-dir\the-real-index~RFe590296.TMP

MD5 1a278eeaa99256c623cab4a33e6077f4
SHA1 fdab3ddf2eebe4007391306f734f48bdf6340c44
SHA256 3fa6cf57ec72a209336edf93e1f33259817f8c25b055213f5a576ee492ac8b53
SHA512 90850541d0f8bd534ed76658ab9fbc720ab0d98bd3978211eb89b6d0ca3c693f779d786b6701c7a05b2ec771342efbb2c4ad0f30c97b86c49a31876a52ae8db0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a931ed52-24ef-475c-baa0-9cf32d464d59\index-dir\the-real-index

MD5 6b438e75b03bbd8110269e45111ce296
SHA1 3f613d3e3a7a11053333df78933b62a55a950126
SHA256 b844ddc416d3c23ee8ce748433d922e6e795881f12f6d4bef08756a1e20855e5
SHA512 55f2689e85d9c9266ba4d70806516e00ade829aad3528d8d9bc3779a9778e261bde1d2b0346d33a63325e6255d4273b9be90f7ea85233a3f47c0230b138b774a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 95ac0a6713fa7774f9c8af7dc4cc2ec3
SHA1 161a2180f6a1d913fd854164b1ffd96dad980256
SHA256 b9215cc3a53142765e9cbc64a1dfe12d2e495405eb844768a3bdcb1f7b8213bf
SHA512 e549df09ad417092acaf38a60263717a0491a4e2a9a66a58691cc721720542af9c4a1a52fc791528028fc2925df87656d7753f8a6f7e312be45c258ab0db6c22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\52ac101d-8d24-4c28-9649-41faaaff35ce\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 56a212e4c7404e533acfe51897bdeec3
SHA1 0e52fe5c3f3aa53506d76f68277dafed530b213b
SHA256 9812a351f61013a9a190a6f6c069551927dad02eeeed6195e6d455b8df17a589
SHA512 f5a59ed3d33c1cc863fc12bed10489661202ba1ab21e71a971ab5b02b0b305640ced0266f29e0bbcb77fe35dff94b19dcaac7b56f242b126cc36bcddc50f6fd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 53cadff1dc952af05a13f01e037135a7
SHA1 4a79afa097cdd2db6dcb99a4ebe482ceb1c1ff63
SHA256 9158c7ece263ce1bc7b95548ec11e06521767e1b31950b894dc2f4fa9be70a11
SHA512 a90d6a739cb6a0773c338b40912cefc3ca3cc312c9980101137d23badde9fa70341f7f9be5157e7bad817be410c34fef76fc28858ba8b71f83c7f5ec595afc7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ecfc6141a4be589ca105217ec89d2df
SHA1 d47246d768813e2ee0e52a06900dd10d8fb74452
SHA256 7dc8c48d59f5d0a47937e6fd2afe900879eb6ec19ed65b382c3caa990a40671e
SHA512 c72ab45159717d6b9afbec8f08ca87b3b6e4e53fd4be96faac1eecd2f8220147aa10388471001cfdae23da380c2c7eba35306f62c22df6f67b6e8c0e0d89b8c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 00be450e53be4c6908de198044d0d123
SHA1 8791756b3cc3becb7a8daa77d0df718571256c14
SHA256 95675e664f3a169ccdc99be73c4fe4a1217d8ff21373ba7d6839c3d72f8ad8dd
SHA512 8d758753acc6ed7d26c5d770d55c88aa6fbf4e84bc71ed56b64b0342c17bb02164e26cc7d91049061fbb02c5563fde21c8f0ad3312fc35454524abc980c5f8a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 26d51f80be8b4eba2f2bfd0bf12fd8e1
SHA1 34b25b9da6aa0418b734dfc3ac5303d31bfbb37f
SHA256 a962b42006d54887e66690312ab151780b57640a341e70e3374990d2e96e4a46
SHA512 5b6e3f1a5336bdc3ba4c2793c046c2bcd3a3adddb30c3587dd2ab544ea5e5836df780c3c1ab2c9b2670f1eaba6bf7f619dd646f5b8d58551a48f7f79d2c22c34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 fd1f79856510e1cddd8141f1d82aff4f
SHA1 659aa5c13b63adfb1480856cf8da6acd4fa624f4
SHA256 d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4
SHA512 7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 bdcf1dd416d169d87ad5f73b2fb38bb2
SHA1 f6f595a5d88f84b54533e34be969f3871ed9942f
SHA256 ee2264f45d3d0fc70f89a61c215d0470df5a9c39e47828db7e48c59fca9a50dd
SHA512 335a8b789c5dd06285df135e9e33cbaae0b20b3cda378fd2e92b33a66d7726e4e079f7920055121d2495d102e993e18d9a4430a36860d8cef5cfa100452186fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 594730cc5a615279acc5cfb7c546dbe4
SHA1 08a3e4c2d08cb62aca40a0d942551c912ba715ed
SHA256 59301e3b9937b7d60f1ae913fcb5284126c68294d3616ddfe73875e3f7d1ef60
SHA512 226a7edb2b74169c08fcc9be51526a7e215e2f9fef3895ef683120fbf3e36417b24eb80910bd1fdaf7003e2ed5e3de837a869418fb8ceaad34eca8cbdc1ec27f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 180a346fbcbf2efb4a26869b3d22b17d
SHA1 ce3ceb13dfad8eb22f0c361f29bc26aa325ae260
SHA256 8520b3c5c04524086b89eb13422cff53204a34e32097027b61d59e118521fe62
SHA512 6472b6741cd8dc1d84ba3c3ee25f10ddd485fc550d06bb0ce1fe7630c8f3f7c0fe50ef6a65ca93822ff9e8df0a40e93f1a467dda3e0841b7b72cc18911c4f22d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 dea06ce2044829a0b49ff2e41d67b644
SHA1 eb77cf348815408f1899ce58318447472d280699
SHA256 c1227f52ae87ce78cff4835e455918ac0f8ea7de8038589508957e905a7b2adf
SHA512 7b11c6eb841dba926d60aedd92558699e2d44a49dec5bd7aa5fe9dca68ea8553ba6bb528bd6c31c5fab8ce12e82564398be5a8ba44d12e605d538112b16dbea3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ef5bf9652302ee4c6621c54fc62bbe93
SHA1 4705ccad5bd556fd7d2d8ff0e63649fe641544fa
SHA256 d2328b3ceddfb7519cd3d1293e91f4660d3c845b3f4cccbba64e27dd58360cc9
SHA512 ca81a74b7de5971e73701d291849917c6b4503418b558dafc50dc3768e88d6954e8be0a4cdba157b97c13d5d14240385fa3dbcbef39aee210a5521232366b388

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595700.TMP

MD5 080263809935692f15fe8dce961cf80c
SHA1 ca73a2bf58df707ef039309586726e94043410a7
SHA256 5776708704d16963f28c6919131745efd7133d0909daeb93d8ba130853c68884
SHA512 64c42ac3519162c7b022db99a3f2264e0dd5798ee3bd8cf668d93d527878c3088f4b232cb8441328d7b6288a7f5e35c097812335f5e2daa534a82d753e7b6ed1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 573e7ab2031c1547c3462032be8958d2
SHA1 c82734d992bfbd03eec32807b42f0272eec9a8af
SHA256 5d1bdd8c0561031e173ba3f1a5adea6911428827b6237ccec4d554411ee90779
SHA512 9d2af0c53cf9a5b2936ffbd91dd93be46acb53db3517d3e899ca0e26ae789e99ebeaf2ab0414e412e05b666533a11db39974c4ce473d10b05c0551c0e15fb391

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8f3b1094-2e7c-4f47-b395-84aa28dcf3eb\index-dir\the-real-index~RFe596690.TMP

MD5 984bd8e52658cf3bad07b2cc981fc369
SHA1 30cff552d0b58beeb99aa013bafd809a54a4fd18
SHA256 388aa00fada35df7ce5f7fbd6c63f0deaa471bddcb5a08fd3c7e9c17e21a5ee9
SHA512 041d3932692bcde9d445ffb5a1147b5333c01c4ec0945513161648c90c8eeca40995592c6c3e7096d166eba750aaf3cc290efe9d89c4a77246efc53423b57c77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8f3b1094-2e7c-4f47-b395-84aa28dcf3eb\index-dir\the-real-index

MD5 c083818dd439e36911dc3fe9f608078e
SHA1 76e7432a079148e0a8033db8145b6883d6f2e929
SHA256 48f41199467bcd575d360ab50b79a7627d98864c365f78a9244dd3dc7184642a
SHA512 74879b9b53c478b227413b75c41bfe56cfc62f038f6f7297e7f4c779d2bc0532cdff8a37e854cedb4bc7e1654db7398a527c62639d9a3acf09b6ab95772525ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c709d2b4dddafa2380dd73d82612462a
SHA1 cf58cd042bed562e90635d64ae48998cbe03d1dd
SHA256 96227a426024aef4e2959a4a4bb3a4a162f43dc29d41a7a97dc6d1fe31c7d580
SHA512 340f7183d0149adb7aedb9e6d6f7920c29ee6f28ae212ae360cf581cfb8586e6863e636d3b2a92bfa992bad2f641131056664ba0aced1e2226ea5b4666a1b61e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a931ed52-24ef-475c-baa0-9cf32d464d59\index-dir\temp-index

MD5 ebed29be0d6b5e20d5d70dd102b72ded
SHA1 9fa2508c6030063dcf4e8c9c6be7380a6693bff3
SHA256 291e5774c5c3919c81ff953a03306406f80b54e13349b00dc82b262af2d0e602
SHA512 8f72c4b1325be689d17a328930ef41937a49d93f0712d006efdd6307b7c8606f178be1efd8eb0bc9256162028b4a84db4905dd193b48b8da33ec39a9a1135c36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a108b9e92446957e6d0e6e06aa4c39cd
SHA1 587935b2922fdcc7b7dd0a21396a69b474295581
SHA256 dca2267b0a13086d867661261351d1b0dfa90d54c3f27d457b33d6d94ebc0142
SHA512 e26ca8fd4fe06b35fee51378d301354e1fe2b129992a1b2192661e6c29fffcab3e0c6ca06395bbc8fa928fae73fa832a6c4bbba4b0e13cbde0c325dfafee444b

memory/4444-1253-0x000002C79D770000-0x000002C79D780000-memory.dmp

memory/4444-1256-0x000002C79D7A0000-0x000002C79D7B0000-memory.dmp

memory/4444-1263-0x000002C7A5A80000-0x000002C7A5A81000-memory.dmp

memory/4444-1265-0x000002C7A5B00000-0x000002C7A5B01000-memory.dmp

memory/4444-1267-0x000002C7A5B00000-0x000002C7A5B01000-memory.dmp

memory/4444-1268-0x000002C7A5B90000-0x000002C7A5B91000-memory.dmp

memory/4444-1269-0x000002C7A5B90000-0x000002C7A5B91000-memory.dmp

memory/4444-1270-0x000002C7A5BA0000-0x000002C7A5BA1000-memory.dmp

memory/4444-1271-0x000002C7A5BA0000-0x000002C7A5BA1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ad3630d4264add77717fb6adef3b4241
SHA1 663d1eebdbc6115c9e792e77eba6201421834528
SHA256 6ce3358591cb6399f7506406cd1bc13a0620ca0a0b910970bb1f25ade5aadaad
SHA512 b6894ed54919369e7c0a74d10e626a32b91d9f110e164a54a193da7abfe2c5cac698e2a540ce037914319194751c6008d8c6a2ebdb6fe2606978313017ac5716

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd24e00891e90e9f510c391d8d87bd12
SHA1 68b77e8fec66c0e705da7913a6fdd3bcc2287909
SHA256 a46057d373483360fbc399dae85c057c032559d3f2e199736c4d96ead04de3d8
SHA512 029d95a48541e97594547f939da984d1b56a805c1761c40e61d988862e319eb285254d00f6802a966940d9519430c9f54697c88710bac4c1a34dc83012f006c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4c9d35dec14fc3eff96b5a060b66bd2
SHA1 4d78e758fc4baa40997176189f16dc542b2c7cc9
SHA256 9c60a3baf1199328e8d82b0b0f0b73504c899177070f7084475b460ce7f0cff5
SHA512 80a1fbb23be5a9d589b60b7766d5f2c8686a43cae1a5eebb6578a63d1a978c8a9acec7355820f56d32fb361f45a597559226daafcb5d3a6bd44dfd8ae0144823

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 297b41b4dd339729f97c67d5b583b236
SHA1 bd05cce878c6b322b89f70c2e24154dab230203c
SHA256 c93090a18d60339b081ebb3aff50258382dd46f8305a336143a3cfd0db78e1ee
SHA512 eae26132e6f0ebb1ddbfb92bc9b3dacee7f1930373a65ecab6475059131a67830474ecbc3adb93779618c73aa073c4488e201f0cc0e67767135faa80db980970

C:\Users\Admin\AppData\Local\Temp\_MEI14642\BSOD\bsodgif\frame_39_delay-0.05s.png

MD5 a92ceeda62a4e0e47b8040939fc916d5
SHA1 5b25096d67a8a9100e5f81e3554001cdc34102bd
SHA256 646ab22ba269e0ff5491f9b1482ea1aae961be00a18f7cf5337ea58b53572b50
SHA512 7403833a3422f8e672086a9c877cac2827933e3524f1f906a10e3d59bb71b3773246008d3fa2af9ccaa71e30ee2997981197350deaf4a3bf5bad5b9c78978514

C:\Users\Admin\AppData\Local\Temp\_MEI14642\ucrtbase.dll

MD5 a9f5b06fae677c9eb5be8b37d5fb1cb9
SHA1 5c37b880a1479445dd583f85c58a8790584f595d
SHA256 4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52
SHA512 5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

C:\Users\Admin\AppData\Local\Temp\_MEI14642\python312.dll

MD5 d521654d889666a0bc753320f071ef60
SHA1 5fd9b90c5d0527e53c199f94bad540c1e0985db6
SHA256 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2
SHA512 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

C:\Users\Admin\AppData\Local\Temp\_MEI14642\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI14642\base_library.zip

MD5 43935f81d0c08e8ab1dfe88d65af86d8
SHA1 abb6eae98264ee4209b81996c956a010ecf9159b
SHA256 c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0
SHA512 06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955

C:\Users\Admin\AppData\Local\Temp\_MEI14642\_ctypes.pyd

MD5 fb454c5e74582a805bc5e9f3da8edc7b
SHA1 782c3fa39393112275120eaf62fc6579c36b5cf8
SHA256 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1
SHA512 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

C:\Users\Admin\AppData\Local\Temp\_MEI14642\python3.DLL

MD5 a07661c5fad97379cf6d00332999d22c
SHA1 dca65816a049b3cce5c4354c3819fef54c6299b0
SHA256 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b
SHA512 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

C:\Users\Admin\AppData\Local\Temp\_MEI14642\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI14642\_bz2.pyd

MD5 5bebc32957922fe20e927d5c4637f100
SHA1 a94ea93ee3c3d154f4f90b5c2fe072cc273376b3
SHA256 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62
SHA512 afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

C:\Users\Admin\AppData\Local\Temp\_MEI14642\_lzma.pyd

MD5 195defe58a7549117e06a57029079702
SHA1 3795b02803ca37f399d8883d30c0aa38ad77b5f2
SHA256 7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a
SHA512 c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf

MD5 d3409f48d01162828f15230177332b37
SHA1 e951d22daf162a823bfc4e26f1498e7db6506e46
SHA256 b8cb552feedc7d71fd4d25341d09a6179d3e9a6920a200803d58369ac6a34b6a
SHA512 b1bda52a74245c2877db410964ebcc83f06677ff6f175e82d9bf293a5c1e21c4153db1c12cdc1871a5cd410006337989290753e141f985016705171d3a220866

C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf

MD5 0b6586aa6a73a2358b769fb3233eb0df
SHA1 ef2e934e9451068f4976acadaa343c11a9949da8
SHA256 2e5415107cea1d2fb6974d41a504435a4273d049774dc88770a1be6b2f08d45f
SHA512 04629b7d044688e919d6d027d2fae164ed88899813ff5155b7588682d6b76bfd046ded32c433f4b7b47d27000e690ff0756544c16e89de003ff1f9e7633cf1ad

C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf

MD5 8b254d264309020f0a53bef13f3df546
SHA1 abd67d47ebef90b8a8d6bb6b17265dea3328302f
SHA256 201fa377ea302b93aa346585b9ed18c6bd3e7dcf56dcd43feef8fb0a25570a2b
SHA512 fdd5edfaa435900729124879901e36182281e505973f93b4ab76b75eb0c22f4b6b644b624bad547f6a8c78052fe5c2ef1c6142ce22cab3d26383281fa9dbd1c0

C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-fibers-l1-1-0.dll

MD5 221f63ee94e3ffb567d2342df588bebc
SHA1 4831d769ebe1f44bf4c1245ee319f1452d45f3cd
SHA256 fd7c5503aa81dea1de9baee318e6a53663f7a4634f42e116e83c6a0f36d11143
SHA512 3d36175eaa6dc035f2b26b5638e332408579aa461d663f1cf5a3e9df20e11a7cca982b80c9dcf35ba9a8bc4203ac2f64f5dc043b60a6f16720f4d4ce052096c9

C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 586d46d392348ad2ee25404b9d005a4e
SHA1 4bece51a5daacf3c7dcff0edf34bcb813512027f
SHA256 2859fe2fe069e5f4300dd0106733750b1c8c67ee5d8788c4556b7d21c6da651d
SHA512 daad865dbb4ca7542d5bd50186ffa633a709bfe1cf79d0d98e738760634da49afef1c418357d9482dbe33fe995847e05f653b6e3bba00aa42badce47dd072115

C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-debug-l1-1-0.dll

MD5 28840d7d1ea0a873fb8f91c3e93d6108
SHA1 0856b3ceb5e300510b9791b031fffceaa78ee929
SHA256 d3fad206a52d9b1dd954c37a45e63e691ebc7bfe8af27a87553203fb445224ce
SHA512 93596ec710bd738fcbddf4db0f102f537355bbbaea347d2314d62064d5110cf1deb3ecb6d1e0922f019351acfe2d1c694684d0e62e22c004d5a20a6cae5c7fe3

C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-datetime-l1-1-0.dll

MD5 adf9263b966cea234762c0782aba6e78
SHA1 e97047edecf92a0b654f7a25efd5484f13ded88f
SHA256 10cd6bf518350f93ab4643f701efdac851cdd7a26a0d8bcabfbb2bd273e1f529
SHA512 56c09d786f4ba401d4827da4148d96b140f28f647a03ac6ab94f64de9be4c75ecb8b583efad28aa0c51356978caa96f0cb9d56cc4883ff42c1ee7f736e481c52

C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-console-l1-1-0.dll

MD5 a58f3fbbbbb1ecb4260d626b07be2cda
SHA1 aed4398a71905952064fc5da1191f57846bbd2d6
SHA256 89dd6fbea61edb8f1c934b7e5e822b4ce9bea939ff585c83c197e06a1fd8311a
SHA512 7fd371818932384b014d219bb318fb86c1787f3a58a3f08e904b7bbe3486f7ad6bc3776b335c178658c87efd663b913a14fb16d1e52198801659e132fa830d07

C:\Users\Admin\AppData\Local\Temp\_MEI14642\ahk.exe

MD5 ac51a71e06fb8b7e2a8be659387203e5
SHA1 3cf8a1c2730b725f445010cae3d561704ff7f002
SHA256 5ea670d23777834e3558c073f19e5abcb1d21f63b088af73216006accf7280a5
SHA512 4954e8355680aea55275f3467f5ef433da7cbd1a100f493334e9c4891a054d3fc98182d177c1367408bb7cb6d31b62b0171f77464b62b92888c03dfddffe9f4a

C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf

MD5 11f7cd8ffb17b45fc349629ddc616c23
SHA1 e3c0f315d61d66c353267348391605caaeffd20b
SHA256 dca877835bec9a8f28d805a57311866821aef2d7a872181ba23a822572e14fb8
SHA512 8ce3ed80a2ad62c14eb8fa7760936a43eca73e30f3926edd42198f779b16fcd4c638e85f9dd8c83a83d6dd17fbbd078bf8cecd5c913b317d2bc83aceadf5b26f

C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf

MD5 35b04774ee5a3267807228d3c5768eb0
SHA1 20da3b9480602b5e75b0b4f946505059f28c16ea
SHA256 3d9ee2bd39d1826b0200d6e752363abe19344dc219ee41f5d9c1de29e80a2875
SHA512 bf0138af2b9a97ffffb60617de9051ac868edca7fbe79cd6c6581654e865e6f203c7d61fdb4778fb32a224d67f84cf01fdf6bb826388caf596cdf1ba4e28beea

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 f3b300079862aff353b412d490bf5abc
SHA1 b61ad13daa7d39a02aa1329788ece0737390a45d
SHA256 c052cb74d9b0ce37efba9c018b5bcf74c51cfbdcaf990ae53cb9772ea318945a
SHA512 d6e02701ec0990fd9a4b0e82ce69048a35ac114e7515ed2ed6a445ec9f8ad9f98287491e087a269b3e973fb55da360e2df1a516a9fa850c68cfcfaadacb2fbb6

memory/5524-2667-0x0000000000D80000-0x0000000001169000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP

MD5 5c9fb63e5ba2c15c3755ebbef52cabd2
SHA1 79ce7b10a602140b89eafdec4f944accd92e3660
SHA256 54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7
SHA512 262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

memory/5524-3337-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 199e6e6533c509fb9c02a6971bd8abda
SHA1 b95e5ef6c4c5a15781e1046c9a86d7035f1df26d
SHA256 4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8
SHA512 34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

memory/5012-3360-0x00007FFBE5470000-0x00007FFBE549A000-memory.dmp

memory/5524-3368-0x0000000010000000-0x0000000010051000-memory.dmp

memory/5524-3367-0x0000000000D80000-0x0000000001169000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1f4fa4b5a0d25058593c336f88940094
SHA1 c4d1efbc607e8ba49a3d35182f50ab178233ce15
SHA256 0b6c736b1d730e6e7fb130ace350e071c1763db5ee1331a9ac810b9d520bb6ee
SHA512 aa81d3df3c324b4ca47f1c2e73033a2f7c6665e7314e8ecb596dfdfeca55724caec8ceb0560606679c13e3c281f741b0cca0f99b32a93954400fb21cd4e4f583

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e7ff9ac335dc3322e8acb7dcfbb5138
SHA1 bc67546dbf6616f72536086599b39370ec40f4da
SHA256 2045b9a55c9a14bfb63cb58efe00780540ba8fd33855473d0d8c50154b2805c7
SHA512 4578081937798e57ec9e3772e7259ca6eb34f9adb23529ea5a1674623383ed86743b06ee9cda404cd1c763c73750ab6feb3c870d8f84d4bfde5d6bd0b92a8415

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d03c2a1ab3ac044a55dd94fd7e86cf16
SHA1 5b00cb5c33dc586d8426ad6347a4822405f66f55
SHA256 5beb40ecd126b3bc7ebdcceb8d67a367e597902e52de841d03eef543f04ff6b7
SHA512 483c0a372173210992f948e7cd4ebc42c14481e5aa2305d7f816556b2c1671f807ebc90e62a79ecf387f3bb47b716d976d2d6afea32ba823d3f5da663d56371b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6aa953a7d87d8f296a2f51e04ac9e2b7
SHA1 a0a6b47656136f34683a9a363e34e85c22fbf874
SHA256 2c8cca1ac2eda860365e4f045b2f87c87c81ec50ffb7efec2d2756ed8b02b8d5
SHA512 58ae26452c74710e88bf4b691ba6df1495a93f5cbcffc9d59676133f4e6282f89448b7e5ba70557aae654b67979f41745efb001765bf5a23ac940a03925e02d4

C:\Users\Admin\AppData\Local\Temp\_MEI31122\BSOD\bsod1.png

MD5 91da2c53725c459519b05a3b7a199855
SHA1 4123e3f1837bfab170ac6f52214973f9b99b13e5
SHA256 77acae6db220f6386d66cb2e9027a6f1b762216933666fa42357637d05f94096
SHA512 7545e5c3f578e7a02333966a75056cf3ed545a40a093961b9ea011c7d2c897414034968ab7c324c5a504429d0e33864f6950f2dfcf2b4fd8f522f722b3db62d5

C:\Users\Admin\AppData\Local\Temp\_MEI31122\cryptography-43.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI31122\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\GooseModdingAPI\bin\Release\GooseModdingAPI.dll

MD5 6f6c8f80d6c36739147b38016bd4b469
SHA1 bf0f81a00ccc595242620b15ade2a0661424d9e3
SHA256 fba607ccfd47e2b6ba04d449f1de10e3b66ba35b7d0e96f71e7c61d0c10486f4
SHA512 1b3d6da8eedc140f3836c60eadc5251870d01db99e72d33ec0b2a585e2e4b2f7e643e2a12ad42f8e6d8704e8af67ca1df728acdbe18c614a1b8f6746d0c3fbc6

C:\Users\Admin\AppData\Local\Temp\_MEI31122\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\GooseModdingAPI\bin\Release\GooseModdingAPI.pdb

MD5 5e0ccb3bd78be9cd539fef6e4005e47a
SHA1 9a28756dffdef59d36bf42cb9cc8e02e454026d2
SHA256 4e4eb668831c91756eb030045d118ebd069fda0b0e0065ee2467c4c1c382cdd8
SHA512 4c58e1d9d77c42500c3d91314257f563a6b3af627ae0d5ec257b38a8b8008b47ad10b8b3a0661bc72a12bdaf549a33453a971802542f5c719fc979fa9f6c1372

memory/4596-4702-0x0000000000E10000-0x00000000011F9000-memory.dmp

memory/5292-4747-0x0000000000620000-0x0000000000A09000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG1.BMP

MD5 3adf5e8387c828f62f12d2dd59349d63
SHA1 bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a
SHA256 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0
SHA512 e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG1.PNG

MD5 66f6065f9f54487aa740e0dcaa2951b4
SHA1 6ee958852ac17dd5e7ad2614f697e61dd72c2d80
SHA256 2264bcdf6498620779f0c4b8fe23da78c7f7773d9649e0d8efd38e6df0cca232
SHA512 4694bea262f6c516d51581a1c652163d9fdafbdfb7540b12b8a972cf2faa612dcf849c56b9b74d4247324e78f9ca5561205fc3ba1542c3104c1fa0986e3c5731

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG3.BMP

MD5 f5d6a81635291e408332cc01c565068f
SHA1 72fa5c8111e95cc7c5e97a09d1376f0619be111b
SHA256 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26
SHA512 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG2.BMP

MD5 f35117734829b05cfceaa7e39b2b61fb
SHA1 342ae5f530dce669fedaca053bd15b47e755adc2
SHA256 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3
SHA512 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.dat

MD5 1ce84d00958cf602fe5212df2ee8f16b
SHA1 d2eeb31ce966b6068f7f77dca886339577fd59fb
SHA256 1b753d82577e885c1ca5643b2947295fa67c18c6bf812b811f1a729bfcbb085f
SHA512 9a7d13b72788238b3c57ede48eb164a0e1210809a6d7b9c318cd13846a59a90566f4608f09241a494f8e4415916af02ecd6bfa3fc214b5b86613930585bcf7f9

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\MenuOperaText1DK.html

MD5 560b9252575c317363bd4e95b297f7f8
SHA1 a6c7fb21b29395ab63c38ce0c7f7e0e92ad95ff4
SHA256 e2d05208ca70dc3339b25003f28aa72181de0ce59462bbf73875aedf21fda59a
SHA512 804fe0d8b6d308dae976f96d897358541047bc05f119d23fc8f9c8da76318b865c908a54f7daabf923b295023ad249eb19d7bc492c835324e0097a4c610a1ebf

memory/4596-5930-0x0000000010000000-0x0000000010051000-memory.dmp

memory/5292-6050-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\check_latest_tl.txt

MD5 be27a7da181fe2e0f9daaae4c93dc291
SHA1 79bbf661f01c7d11916343bd98f0ec594a4c2434
SHA256 ccdb663ffa26bada8c166707005ebe784ca0beb9297de2f183f662950ac8d31d
SHA512 caced540aa47296317a88ac0c1a0932bfd3eced56ed653ba74e9c2b5bc0c02b20b3fb79f814a2ecfbc85f65c592ce1c0bec4495b2928b2ddbbd41300b083062e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\Menu1Text1EN.html

MD5 ac4725ad14a44844c24f77b201c05077
SHA1 26ac7d670b1cfb432bcd9337814a850b68c2509d
SHA256 93ec6593dc0e29027b5a7aaae44f469103d4809f2dd8c31bef9e4ecbbba4910a
SHA512 cbda2778b058a0abdc67e306d50ac4ed5221e6292d9b1f0a7c18c8f056683572788e4fa02e1f43d5303df2294c654bbeab37a620ad7f2908d76de478caf1a35b

memory/812-6092-0x00007FFBD58D0000-0x00007FFBD58FA000-memory.dmp

memory/4596-6094-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4596-6093-0x0000000000E10000-0x00000000011F9000-memory.dmp

memory/5292-6095-0x0000000000620000-0x0000000000A09000-memory.dmp

memory/5292-6096-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4052-6111-0x0000000000340000-0x000000000037E000-memory.dmp

memory/4052-6112-0x0000000004C20000-0x0000000004CB2000-memory.dmp

memory/4052-6157-0x0000000005270000-0x0000000005814000-memory.dmp

C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

MD5 b3a2c15833ed3013c1c8f09a3090613b
SHA1 89ad338ef38db8fceda43ef113abfc7ee3e748c4
SHA256 1e6364e1a33cce9395071c75f7d8df3759dc475baa6f677422f29c9bcf3e6869
SHA512 a14189f7236cda4574771269ab1e9da5c100eb5bc59c3dc77a77b5d85b97755f45bf9e28451183128f22aa01a70d63e2e1a54810b22dd57a5c639c9854de8342

memory/4052-6161-0x0000000004CD0000-0x0000000004CDA000-memory.dmp

memory/4052-6162-0x0000000005840000-0x000000000584A000-memory.dmp

memory/4052-6163-0x0000000006BE0000-0x0000000006BF0000-memory.dmp

memory/4052-6166-0x0000000006BE0000-0x0000000006BF0000-memory.dmp

memory/4052-6165-0x0000000006BE0000-0x0000000006BF0000-memory.dmp

memory/4052-6164-0x0000000006BE0000-0x0000000006BF0000-memory.dmp

memory/4052-6167-0x0000000006BE0000-0x0000000006BF0000-memory.dmp

memory/4052-6168-0x0000000006BE0000-0x0000000006BF0000-memory.dmp

memory/4052-6169-0x0000000006BE0000-0x0000000006BF0000-memory.dmp

C:\Users\Admin\AppData\Roaming\error.exe

MD5 415c03867cad0b216f84de46ae0573b6
SHA1 a3d468bd535670f49e9f21111acd221dcc270b0a
SHA256 e5677511a4cccf1d7bb03b6e1e86e7c7058604e2694979fe8a181597ceb747cd
SHA512 1cdb46e13cda2776144a3db764e7be116a27745baa927b22cb9d2bb5f63e39f28e18a64e8dfffaae7739a4a10de92404dbc7510097be07ea7f8742e215fd89e9

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1EALJNKU\microsoft.windows[1].xml

MD5 e9474f76e56e4f8298ed32d85776ddc0
SHA1 85b5c1919bb4fe74dc30b4dd0911d1994dd0974f
SHA256 b62242af1adf03ea40e4dff979f8b28430afebd75f7bf0e04a54745a47972c61
SHA512 7b1b354c53b204e1ac9b9fba462dd2474cedf64607be42d5865ca2dca611b9b2224ed84ff696978d1ac35adccb2f2199111dffcf54cd4189dc5b989678b55ab6

memory/4876-6455-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

MD5 55c38db4b199f52bd5fe466746852a6c
SHA1 e683a9fffd0f16cd4d4e1f32089ec3ac5fce2e96
SHA256 d98ca9de107c1f0c55d62a48d2af195269d3bf2a164595e2e33d57b4ff975a2b
SHA512 cf9b94213acfd49ce28973573717cc77d25b00eb22bba452d63466043776cab0e1b3ad4f6f851a0a5b53aadeb45c15a86decf90f6465c872e43440d8f79e03e7

memory/6132-6511-0x0000000000400000-0x000000000048D000-memory.dmp

memory/4876-6521-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133678819400008876.txt

MD5 5d228ae0b35f5de0dcf5b303764cab64
SHA1 9cab9a55bea2f371f87d25b11175668aba20022b
SHA256 f473464a9f9527a3679ba28dfb5457d5fbb60a088b34a865cd2f975a27904402
SHA512 8a46ee92cb503b72b2c6bcf1ebab78b72c4d2b8fd5e11d52e37c04d3b12c0b09a88d3b607aaf4b3f1bf1440a67df3d9aaf65ac3ea1fde4656603507b83db689b

memory/6132-6576-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

MD5 f5522cc26bb08791f61d59be01a7f18e
SHA1 e7969816336ca25a45175b420ec91e87688da079
SHA256 6c9f6a11b583d2bd75da3aa5d9384291f7a480e25013da678b20d5502ab9753c
SHA512 472097c26e31e0a4b313c50c47c04bb77abe3ce80cfcd6b8dc43aae3a0bd61f17e2376d0c018411d71497c7fbea7ed2b333a9f6f2594b55e9a0c49f8efb74d43

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-string-l1-1-0.dll

MD5 f6afbc523b86f27b93074bc04668d3f2
SHA1 6311708ab0f04cb82accc6c06ae6735a2c691c1d
SHA256 71c0c7c163d1a3d35e74f8d7299eb38ef7268af1fa276e9a3966761212c570f0
SHA512 9ab0c2d025525fe047e27769c3b2be7526ad0d0cbe76eb1e3a84dc2cff60ab3c4a218388892f600f7b3b003909ae133b0e7da19c9ba96b624fa8f5123c3a97cf

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-environment-l1-1-0.dll

MD5 e9d4a1374a200a6e195e3c5ab42e6bbd
SHA1 c0c79309a6ab14592b91087bec0cc519979e5ebf
SHA256 612df2aaf3435c2be575581d1b2deddcef33f1b53179acff3e4ac24a0fcd3d50
SHA512 1de9d70036eb5211184b3b40f671608cf75b539f6fd36b812facdd9722927eb8e5c4c579db6a360003d06cc139f2ddbda8d19de17cb3a36fcfb53e462a9d7b27

C:\Users\Admin\AppData\Local\Temp\_MEI35802\unicodedata.pyd

MD5 cc8142bedafdfaa50b26c6d07755c7a6
SHA1 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe
SHA256 bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268
SHA512 c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

memory/3592-6852-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35802\select.pyd

MD5 d0cc9fc9a0650ba00bd206720223493b
SHA1 295bc204e489572b74cc11801ed8590f808e1618
SHA256 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019
SHA512 d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

memory/6092-6859-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35802\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-utility-l1-1-0.dll

MD5 9f15a5d2f28cca5f4c2b51451fa2db7c
SHA1 cef982e7cb6b31787c462d21578c3c750d1f3edb
SHA256 33af8b4a4f1f9a76d5d59fdf634bb469ca9a830133a293a5eef1236b27e37e63
SHA512 7668d42fd8cce5daa7e0c8c276edd3bda0d4ee1c5450fa8d46cf7600f40b2f56e024f98157a86e9843d0b7d33cb281ebdca3a25275e08981f5d9cbaad1cfe371

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-time-l1-1-0.dll

MD5 a1002f4a501f4a8de33d63f561a9fbc6
SHA1 e1217b42c831ce595609cfde857cd1b6727c966d
SHA256 fe94985959fe310cafa1eb3e32f28001ef03afefd32497d0c099eb9393bf6f4b
SHA512 123a5ebca5d8a1292f238bab3bd8cc12ab3157672a904361a72f5f7177f4ce0dd4708fdfda34f2ed0b4973ad7d92bc69b85651687a4604def4bf7bdca5d49b17

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-string-l1-1-0.dll

MD5 06f29e2e2ebc8e3d8d0110a48aa7b289
SHA1 b9047a9aa94d25f331e85aa343729a7f3ff23773
SHA256 6c24d050afc07bc5d2ba5eb07840345569b52e97442bcc7c4413fccedc11e6c4
SHA512 9de0b3f3ab2c0ed61920d99e3a931bbc08015d848907bf4cd5cb2c81017de4d23f2f8977a3a7895b92208ae7e5753ab8c4b00c00e375da005b432b5534ea7838

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-stdio-l1-1-0.dll

MD5 374349666a3b260411281ab95c5405a2
SHA1 42a9a8f5d1933ec140bd89aa6c42c894285f14d1
SHA256 2a6f53be6e8b8fabbf8fcc2ac1224f70628f4ab35e0b36612a6728df7685d56a
SHA512 5c4a79503f83eb8e12a38605c1ab2cf6332f7ef845dc7ac5c34dc71cb86e903dc002c91a7142a56433fff97ff21ec926c9cc0be92a31ecffe2a7c5e042d6fc4a

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-runtime-l1-1-0.dll

MD5 6edcd747d5beb5d5b0550b9e8c84e3a3
SHA1 8b8baf8f112ac0a64ee79091b02a412d19497e69
SHA256 d5b5c4ee347678e60af236c5e6fd6b47ad5786e080d14fdb11af0aa5740e7760
SHA512 1bc72f7b6b13374dab05f8914dc96f194bfa86cad4549a3fca1dd79485cfdbe1d45053f197e2bdd280b8787edcbd96c4c74dffdf044c99520148d153bb0a438e

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-process-l1-1-0.dll

MD5 98bf2202e52b98a742f24724bb534166
SHA1 60a24df76b24aa6946bb16ead9575c7828d264b0
SHA256 fe005d1a7908e36d4fd6cb2711de251462c9bebf99e4060687df11bd0bbedc8a
SHA512 d346eaf8a966720e47099293d91f2856c816acb7e5f952e6700e007ba176147218798648a4a3e1b928e7a46622ef3603aa4d909113fb02d5551c40ed0e243441

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-math-l1-1-0.dll

MD5 e07a207d5d3cc852aa6d60325b68ed03
SHA1 64ba9a5c2ca4b6af03e369a7c2a2b3c79cac6c51
SHA256 b8fdf7893ff152a08fbc4d3f962905da3161b0b9fe71393ab68c56199277e322
SHA512 0dbafab60618ec0c815ae91994490c55878c904af625ba6931fe0ea80eb229c98e367623e472e3b4c0e27e0af6feeb4d2cdacd4c426e1a99a1291b41cc52f666

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-locale-l1-1-0.dll

MD5 c74e10b82c8e652efdec8e4d6ad6deaa
SHA1 bad903bb9f9ecfda83f0db58d4b281ea458a06bd
SHA256 d42b2d466a81e8e64d8132fad0f4df61d33875449ead8d4f76732b04f74bbce6
SHA512 5cc4b0d7e862fd32e8374501d1b8798e369b19dc483cdb568915b48a956e4f0a79b1d2c59322394128a330fea7c939161a7af1787b4dc5f250e74f8df8805f6e

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-heap-l1-1-0.dll

MD5 5d3da2f634470ab215345829c1518456
SHA1 fec712a88415e68925f63257d3a20ab496c2aac0
SHA256 d2ed53111a652fde26c08504803f76301fce2fba04f33a7f250b5b2569e4f240
SHA512 16079ce0bcc9816297f23c95573bd52da08b29b90da4855b4315b3fa98947b1b35ffd30760064144f3f5647c27e0c1bd3aba623d17364fff45c9b2fa598a2ba8

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 10a42548fcf16732d354a6ed24f53ec5
SHA1 b6b28307c0cc79e0abef15ed25758947c1ccab85
SHA256 ca3e5b21f83d87a958ba7934c5e4d8e7939b2e9013fe2deaeba1f9088b4277bb
SHA512 ecebb5973ecf8f34115985ae24061c29a9d943592389a4e8f215df7408c770a1f7c6c8927d30403d5c43814a4b64ac622ec018be02532f88dbbca6d6208266ab

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-conio-l1-1-0.dll

MD5 eeafb70f56cc0052435c2268021588e9
SHA1 89c89278c2ac4846ac7b8bd4177965e6f8f3a750
SHA256 b529fed3875c6f4eecf2d9c012bc0e27cb2d124c2dd1da155f8337b4cb002030
SHA512 ce211b79f4d0dc942dbe1544d7e26e8e6f2c116dce6bc678aede9cb2104771758c0bd670e1eca2d5a9a6728346d093f44459e9791317b215c6ff73e47d1203f8

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-convert-l1-1-0.dll

MD5 17680cd553168e9126ca9d7437caecc7
SHA1 8acafcb5f01d3b01a7c48a3b91bdeeb8bf1cf841
SHA256 6438c683e376583f6368c582ce3caab274cf3f7d7320e7f6cda427ba338847ca
SHA512 146ae3230c213ffab4b2c7805374ccb5f53155266ba9213d8f22e073deef0bd733b9488c2091c3db037c1d1dfaa4bbfb90e2afd041a447603c25690681239ae3

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-util-l1-1-0.dll

MD5 0793ca01735f1d6a40dd6767e06dbb67
SHA1 6abea799a4a6e94d5a68fab51e79734751e940c5
SHA256 cdf7915f619a728fb64c257bfaa8257ee2353bf3c0b88214d5624931a1ac247b
SHA512 33f703cea3b6cef3fcbd973812635129ef204c2b1590ffe027dbd55ba35cbd481cf769de16634bd02acbdbd59e6af52cad0964d4d36327606c1948f38048703f

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-timezone-l1-1-0.dll

MD5 566232dabd645dcd37961d7ec8fde687
SHA1 88a7a8c777709ae4b6d47bed6678d0192eb3bc3f
SHA256 1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96
SHA512 e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 c1919eacf044d5c47cc2c83d3d9c9cd9
SHA1 0a80158c5999ea9f1c4ca11988456634d7491fcc
SHA256 9b82643497092524e0aed6cfbaf7467849cde82292313bbd745c61ed2fd32ea8
SHA512 ad2ccabbdc769cbeb3c0b4d8d647647c8f43d3c3f3c85ab638ce00665379f9a0f5bfc24fe25184003d180143c29da0c36c6d2c7ffeae68a81c27b90f69336cbe

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-synch-l1-2-0.dll

MD5 5da5938e0d3a9024f42d55e1fd4c0cd7
SHA1 7e83fec64b4c4a96cfcae26ced9a48d4447f12b7
SHA256 0ea1cf78c0be94554ff7cd17a9c863c951c1e1eaa54191d7f2b0e043697c8d00
SHA512 9a302c664bfddf509c0489af24a238b15612802c7d6dccbbfb57b39691b80af79ed35cab31e84424a34e0de32179054277ca09a0457b90c72af195f8328c82dd

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-synch-l1-1-0.dll

MD5 445571331c2fc8a153952a6980c1950a
SHA1 bea310d6243f2b25f2de8d8d69abaeb117cf2b82
SHA256 1dda55027f7d215442e11c88a82c95f312673b7e7454569e5c969c1c24047915
SHA512 853797dd50d0ad6018e7e7d11aefbca61653baa8c60b22fdd34133fce6bf6f02ed0c747457c2783e699e8e7097f14429286904267c13521ee9cb255d3ea79806

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 650c005113599fb8b0b2e0d357756ac7
SHA1 56791db00766dc400df477dcb4bd59c6fa509de6
SHA256 5f16a1131c8f00ebbe3c4b108bd772071a2d9b4ca01b669b8aeb3ffb43dabcda
SHA512 4bc54ad70b75f550e623311dc48ea0fd8ff71207f64127379fcd48027ee2458d27a2aaa454637b4f09d713cc9e1f2cc09bb6cd55b0c6b7ed25e52cb46827fff2

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-profile-l1-1-0.dll

MD5 82e58246846b6daf6ad4e4b208d322d4
SHA1 80f3b8460ab80d9abe54886417a6bc53fd9289fa
SHA256 f6eb755c146d0a0ebf59d24fb9e1e87dc0220b31b33c6acbc8bebaf31493c785
SHA512 e1a032846c6110758fbc8eb84dbd3d228e83b3200bf5820c67d9740f6f8c7e926e4c89b92e8d34721d84fd597ab64455fd3029138e35f22329af23f599afdadf

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-processthreads-l1-1-1.dll

MD5 e26a5e364a76bf00feaab920c535adbb
SHA1 411eaf1ca1d8f1aebcd816d93933561c927f2754
SHA256 b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15
SHA512 333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-processthreads-l1-1-0.dll

MD5 eaa2228507c1fbde1698256c01cd97b7
SHA1 c98936c79b769cf03e2163624b195c152324c88a
SHA256 4297033ef8061c797127f0382df24f69264dca5c14d4f5b6cd2bcca33e26c1f5
SHA512 8319949a1e1acca312dbe99dfd9eedd1b5e4a13946a6ff829d6792d72f0a3a618ce10140954c035a5390a5a6e3b8ae2f23513629007cd3b7a88d5fb6fd81d763

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 8b0fe1a0ea86820020d2662873425bc4
SHA1 3c2292c34a2b53b29f62cc57838e087e98498012
SHA256 070d8827798ee2aa4c2dc70d7faef8ef680eca4c46ecc2dad3ce16380cab1f82
SHA512 0c29c8fae6c5a8de2f0047cbe66e0b2ae7c30cbeced6df1ea2e472ba123bf9e542d9e6cd8eb06b4f0cbe2e343b7929cf25bce1e79937076bf1d0480d91d2c9b4

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-memory-l1-1-0.dll

MD5 3abf2eb0c597131b05ee5b8550a13079
SHA1 5197da49b5e975675d1b954febb3738d6141f0c8
SHA256 ff611cc2cb492c84748fa148eda80dec0cb23fc3b71828475ecea29597c26cd8
SHA512 656213a8785fe937c38c58f0f01f693dc10dff1192b232f00fb18aa32c05c76a95566a9148462ea39b39f1740a7fee1c9ac9a90c6810f38512b3103d18c89b72

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 83a0b483d37ed23c6e67896d91cea3f0
SHA1 6b5045ed8717c5b9f50e6a23643357c8c024abdb
SHA256 d7511eb9191a63eb293af941667aa2318fa6da79f06119b280e0b11e6b6b1d25
SHA512 dab0203fc26c0249b7a8882d41365d82690d908db359c3a6880f41a1c4eebde51ae084bd123864c32d8574cb0a22cfbc94bcd8e33b51f37f49575e2b9de93807

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-localization-l1-2-0.dll

MD5 f1d0595773886d101e684e772118d1ef
SHA1 290276053a75cbeb794441965284b18311ab355d
SHA256 040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a
SHA512 db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 0ccdef1404dbe551cd48604ff4252055
SHA1 38a8d492356dc2b1f1376bdeacab82d266a9d658
SHA256 4863006b0c2aa2a39dff2050b64fbbe448b3e28a239e9e58a9a6d32f5f5a3549
SHA512 0846489a418d2480e65f7bef4a564fe68fe554f4a603a6f372ddd03eed7ee6299649b61172a7a9ca9a9500a924c2642493cce1040fcd6601d5862c248c902e9e

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-interlocked-l1-1-0.dll

MD5 f8203547595aa86bfe2cf85e579de087
SHA1 ca31fc30201196931595ac90f87c53e736f64acf
SHA256 e2d698823ba78b85d221744f38d3f9e8acccd0eedbb62c13e7d0dff4a04bd2b1
SHA512 d0818ee6b1a775793305828ba59c6c0f721d3fe2fcaca5bbfe047f25a500243ab4486c368302636e1c3934becc88c8178606a29871fe019d68b932ad1be3ee1b

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-heap-l1-1-0.dll

MD5 aa20afdb5cbf1041d355a4234c2c1d45
SHA1 811f508bd33e89bbd13e37623b6e2e9e88fdcd7c
SHA256 ef6657aac4aa97a57e034fd5baf4490706128ffafce7c285dc8736b1f7ee4d09
SHA512 06740552875ff2df234ec76f45cce3c66b7d5280a3d1b90874799780ff534437e5dffacf9e40bfddc301507d833235e25eab8119ac80d2587a43a80d4f0068b8

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-handle-l1-1-0.dll

MD5 c79ccd7c5b752b1289980b0be29804c4
SHA1 2054a8f9ebf739adfcfc23534759ae52901c189f
SHA256 8e910589f3f9a27ed6ce1d4f2d579b4ef99cfa80c0bf6f59b48ba6556e1578a0
SHA512 92de7aec7f91f6f4f7cc3dd575b11ea0f4fe516682ba2d05d605380a785597bc953b575cf0ff722980f0849a65d8c4a14c7717eeed8631a7aac0cb626d050e75

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-file-l2-1-0.dll

MD5 cdfc83e189bda0ac9eab447671754e87
SHA1 cf597ee626366738d0ea1a1d8be245f26abbea72
SHA256 f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007
SHA512 659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-file-l1-2-0.dll

MD5 852904535068e569e2b157f3bca0c08f
SHA1 c79b4d109178f4ab8c19ab549286eee4edf6eddb
SHA256 202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225
SHA512 3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-file-l1-1-0.dll

MD5 6ee268f365dc48d407c337d1c7924b0c
SHA1 3eb808e972ae127c5cfcd787c473526a0caee699
SHA256 eb50cc53863c5a1c0b2fe805d9ecefef3f2dbd0e749a6cc142f89406f4ffdb10
SHA512 914da19994d7c9b1b02adb118d0b9cb2fdd5433ee448b15e21445ecfc30941045246b7c389a2d9c59fb6487bb00426579b054c946e52982516d09b095279c4d9

C:\Users\Admin\AppData\Local\Temp\_MEI35802\_socket.pyd

MD5 dd8ff2a3946b8e77264e3f0011d27704
SHA1 a2d84cfc4d6410b80eea4b25e8efc08498f78990
SHA256 b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085
SHA512 958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

C:\Users\Admin\AppData\Local\Temp\_MEI35802\_hashlib.pyd

MD5 da02cefd8151ecb83f697e3bd5280775
SHA1 1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7
SHA256 fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354
SHA512 a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

C:\Users\Admin\AppData\Local\Temp\_MEI35802\_decimal.pyd

MD5 492c0c36d8ed1b6ca2117869a09214da
SHA1 b741cae3e2c9954e726890292fa35034509ef0f6
SHA256 b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1
SHA512 b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\c9209e64523c892.automaticDestinations-ms

MD5 e5fdb5b987fa17defaa971bcc74a936c
SHA1 f9a9ea5148436ab31cb60179c7adaa43dfe56bd5
SHA256 ef42ae72e3c9435f3d1b16c5e7c56f26f79935da18b2d079992543b8e13346c3
SHA512 34979d6984d3d12477c80bc66dbf1fab4fa67d6e0ab58caf314362eb5eb7dfb386e15fe6f97d1b40162047411776ee23ad0b6ad8992c7479b1dca01f465c8155

memory/6092-7188-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 c94345b532c6d728b80ddaff1721ec41
SHA1 13aedfadd50966921453588ef2ae994c9ae8986a
SHA256 2d0b14d111f4fe24c66b283b768d86e63367fefd4d4b36966d9cf63424a608ad
SHA512 294d48b99778cbe58b8778efa51c60efddfbf9e6e932ff183a0c4c258f909c444da5eca9e4556e01bac92503c36a40c767675cd4abd156154a85a75651e16d2f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 51bf327da106a884ecd29d76410db7e4
SHA1 3f0acefccb06752de12e0177990da6721a1cdee0
SHA256 7e3411b432d884eaf8539d8b0edcbfc530dd28a5640745da80aaf5db49eae5fb
SHA512 a60f0360dd8c0d05c2cee40bef463269587636441c53abda62de81eae3a2ad7d2831f7ef8408c4b659d5b88640107c4a49ce6d4529a52011c008ad9316c4ba51

memory/900-7381-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Windows\System32\drivers\etc\hosts

MD5 d62dbea82a3b61b280e9af18ff7a3e2b
SHA1 fabea61665d61e9d099e463e5a5f9fcb069af2bf
SHA256 dbaf01f64a24a2080a7ed8c37a50eb9b312c0c6410cfa636862da5d9c682c468
SHA512 fc162182e1e560906e011385a2dede3a043a4d80b3cc50bc149dd7dedbdfe08bf83e2c178e1a73dbc9263bcc76f6887716a27a4598d5577dfa24554b3a25f363

memory/2176-7386-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

MD5 855b63ba0e250be935f2341a3d63f12e
SHA1 712fc7799ea32baab02a54e30576b2a6c1d0995f
SHA256 c46737af12e2efbb38c123045d539e3eee9263b9187324ea6038a53bf5d3ecef
SHA512 8816429935f1284924cfd7c56626a410ba640ec9061d5fe21930ab6cb10027187fe8a2b4bf1f15068f331ec2b575b7a7973dbe5a9d345a67d7cc5e7e3eae29a2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 bb0bb9b3ebbbc4d63a5ffd9d8a245661
SHA1 457c3c7bde241d76f7f94a652cb1a40a830fff2e
SHA256 5818075560e63cdc584654e0fa7ecaeceb297365b030405f76bc49496962e0e1
SHA512 93c4a28964758d06cd200c1cdf4c1b3c0e8a2d206488328d9b12091c90bf15c629a1f15158e0e5efdc79772745ce6f18c878283f454efaf8c73a3c46089d82d4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 c2f55794ff90794fa9eb20779a53dd17
SHA1 978a52b6519560693fa011dad3a6a8f5ce41eec9
SHA256 8af0ad7996e8ba96c929cd8a931269a750cd011e76c53afad980ee7a54c696d6
SHA512 2691a869985e125fb5896978b99480c56128107834403ff917758bb50ae8f089933123aa5a417b1bb880532f74ae91bad5e4f015cc1d65bfb14f818febfde88a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\0.0.filtertrie.intermediate.txt

MD5 50e7d02833284f297d811b7ac67321a4
SHA1 736b3499c0b741b5ddba704a7585c1ceb88c3ad6
SHA256 e08aea69c30f4229a267be8cce98fd90d9df4641a2a5d87863a16f380894004d
SHA512 c2d8cad60fe740e092b4177b1a35e0b27f69f13419c770d100d6dae5d626ea02697e3eec1bc109216075dd9d52c8e32e056ce0ff3cb2b51720c14c7986caee40

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\Apps.index

MD5 e9fd45a7fb0c9ad90b90893f016e2513
SHA1 b6c99706552bcc0d3186d6cf1d36c48a0784cb29
SHA256 17131cd04f3cafdbeab1a6a6f5c99e3678e6e1ad8677dedf686d818ccfe8b1a1
SHA512 b11d4bb69920a14484d5dd10827a085fe9860853a4e786a4c5f76239a9b9771288f40f12d652c4c1fa2122fe5e6bddf81ca8658eba0d47e6a1d0aee0f034f13c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\Apps.ft

MD5 e495e5db8b4f4a0429ff300cb8cce356
SHA1 ebc725500af9f17d6a8f9775ee2dcd5e200fe88b
SHA256 d67f709639950c7a5b4aa0d2155b1d90799117740dc0f93f3df0ab00a4185243
SHA512 9a983b7ee5d82ea4de28b8691d2ad6bf658b639e13d67d3014eac36e0287ad8f9f23f648ef938e1f60fad6e8eb3101d1fc924b449ca15dde9de5bb0a7ec51dc8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\0.2.filtertrie.intermediate.txt

MD5 c204e9faaf8565ad333828beff2d786e
SHA1 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256 d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512 e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\0.1.filtertrie.intermediate.txt

MD5 34bd1dfb9f72cf4f86e6df6da0a9e49a
SHA1 5f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA256 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512 e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

memory/2988-7733-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5220-7735-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 7f1f766029bd5dc1e89cb281e210fd14
SHA1 f5c01c369b9e7d44aa5ed586458040414fcfe173
SHA256 c0459103a18d20386f0cb764da7e2e42c3284871672cbbdbf22300ed3d38f5a2
SHA512 d5594da776470f6eadd9a54de03d668b37b3ddc110b08a22735b86326596d44f44d4781740c3b95b3a0c7e466e4ec90823ca165b3c16fd909687349ede07901c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

MD5 d6cdc83f8864f7006398900cdfef57dd
SHA1 036b7b2029fef57e1f0c5bcb3b5527bf51754d34
SHA256 f0d228d0e385f8eb63dc881b3033e8030d4d151ad046ad45be86cd1785dfa3d2
SHA512 668fdcfc132866f9d759bdc8fb8ea603f050406c221171f2988123a2badce58f0085474ba8cf2f6efdbb055800726a9948a41fde67cde3d98128a64088c686af

memory/3136-7869-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5348-7871-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 a83f5277633f5f4edca9ca364f0255ec
SHA1 2fbdbb74d2ef2b51f754c224666bf3cfea1dee4a
SHA256 37eca59abedb8bd69fa84fd7ddc133b751b8dcbddab00f6586f6b0db665d81d2
SHA512 bc0694b6554451f0934cd159af141787bc0e29ef6a38610195c29f6d8b10bcba19213e03666e399a9855477fd645e070fba379240ae2a352e6370768e2856320

memory/1364-7971-0x0000000000400000-0x000000000048D000-memory.dmp

memory/2244-7973-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6796-8127-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5200-8125-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5092-8232-0x0000000000400000-0x000000000048D000-memory.dmp

memory/4812-8231-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

MD5 9303990119f60a5e257033595419b8bc
SHA1 aaaece21c669caf07ca2e82cc1af548f410175e8
SHA256 45e94c4e529acdf390469dd35fbbf52d750c70e6d57b4176c0168a73929ba089
SHA512 788f0ec1f8b5e850b6ba7355e1e63ade38784da01dfd1f394d1a32aaf17a3038bd95fffb8fc57d8115fe42c4b028931fc0942bd7f3c330d23cc9a05a65fa4ed9

memory/6380-8339-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6224-8341-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI38082\BSOD\bsodgif\frame_05_delay-0.05s.png

MD5 599ea2cf88c9bdc512bf69b16442f883
SHA1 9f5f5060275653b3e037f9960ecaaecaf37fde88
SHA256 3253bfefda6605db8f7fdb1cdf1044eac1202c92c33bba983160d0be498db049
SHA512 9f9fe7522489ab9961ffd2600646dbcf99b844053656e453d5af8ea30d77a7edd40d8e2e3049fa319c818d8de78cf820464df5f65dc942c91b98cff0e5e630b7

C:\Users\Admin\AppData\Local\Temp\_MEI38082\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\DefaultMod\bin\Release\DefaultMod.pdb

MD5 ea84a9650bc71ee622841e827e4b39e2
SHA1 7298af7d1a0742349b68f78d7a5b4dcd41d1b647
SHA256 4c97839956c209c0f2a734e26a7a2d23235befeb938384545fd85f691084de7f
SHA512 532ed6194c95fb36de8e385289464e11c034d0c41e0354629563ad69a41ee034c27e54f4de96985189e8e65b0dda6cd6f8a8cbc8374bc55f895cd7693207491b

C:\Users\Admin\AppData\Local\Temp\_MEI38082\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\DefaultMod\bin\Release\DefaultMod.dll

MD5 d9d3634150a96a3d15961599979db1a8
SHA1 ba4773062cac856ab60e35c29fb655dc82af9144
SHA256 feb32e09081e223ddaf453321abaebc12c3f18d533a393326142deec7c31394e
SHA512 a086f46c1c2743cd13b59c492c23b8b15972070c3555f50fbbfbf5eb40d187cbc179f473939b615cd32672fb6c6d952d5b11400e7172770f2d968347df39b29a

C:\Users\Admin\AppData\Local\Temp\_MEI38082\tcl\encoding\euc-cn.enc

MD5 c5aa0d11439e0f7682dae39445f5dab4
SHA1 73a6d55b894e89a7d4cb1cd3ccff82665c303d5c
SHA256 1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00
SHA512 eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

memory/9044-9622-0x0000000000400000-0x000000000048D000-memory.dmp

memory/8180-9621-0x0000000000400000-0x000000000048D000-memory.dmp

memory/2176-9623-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5216-9820-0x0000000000400000-0x000000000048D000-memory.dmp

memory/8440-9880-0x0000000000400000-0x000000000048D000-memory.dmp

memory/7388-10062-0x0000000000400000-0x000000000048D000-memory.dmp

memory/4000-10061-0x0000000000400000-0x000000000048D000-memory.dmp

memory/7148-10142-0x0000000000400000-0x000000000048D000-memory.dmp

memory/8396-10140-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\Desktop\workfolderssvc.dll

MD5 0c47396732a10a530f63d159c4f1e5cb
SHA1 2e9f38676ac29b7268a4b0278a6a411b4d9c27ff
SHA256 23614dbdc243375115880cf26b2a018e2dd006fb4f31b6ba65fb192aef0076c5
SHA512 d4f11f35a7c2408f91b9d8ee3d6dc64842bee324e32982cc88690894a04178577e4baa41b58e73437af26e900f8108e618fc83f79a7bebdb62c0eaee029f65c6

memory/6300-10290-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6540-10362-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 36f20e80cde0b7765debe72eaf646588
SHA1 32a31f0c5ed0eb0f8239cbce7956066424f1ad00
SHA256 9bfc5a5b568d531c1419ec7e83223ea2bca65f11d742db9cdb077c7af216f515
SHA512 d1bb66f80bf287cb4e102d2c3e12ea3e72c554b0206afd065b81d312a7a7a3abefe92944b40cab248575088a41bcc480c55d01f8d6fc41308fe9b76b07b018d9

C:\Users\Admin\Desktop\SyncHostps.dll

MD5 6a335e2fde5c60156ea2759fea471341
SHA1 e90b1fd29f68fccb831463f5418274934ad45f30
SHA256 b74e1ff06f91975379cc777fad383bf6822520043d0d096346a72ee148b3bf7f
SHA512 65c3cb4d2fd86a8f37751b52f7deb2f0607e49a042e8b591b39985ce33665df6dbd2b96023b693d44df3b9be7717519f8db2d22f765becd9f6205f0c14af1784

memory/7072-10497-0x0000000000400000-0x000000000048D000-memory.dmp

memory/8992-10604-0x0000000000400000-0x000000000048D000-memory.dmp

memory/3572-10607-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\Desktop\wpnprv.dll

MD5 909bf64a700fe12a2588b657d269407a
SHA1 90ea654f71b01da192085974d92e2146c0875770
SHA256 131d870e68cbdc5e6c4be5bd1ed7292966e4bf52a21d40c1a22233b075ce7cb9
SHA512 9b23c6baf13a7770e657114dde746dea3bbce615f362e360f64804a0d1fafb43a386d7bb9b68bda4939744af790d46d74a7044043d0bb045a43a7068d056398b

C:\Users\Admin\Desktop\WMALFXGFXDSP.dll

MD5 eb81b8555574b58288c44d4845244c11
SHA1 7366fc319413887f095f397e9fd86a7fcf96789c
SHA256 7907356a2c960c39984cd9f9ff9391d2467d64586ae697e7677da730cf06a82e
SHA512 66e9fedea3f763fed871e63e3527775a27134f4bf0c07d69e041f106ea8c5aecb181d953ccb3398fd72d5e8c047c0502d933ea7e39fa54fd35169b155f397f9d

C:\Users\Admin\Desktop\DesktopView.Internal.Broker.dll

MD5 696532c8b4c28f86a18f177d03791ac6
SHA1 6f6275c3521ed70d78bc059efdc39917e923336c
SHA256 7911d1c617eb14f321778af9bdb729aee288a9d29ba194e74152645b34f8bb80
SHA512 0c5deb0743a99421f7391b9816ed1f13678b4f56d36a320933d438500283ef63ef873fa2b8ffbf2f3f11dad07b65b740ef2f708d83139e2a0fecf2b18f576015

memory/9348-10774-0x0000000000400000-0x000000000048D000-memory.dmp

memory/9672-10770-0x0000000000400000-0x000000000048D000-memory.dmp

memory/10004-10905-0x0000000000400000-0x000000000048D000-memory.dmp

memory/9416-10903-0x0000000000400000-0x000000000048D000-memory.dmp

memory/7224-10979-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6528-10977-0x0000000000400000-0x000000000048D000-memory.dmp

memory/4056-11171-0x0000000000400000-0x000000000048D000-memory.dmp

memory/8528-11173-0x0000000000400000-0x000000000048D000-memory.dmp

memory/10456-11354-0x0000000000400000-0x000000000048D000-memory.dmp

memory/10604-11370-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\Desktop\Windows.Internal.Feedback.Analog.ProxyStub.dll

MD5 2e96d52e9274ffe9eb909b5d242bc1a8
SHA1 e40531e7bab78272c93458f508db19422261945f
SHA256 e40912e33aa4f4e721aeb62719218be878a3e930f2f3064403c3a4c7186feba7
SHA512 ead3554d9965b1deedb2d51ca5afda0cf5689a9ef507d51ae2701b563d323e6adca4c9bfc2988abdb40bbf538f8dacd655aef63c4db8819c9990be14d0838261

memory/10360-11609-0x0000000000400000-0x000000000048D000-memory.dmp

memory/10284-11619-0x0000000000400000-0x000000000048D000-memory.dmp

memory/10772-11614-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5288-11800-0x0000000000400000-0x000000000048D000-memory.dmp

memory/9704-11798-0x0000000000400000-0x000000000048D000-memory.dmp

memory/11368-11802-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\Desktop\qasf.dll

MD5 4f0d92c3b377ea4df95790ff5b1d2e46
SHA1 450ec1400b2425e00d97a45586f611b75f4d7a72
SHA256 636cdb1cbf9571841fe24788c9122b6f614fb3370648c92e0bf522254a98e09d
SHA512 23d1a206f33fe2bf4e90162b18a346e726fb1fcca5b168baae492b38d5ecb85081aab6738a9384c72c22655bedc0c386e01c0bb7bbdb715bae6f6b9b84960923

C:\Users\Admin\Desktop\Faultrep.dll

MD5 bf84af01fb429cab2fc546a9d7e22aa4
SHA1 70a5a1b272295b51059fd226c42a8042bbebbc66
SHA256 a235e2c39268936e530622662d4ad89fde76fe9ef48108723ae94b7f62c458b6
SHA512 4b3e215020543dd156753cf790733693ed07ae05500e621f007b5591bb5cb82132c118fcb3879d9cd4a88ff9e95ad8b8727402cd386e8518864f1e08dff5dc9f